Reverse Tabnabbing

Reverse Tabnabbing can lead to a phishing attack that replaces the content of the original browser window, e.g. your application, with a potentially dangerous content (e.g. a phishing site mimicking your application log in form) when a new browser window is open with a target="_blank" link.

If your application allows user to publish any URL links the attacker may publish a public link to his website (e.g. homepage) and if this link will be rendered by your application with target=”_blank” attribute (so it will open in a new tab) the attacker’s website may automatically change in the background the content of the original tab with your application to some other website, e.g. looking just as your application’s log in form but actually collecting/intercepting this data.

When the user will enter a valid combination of user/password the redirect will open your original application but the credentials will be stolen.

Any links with:

target="_blank"

should be replaced with:

target="_blank" rel="noopener noreferrer"

so that the new tab is not capable of modifying the content of the original tab.

ScanRepear reports specific URL locations of pages with at least one link present with a target attribute but without both "noopener” and “noreferrer" options.