This article is a part of our Web Security Knowledge Base (back to index)
Why Reverse Tabnabbing can be dangerous
Reverse Tabnabbing can lead to a phishing attack that replaces the content of the original browser window, e.g. your application, with a potentially dangerous content (e.g. a phishing site mimicking your application log in form) when a new browser window is open with a target="_blank" link.
If your application allows user to publish any URL links the attacker may publish a public link to his website (e.g. homepage) and if this link will be rendered by your application with target=”_blank” attribute (so it will open in a new tab) the attacker’s website may automatically change in the background the content of the original tab with your application to some other website, e.g. looking just as your application’s log in form but actually collecting/intercepting this data.
When the user will enter a valid combination of user/password the redirect will open your original application but the credentials will be stolen.
How to fix Reverse Tabnabbing
Any links with:
should be replaced with:
target="_blank" rel="noopener noreferrer"
so that the new tab is not capable of modifying the content of the original tab.
How does ScanRepeat report Reverse Tabnabbing
ScanRepear reports specific URL locations of pages with at least one link present with a target attribute but without both "noopener” and “noreferrer" options.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now