Blank vulnerability

 

This is not going to be a tutorial like the others I've done,

 

 

Here I won't teach you how to code a new application nor which is the best software to cook a pie.

Today I'll write about security:

 

 

A little Preface:

 

 

I have had lots of friends and colleagues that were never worried about protecting and guarantee the security of their computers and data.

 

 

From the otherside, I've had friends that used to have installed two, three or even more software like antivirus, ad blocker, and tools to maintain their files safe with the only result to have software in conflict one another and a slower computer than ever.

 

 

The experiment:

 

 

Last week my boss showed me a post written by Ben Halpern a New York City developer, founder of The Practical Developer, that really made me think about how much time I spend looking for the non plus ultra software that transform my mechanic friend into a shield and then find out how easy it's to break into websites, even the most popular and well developed.

 

 

One of the firsts html tag to learn is the tag.

 

 

It, through some parameters, allows you to browse internet pages.

 

 

As you already understood this is a really important tag and the proliferation of the internet and websites is even due to its logic.

 

 

As a developer you can choose to open a page in a new tab, in the same frame or in a parent frame. The parameter in charge to do that is the "target".

 

 

     

        Click here to the next page

     

 

 

This command opens the linked document in a new window or tab, but only a few people (and I was one of them until a couple of days ago) knows that thepage, we're linking to gain partial access to the linking page via the window. opener object.

 

 

This simply means that the new opened tab can change the location of the window. opener object (I'll explain you what is that in a JavaScript lesson) to some phishing page and execute some JavaScipt on the opener-page.

 

 

How dangerous 

 

 

Imagine to click on links, pictures or whatever and be redirected to some other page that contain the actual content.

 

 

Now image that in the second page there is a JavaScript code that connects to the previous page (the one that contain the link) and change it in some other page like a fake Facebook login page in which the hacker can steal your data.

 

 

It is as easy assaying, just need to add this to the code of the second page

 

 

     window.opener.location = 'https://fake-facebook-page.com/phishing.php';

 

 

 

 

 

How to fix it

 

 

It is almost unbelievable how popular is this tag and how easy is to create problem with that, 

 

 

But is also easy to fix infact to put the website in secure the only code to add is the:

 

 

 

rel="noopener noreferrer"

or 

var newWnd = window.open();

newWnd.opener = null;

 

 

if we set up the link directly with JavaScript instead of using html.

 

 

 

 

 

Little surprise

 

 

If you think this will never happen to you, I suggest to come back to the Facebook page in which you clicked and discover the surprise I made for you.

 

 

(If you didn't arrive from my Facebook post here is the link to try).