hrefargument of an
<atag with the attribute
window.opener. If the page doesn't have
target="_blank"it also doesn't have
rel="noopener"it might be also vulnerable.
window.opener.location = https://attacker.com/victim.htmlto a web controlled by the attacker that looks like the original one, so it can imitate the login form of the original website and ask for credentials to the user.
python3 -m http.serverThen, access
http://127.0.0.1:8000/vulnerable.html, click on the link and note how the original website URL changes.
opener.closed: Returns a boolean value indicating whether a window has been closed or not.
opener.frames: Returns all iframe elements in the current window.
opener.length: Returns the number of iframe elements in the current window.
opener.opener: Returns a reference to the window that created the window.
opener.parent: Returns the parent window of the current window.
opener.self: Returns the current window.
opener.top: Returns the topmost browser window.