Reverse Tabnabbing

Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist
6 Views
Rx iT World Hacking Tutorial

Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. As the user was originally on the correct page they are less likely to notice that it has been changed to a phishing site, especially if the site looks the same as the target. If the user authenticates to this new page then their credentials (or other sensitive data) are sent to the phishing site rather than the legitimate one.

As well as the target site being able to overwrite the target page, any http link can be spoofed to overwrite the target page if the user is on an unsecured network, for example a public wifi hotspot. The attack is possible even if the target site is only available via https as the attacker only needs to spoof the http site that is being linked to.

The attack is typically possible when the source site uses a target instruction in a html link to specify a target loading location that do not replace the current location and then let the current window/tab available and does not include any of the preventative measures detailed below.

The attack is also possible for link opened via the window.open javascript function.

You Might Also Like This :

  1. Setup nginx_apache reverse proxy With the nginx_apache reverse proxy, static files are served by Nginx and PHP files are processed by Apache, thus overall performance is improved. And yes, the setup is fully compatible with .htaccess files. In general, the schema is: A new connection arrives and Nginx handles it. If it is for a static file (not a […]...
  2. Clickjacking and UI Redress Attack Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing […]...
  3. Cross-Frame Scripting (XFS) iAttack Cross-Frame Scripting (XFS) is an attack that combines malicious JavaScript with an iframe that loads a legitimate page in an effort to steal data from an unsuspecting user. This attack is usually only successful when combined with social engineering. An example would consist of an attacker convincing the user to navigate to a web page […]...
  4. Content spoofing, Content Injection Content spoofing, also referred to as content injection, “arbitrary text injection” or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value, that is […]...
  5. Cross User Defacement Attacks An attacker can make a single request to a vulnerable server that will cause the server to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the server. This can be accomplished by convincing the […]...
  6. Cross-Site History Manipulation (XSHM) Cross-Site History Manipulation (XSHM) is a SOP (Same Origin Policy) security breach. SOP is the most important security concept of modern browsers. SOP means that web pages from different origins by design cannot communicate with each other. Cross-Site History Manipulation breach is based on the fact that client-side browser history object is not properly partitioned on a per-site basis. Manipulating […]...
  7. Direct Dynamic Code Evaluation Eval Injection This attack consists of a script that does not properly validate user inputs in the page parameter. A remote user can supply a specially crafted URL to pass arbitrary code to an eval() statement, which results in code execution. Note 1: This attack will execute the code with the same permission like the target web […]...
  8. DOM Based XSS Attack DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page […]...
  9. Reverse Flip Test – Uses, Indications, Procedure, Technique Reverse flip test is a manual test to diagnose for PLID, slip disc, disc herniation in lumbar spine while raising the leg, the foot is held in a plantar-flexed position; this will lessen the pain. But if the patient is complaining of an increase in pain, it can suggest malingering. Sciatica is a common complaint […]...
  10. Reverse Segond Fractures Reverse Segond fracture is one of the avulsion fractures of the lateral aspect of the proximal tibia just below the level of the tibial plateau in the knee joint associated with anterior cruciate ligament tibial avulsion fracture and anteromedial tibial rim fracture which is due to bowing stress, abnormal valgus, knock-knee stress, higher velocity injuries, and external […]...
  11. Reverse Bennett Fracture Dislocation A reverse Bennett fracture-dislocation is a fracture-dislocation, injury, sub relaxation of the base of the 5th metacarpal bone. It is pathologically and radiographically analogous or opposite to the Bennett fracture of the thumb. It is quite an unstable type of fracture due to unopposed extensor carpi ulnaris pull on the fracture fragment, which causes migration and subluxation […]...
  12. Reverse Hill-Sachs Defect, McLaughlin Mesion Reverse Hill-Sachs defect, also called a McLaughlin lesion, is defined as an impaction, impression fracture of the anteromedial aspect of the humeral head and causes posterior dislocation of the humerus.  In an anteromedial aspect of the humeral head fracture and dislocation posteriorly where normal Hill-such fracture posterolateral compression fracture with anterior shoulder dislocation. A Hill-Sachs lesion is a typical […]...
  13. Embedding Null Code The Embedding NULL Bytes/characters technique exploits applications that don’t properly handle postfix NULL terminators. This technique can be used to perform other attacks such as directory browsing, path traversal, SQL injection, execution of arbitrary code, and others. It can be found in lots of vulnerable applications and there are lots of exploits available to abuse […]...
  14. Cross-Site Scripting (XSS) Attacks Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to […]...
  15. Cache Poisoning The impact of a maliciously constructed response can be magnified if it is cached either by a web cache used by multiple users or even the browser cache of a single user. If a response is cached in a shared web cache, such as those commonly found in proxy servers, then all users of that […]...

To Get Daily Health Newsletter

We don’t spam! Read our privacy policy for more info.

Terms and Conditions of Use
Privacy Policy
Cookie Policy
Editorial Policy
Advertising Policy
EU User Consent Policy
Correction Policy
Citation Policy
Ethics and Logical Policies
About Us
Contact Us
Newsletter
Career
Sitemap
Advertise with us
Editorial Board Members
Review Board Member
Team RxHarun
Web Developers Team
Guest Posts and Sponsored Posts
Request for Board Member
Women Writers
Download Mobile Apps
Follow us on Social Media
© 2012 - 2025; All rights reserved by authors. Powered by Mediarx International LTD, a subsidiary company of Rx Foundation.
RxHarun
Logo