benjamincharity
5/20/2016 - 4:20 PM
window.opener vulnerability: https://news.ycombinator.com/item?id=11631292
window.opener vulnerability: https://news.ycombinator.com/item?id=11631292
- Open a website, let's say google.com
- Open a console and type in
window.open("http://xkcd.com") - Disable your popup blocker and do it again.
- Open a console in the new xkcd window and type in
window.opener.location = "https://news.ycombinator.com"