benjamincharity
5/20/2016 - 4:20 PM

window.opener vulnerability: https://news.ycombinator.com/item?id=11631292

window.opener vulnerability: https://news.ycombinator.com/item?id=11631292

  • Open a website, let's say google.com
  • Open a console and type in window.open("http://xkcd.com")
  • Disable your popup blocker and do it again.
  • Open a console in the new xkcd window and type in window.opener.location = "https://news.ycombinator.com"