This is what we use when we introduce external links into our websites
<a href="" target="_blank"></a>
Copy the codeEveryone likes target=”_blank” because opening a new page does not affect the original page, but there is a security issue. The page opened by target=”_blank” can be accessed by window.opener.
window.opener.location = "http://..."
Copy the codeTimes can simply navigate to other websites, which has a lot of security risks, such as phishing problems are also very simple to solve, add rel=”noreferrer noopener” attribute in the link can be
<a href="" target="_blank" rel="noreferrer noopener"></a>
Copy the codeI have checked several platforms that can publish articles in CSDN, such as Nuggets, Sifu, Zhihu and CSDN. As a result, CSDN is the only one with this problem. CSDN is always a bit late, but a technical website always looks so unprofessional. Just like when databases stored passwords in plain text
Utilization of CSDN vulnerability
fishing
This is the first thing that comes to mind, if someone mocks a login page, posts an article, inserts a link with a bug, and when the reader is done, comes back and sees a login page
Readers may be surprised, but I believe that many people will fall into this trap
After entering the password, the login phishing site only need to return to the original page, because the existence of the Cookie as if you really logged in, the password has been unknowingly leaked
SAO operation automatic attention
Here we have to make fun of CSDN again. The API for following the user is not only simple, but also can do get and post requests, which gives us a lot of room for manipulation
We just use window.opener. Location to navigate to the attention API and then go back, and the readers will pay attention unconsciously
A short code example
window.opener.location = "https://my.csdn.net/index.php/follow/do_follow?..." setTimeout(()=>{ window.opener.location = "https://blog.csdn.net/Dogfights/article/details/..." }, 1000).Copy the code