• Home
  • About
  • Project
  • Blog
  • Contact

Get in Touch

If you have any questions or need information, please feel free to contact me. Your feedback is highly valued, and I eagerly anticipate hearing from you.

Created by Robert Quintero

Say Hello🤚
Home
About
Project
Blog
Contact
Sitemap
RSS
  1. Home
  2. Project
  3. Open Redirect and Reverse Tabnabing PoC

Open Redirect and Reverse Tabnabing PoC

Cybersecurity
Nginxdebian

This security assessment of robertquintero.me identified Open Redirect and Reverse Tabnabbing vulnerabilities, both confirmed as high-risk threats. These flaws allow attackers to manipulate user navigation, enabling phishing attacks and potential session hijacking. Immediate remediation is advised, including URL validation, rel="noopener noreferrer" attributes, and enforcing security headers to mitigate risks.

6 months ago
2 mins read
Robert Quintero
SecureAccess
securitysolutions
SelfHosted
penetrationtesting
networksecurity
Open Redirect and Reverse Tabnabing PoC
Open Redirect and Reverse Tabnabing PoC

Introduction

The assessment found Open Redirect and Reverse Tabnabbing vulnerabilities on target.robertquintero.me, posing high-risk threats. These flaws enable phishing and session hijacking. Immediate fixes like URL validation and security headers are recommended.

Assessment Date: February 25, 2025
Target: https://target.robertquintero.me/
Pentester: Robert Quintero

Objective

The goal of this penetration test was to identify security vulnerabilities related to Open Redirect and Reverse Tabnabbing and assess their impact on user security.

Executive Summary

Findings Overview

The target website is vulnerable to Open Redirect and Reverse Tabnabbing, which allow attackers to manipulate user navigation and hijack sessions. Immediate remediation is recommended to prevent phishing, session theft, and user deception.

Technical Details

Open Redirect Exploitation

Vulnerability: Open Redirect
Affected URL: https://target.robertquintero.me/

Steps to Reproduce:

  • Navigate to the login page and modify the redirect parameter:
  • https://robertquintero.me/login?redirect=https://attacker-site.com
  • The user is redirected to an attacker-controlled site without validation.

Impact:

  • Can be used for phishing attacks.
  • Leads to session hijacking by redirecting users to malicious pages.

Reverse Tabnabbing

Vulnerability: Reverse Tabnabbing
Affected Elements: External links opening in new tabs.

Steps to Exploit:

The user clicks on an external link (without rel="noopener" protection), opening a new tab.

In the attacker's new tab, execute the following JavaScript:

window.opener.location = "https://phishing-site.com";

The original tab is hijacked and redirected to a phishing page.

Impact:

  • Allows attackers to replace the original site with a fake login page.
  • High potential for credential theft.

Recommendations & Mitigation

Open Redirect Mitigation

  • Implement URL validation: Only allow redirects to trusted domains.
  • Use a whitelist approach for redirect parameters.
  • Display a confirmation page before redirecting users.

Reverse Tabnabbing Mitigation

  • Add rel="noopener noreferrer" to all <a target="_blank"> links.
  • Enforce Content Security Policy (CSP) to prevent malicious redirections.

Proof of Concept (PoC) Evidence

✅ Phase 1: Extracts the target URL from the query string.
✅ Phase 2: Opens the target site in a new tab.
✅ Phase 3: Waits to reduce suspicion.
✅ Phase 4: Redirects the new tab to an intermediate phishing page.
✅ Phase 5: Hijacks the original tab to redirect users to a phishing page.

Target: robertquintero.me
PoC: https://or-rt.robertquintero.me/poc.html?target=https://target.robertquintero.me/

Conclusion

This penetration test has identified critical security flaws that could lead to phishing attacks and unauthorized access. Immediate mitigation steps should be taken to prevent exploitation by attackers.

Severity Level: High

Next Steps:

✅ Fix the identified vulnerabilities.
✅ Implement security headers (CSP, Referrer-Policy).
✅ Conduct further security assessments to uncover additional risks.

Related ProjectsView All
OpenVAS: Setting Up Your First Vulnerability Scan

OpenVAS: Setting Up Your First Vulnerability Scan

Cybersecurity
ProxmoxUbuntuOpenVasCloudflare Zero TrustKali-Linux

Discover the power of OpenVAS, a free and open-source vulnerability scanner that helps you identify security weaknesses in your network and applications. This blog post provides a comprehensive guide to getting started with OpenVAS, from installation and configuration to running your first scan and interpreting the results

8 months ago
4 mins read
Nmap Scans and Network Traffic Analysis for Cybersecurity

Nmap Scans and Network Traffic Analysis for Cybersecurity

Networking
Cybersecurity
NmapWireshark

This guide explores practical techniques for using Nmap to perform network scans, analyzing scan traffic with Wireshark, and leveraging Dumpcap for efficient data capture—ideal for cybersecurity professionals seeking actionable insights.

10 months ago
5 mins read
Setting Up Wazuh SIEM for Threat Detection in a Home Lab

Setting Up Wazuh SIEM for Threat Detection in a Home Lab

Cybersecurity
VMwareUbuntuWindowsdebian

I deployed a Wazuh SIEM environment on VMware Workstation using Ubuntu 24.04 Server, focusing on centralized log analysis, threat detection, and monitoring. By integrating both Linux and Windows systems, I explored features like file integrity monitoring, event log analysis, and real-time alerting to gain practical experience in cybersecurity operations.

10 months ago
4 mins read