XSS with <a> tag with target="_blank`

You can use window.opener to exploit this (fiddle):

<a target="_blank" href="javascript:alert(window.opener.document.cookie);">test</a>

Or if you can escape the attribute value context, you can start a new script tag or a new attribute like onMouseEnter.

Tags:

Xss

Web Application

Recent Posts