Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3)

Disclosed: 2017-05-09 19:11:56 By edoverflow To gitlab

Medium

Vulnerability Details

Dear GitLab bug bounty team, # Summary --- Gitlab.com is vulnerable to reverse tabnabbing in AsciiDoc files. # Why does this vulnerability exist? --- In AsciiDoc the following `http://example.com[Reverse Tabnabbing^]` is equivalent to `<a href="http://example.com" target="_blank">Reverse Tabnabbing</a>`. # How can this exploited? --- Same scenario as https://hackerone.com/reports/211065. ;) Best regards, Ed

Actions

View on HackerOne

Report Stats

Report ID: 213114
State: Closed
Substate: resolved
Upvotes: 5

Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3)

Vulnerability Details

Actions

Report Stats

Share this report