Hacking a Website with just a backlink

Hacking a Website with just a backlink

Go and Fix it Quickly :P

·

2 min read

Let's say you have added a backlink to a great website for whatever reason. But for some reason, they closed the shop and that domain was available for sale OR somehow a hacker got control of that domain.

The screenshot of expired domains shows that there are many domains with millions of backlinks to them. If a hacker gets hold of some domain which has a backlink from a legitimate site, and Boom !!

Their users are vulnerable to this kind of hack. Even a simple email ID theft can also cause larger damages.

image.png

Really !! How?

This is interesting. When a page is opened via a backlink provided it has the context of parent page via window.opener property.

That malicious website can do anything like

  1. Accessing the cookies window.opener.document.cookie will get access to all the cookies
  2. Manipulating the DOM
  3. Replace it completely with a similar page and do Phishing !! window.opener.location = www.something-similar.com

The Options are endless.

Ugh !! How to fix it?

To prevent it from happening, when adding a backlink you should also add rel='noopener'

<a href="external-site.com" target="_blank" rel="noopener">Reference</a>

How did this work?

It removes the reference to the parent page. When the malicious website tries to access it, it returns 'null' and your website is saved from those prying eyes of hacker.

To know more about all the options for the 'rel' property

developer.mozilla.org/en-US/docs/Web/HTML/A..

Did you find this article valuable?

Support Sedhu by becoming a sponsor. Any amount is appreciated!