Home

XSS

Solution Triggering XSS on Open Redirect using attribute target="_blank" Through Modern Browsers

This time we will write a little XSS solution in Open Redirect that uses the attribute target=”_blank.

Here’s the code snippet:

<a href="javascript:alert()" target="_blank">CLICK</a>

From the HTML code snippet above, we tried to open it through several Modern Browsers:

1. Google Chrome (v116.0.5845.97)

In Google Chrome, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to the page about:blank#blocked. Look, the pop-up doesn't appear

However, you can trigger XSS in this case via Google Chrome v116.0.5845.97 by using this technique :

CTRL + Left Mouse Click Button
Scroll Wheel Click Button

Now we can trigger XSS in this case through the latest version of Google Chrome browser.

2. Microsoft Edge (v116.0.1938.54)

In Microsoft Edge, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to the page about:blank#blocked. Look, the pop-up doesn't appear

However, you can trigger XSS in this case via Microsoft Edge v116.0.1938.54 by using this technique :

CTRL + Left Mouse Click Button
Scroll Wheel Click Button

Now we can trigger XSS in this case through the latest version of Microsoft Edge browser.

3. Opera (v100.0.4815.76)

In Opera, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to the page about:blank#blocked. Look, the pop-up doesn't appear

However, you can trigger XSS in this case via Opera v100.0.4815.76 by using this technique :

CTRL + Left Mouse Click Button
Scroll Wheel Click Button

Now we can trigger XSS through the latest version of Opera browser.

4. Mozilla Firefox (v116.0.3)

In Mozilla Firefox, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to a blank page. Look, the pop-up doesn't appear

However, you can trigger XSS in this case via Mozilla Firefox v116.0.3 by using this technique :

CTRL + Left Mouse Click Button
Scroll Wheel Click Button

Now we can trigger XSS through the latest version of Mozilla Firefox browser.

Additional information

We can open the Javascript Protocol using the Left Mouse Click Button on the Mozilla Firefox v103.0.1.

We can trigger XSS in this case via Mozilla Firefox v103.0.1 by using this technique :

Left Mouse Click Button

Now we can trigger XSS via the Mozilla Firefox browser v103.0.1

Secrash - Bug Bounty Tips

Solution Triggering XSS on Open Redirect using attribute target="_blank" Through Modern Browsers

Exploiting SQL Injection with SQLMAP using Session Cookies

XSS using console.log() for Bypass Cloudflare

Top 10 XSS Challenge Games to Improve Web Security Skills

SPIP v4.2.1 - Remote Code Execution (Unauthenticated)

Reflected XSS Bypass Payloads with HTML Entities : Kaskus Bug Bounty

Google Dorks for Bug Bounty : Unleashing the Power of Advanced Search Queries