Solution Triggering XSS on Open Redirect using attribute target="_blank" Through Modern Browsers
This time we will write a little XSS solution in Open Redirect that uses the attribute target=”_blank.
Here’s the code snippet:
<a href="javascript:alert()" target="_blank">CLICK</a>
From the HTML code snippet above, we tried to open it through several Modern Browsers:
1. Google Chrome (v116.0.5845.97)
In Google Chrome, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to the page about:blank#blocked. Look, the pop-up doesn't appear
However, you can trigger XSS in this case via Google Chrome v116.0.5845.97 by using this technique :
- CTRL + Left Mouse Click Button
- Scroll Wheel Click Button
Now we can trigger XSS in this case through the latest version of Google Chrome browser.
2. Microsoft Edge (v116.0.1938.54)
In Microsoft Edge, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to the page about:blank#blocked. Look, the pop-up doesn't appear
However, you can trigger XSS in this case via Microsoft Edge v116.0.1938.54 by using this technique :
- CTRL + Left Mouse Click Button
- Scroll Wheel Click Button
Now we can trigger XSS in this case through the latest version of Microsoft Edge browser.
3. Opera (v100.0.4815.76)
In Opera, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to the page about:blank#blocked. Look, the pop-up doesn't appear
However, you can trigger XSS in this case via Opera v100.0.4815.76 by using this technique :
- CTRL + Left Mouse Click Button
- Scroll Wheel Click Button
Now we can trigger XSS through the latest version of Opera browser.
4. Mozilla Firefox (v116.0.3)
In Mozilla Firefox, if you open JavaScript Protocol with attribute target="_blank" using the left mouse click button, it doesn’t work. You will be taken to a blank page. Look, the pop-up doesn't appear
However, you can trigger XSS in this case via Mozilla Firefox v116.0.3 by using this technique :
- CTRL + Left Mouse Click Button
- Scroll Wheel Click Button
Now we can trigger XSS through the latest version of Mozilla Firefox browser.
Additional information
We can open the Javascript Protocol using the Left Mouse Click Button on the Mozilla Firefox v103.0.1.
We can trigger XSS in this case via Mozilla Firefox v103.0.1 by using this technique :
- Left Mouse Click Button
Now we can trigger XSS via the Mozilla Firefox browser v103.0.1