Monday, 24 April 2017

Navigating to non-same origin windows in browsers.

Lets do this.. Works almost in every browsers. Another Interesting Navigation trick. It is an little-known property of web browsers that one document can always navigate other, non-same-origin windows to arbitrary URLs. Perhaps more interestingly, you can also navigate third-party documents to resources served with Content-Disposition attachment, in which case, you get the original contents of the address bar, plus a rogue download prompt attached to an unsuspecting page that never wanted you to download that file.

Video POC :

No bounty was awarded, because :
"The behavioral of the browser is legit, the same thing happens in chrome or other browsers. We will invalidate your report."

Bug Reported by : Dhiraj Mishra