You are viewing a single comment's thread from:
RE: Find out whether a target website is vulnerable to Reverse Tabnabbing executing 7 lines of code
Well it seems like the new wallet link is subject to reverse tabnabbing then =]
Not a big concern though since if the wallet domain is compromised that's quite a bigger issue than being able to redirect steemit.com to a phishing page! =]
Yep but now they introduced the blog button on steemitwallet.com and it has the same vulnerability. If steemit.com gets compromised the attacker can steal the master key redirecting steemitwallet.com to a phishing page.
FYI @guiltyparties