{"id":1954,"date":"2013-03-18T00:26:36","date_gmt":"2013-03-17T23:26:36","guid":{"rendered":"http:\/\/www.thetawelle.de\/?p=1954"},"modified":"2013-03-18T00:28:16","modified_gmt":"2013-03-17T23:28:16","slug":"href-tag-hack-to-trick-users-to-different-target","status":"publish","type":"post","link":"https:\/\/www.thetawelle.de\/?p=1954","title":{"rendered":"href-tag hack to trick users to different target"},"content":{"rendered":"<p><a href=\"\/wp-upload\/hack_a.png\"><img loading=\"lazy\" decoding=\"async\" src=\"\/wp-upload\/hack_a.png\" alt=\"hack_a\" width=\"200\" height=\"158\" class=\"alignright size-full wp-image-1956\" \/><\/a>See <a href=\"http:\/\/bilaw.al\/2013\/03\/17\/hacking-the-a-tag-in-100-characters.html\">here &#8222;Hacking the &lt;a&gt; tag in 100 characters&#8220;<\/a> what <strong>Bilawal Hameed<\/strong> found out:<\/p>\n<blockquote><p>A short while ago, I discovered that JavaScript allows you to change the &lt;a&gt; href after you click on it. It may not seem that serious at first glance, but rest assured, it can trick customers into giving in their details to fraudsters.<\/p><\/blockquote>\n<p>Thx, to <a href=\"https:\/\/twitter.com\/_funkyboy\">@_funkyboy<\/a> for the tweet pointing to this flaw.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>See here &#8222;Hacking the &lt;a&gt; tag in 100 characters&#8220; what Bilawal Hameed found out: A short while ago, I discovered that JavaScript allows you to change the &lt;a&gt; href after you click on it. It may not seem that serious at first glance, but rest assured, it can trick customers into giving in their details &hellip; <a href=\"https:\/\/www.thetawelle.de\/?p=1954\" class=\"more-link\"><span class=\"screen-reader-text\">\u201ehref-tag hack to trick users to different target\u201c <\/span>weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85,69],"tags":[],"class_list":["post-1954","post","type-post","status-publish","format-standard","hentry","category-security","category-wtf11"],"_links":{"self":[{"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=\/wp\/v2\/posts\/1954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1954"}],"version-history":[{"count":0,"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=\/wp\/v2\/posts\/1954\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thetawelle.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}