Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing vulns/signatures #6

Open
nabla-c0d3 opened this issue Mar 22, 2013 · 3 comments
Open

Missing vulns/signatures #6

nabla-c0d3 opened this issue Mar 22, 2013 · 3 comments

Comments

@nabla-c0d3
Copy link
Member

So that I don't forget:

  • Cookie leaking to 3rd party domains through HTTP redirections
  • HTTPS to HTTP redirection
  • DP APIs with UnlessOpen attribute
  • Null IV
@nabla-c0d3
Copy link
Member Author

  • Bad RNG

@nabla-c0d3
Copy link
Member Author

  • App screenshot when backgrounding

nabla-c0d3 added a commit that referenced this issue Apr 29, 2013
@nabla-c0d3
Hook rand() and random()
09728b9 
Updates #6.
nabla-c0d3 added a commit that referenced this issue Apr 29, 2013
@nabla-c0d3
Test cases for rand() and random()
55d3f65 
Updates #6.
@thirstscolr
Copy link

"""Cookie leaking to 3rd party domains through HTTP redirections"""

Can we actually do this? We only have support to match to static values... not to other values in the dict. We'd have to change the way the Filter classes work yes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thirstscolr @nabla-c0d3