Vulnerabilities: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(Added info about SMAP bypass) |
||
Line 2: | Line 2: | ||
Modal Browser: | Modal Browser: | ||
# It is possible to bypass HTTPS in the modal browser, if you reply to the HTTPS CONNECT with a standard HTTP 1.1 response, instead of attempting to create a tunnel- the browser will just display that response. the downside to this is you have no idea what the contents of even the HTTP REQUEST would have been, but its useful for directing the browser anywhere you want. | # It is possible to bypass HTTPS in the modal browser, if you reply to the HTTPS CONNECT with a standard HTTP 1.1 response, instead of attempting to create a tunnel- the browser will just display that response. the downside to this is you have no idea what the contents of even the HTTP REQUEST would have been, but its useful for directing the browser anywhere you want. | ||
SMAP bypass: | |||
# There is a vulnerability in FreeBSD 12 that allows SMAP to be bypassed by userland. There is a very high probability that it affects the PS5 but it was not confirmed yet. [https://hackerone.com/reports/1048322 Source]. |
Revision as of 21:47, 28 May 2021
Modal Browser:
- It is possible to bypass HTTPS in the modal browser, if you reply to the HTTPS CONNECT with a standard HTTP 1.1 response, instead of attempting to create a tunnel- the browser will just display that response. the downside to this is you have no idea what the contents of even the HTTP REQUEST would have been, but its useful for directing the browser anywhere you want.
SMAP bypass:
- There is a vulnerability in FreeBSD 12 that allows SMAP to be bypassed by userland. There is a very high probability that it affects the PS5 but it was not confirmed yet. Source.