In this page we will tell you about what’s new coming in the next update of the Threads application.
There are several features that we are planning to add in the existing web application to give beginners a good platform to get started:
Vulnerabilities to be added in Threads
-
Information leakage via http (cookie,token)
-
Insecure Deserialization
-
Session Cookie without HttpOnly and secure flag set
-
Password reset token via referer header (Low level severity)
-
Hardcoded information
-
Session management issues :
a. Reuse of cookies for authentication (Medium level severity)
b. Violation of Secure Design Principles (Low level severity)
-
No rate limiting issues on
a. No rate limiting on forgot password functionality (Low level severity)
b. No rate limiting on user enumeration (Low level severity)
c. User enumeration from forgot password (Low level severity)
-
XXE
-
HTML Injection (High level severity)
-
Path Traversal (High level severity)
-
LFI via template Injection CVE-2019-3396 (Critical level severity)
-
RCE
-
CORS
-
OS Command Injection
-
SSL/TLS Issues
-
HTTP Parameter Pollution
-
Host Header Injection
-
Open Redirect
-
Web Cache deception
Features which will be added in Threads
-
Will be adding a trending page where we can see what’s trending.
-
Creating a hashtag for a post and if that hashtag is used often by many user then it can be seen on the trending page.
-
User getting a notifications if he gets tagged in a post or comment.
-
Videos getting posted too.
-
Even .gif file will get uploaded as a post.
-
Searching option searching for people, events, hashtags. (searches for people and post)(check if this is implemented)
-
Birthdate will be added of an user as in profile section and other user can see this section.