💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  • What is Unsecure Random Function?
  • Video Explanation
  • Unsecure Random Function Examples

Unsecure Random Function

PreviousChecklistNextExploitation

Last updated 2 months ago

What is Unsecure Random Function?

An unsecure random function in a web application refers to the use of weak or predictable random number generation that can lead to security vulnerabilities. This usually happens when developers use functions that do not provide cryptographically secure randomness, making it easier for attackers to predict or manipulate values.

Video Explanation

Unsecure Random Function Examples

  • Math.random() [JavaScript]

  • rand() [PHP]

  • random() [Python]

  • Math.random [Java]