Mastodawn

Turbo Learn PHP Jan 23

How to Stop unserialize From Becoming Code Execution

Untrusted serialize data can run magic methods.

#php #unserialize #objectinjection #security #howto #rce

https://www.youtube.com/watch?v=Yi43pgKyKB8

How to Stop unserialize From Becoming Code Execution #unserialize

YouTube

Harald Eilertsen Aug 9, 2024

My home grown honeypot caught something interesting, so I wrote about it:

#^Analysis of a PHP object injection exploit for Revive Adserver -
Here the other day one of my honeypots caught and quarantined an interesting request. At least I thought it was interesting as I hadn't seen it before. So I decided to explore a bit further.

#infosec #php #object-injection #vulnerability #exploit #analysis

Analysis of a PHP object injection exploit for Revive Adserver -

OPSEC Cybersecurity News Live Mar 24, 2023

PHP code review: is it open to object code injection through unserialize

https://security.stackexchange.com/questions/269314/php-code-review-is-it-open-to-object-code-injection-through-unserialize

#objectinjection #deserialization #codereview #cookies #php

PHP code review: is it open to object code injection through unserialize

I'm trying to figure out if the code below is open to object injection: <?php // loggin level define('CRIT', 5); define('ERROR', 4); // secret is defined somewhere in the script ...

Information Security Stack Exchange