CONFidence 2013: PHP Object Injection Revisited


  1. Kuzya, 29. May 2013, 9:23

    Вернусь с отдыха, подробно разберу всю презентацию! Спасибо!

  2. /fd, 29. May 2013, 19:28

    hi raz0r,
    I’ve seen your open_basedir bypass with soap wsdl cache, it’s amazing.
    However, it seems that the name of a cache file cannot be controlled.
    Is it really exploitable or did i miss something? Thanks

  3. Raz0r, 30. May 2013, 16:29

    Unfortunately you can control only the directory.


Write a comment: