Categories Talks CONFidence 2013: PHP Object Injection Revisited Post author By Raz0r Post date 28 May 2013 3 Comments on CONFidence 2013: PHP Object Injection Revisited Click to share on Twitter (Opens in new window)Click to share on Telegram (Opens in new window)Click to share on Reddit (Opens in new window)Click to share on Facebook (Opens in new window) Tags confidence, php, unserialize ← PHDays 2013 CTF “Blade” Writeup → DEFCON CTF 2013 Quals “grandprix” Writeup 3 replies on “CONFidence 2013: PHP Object Injection Revisited” Вернусь с отдыха, подробно разберу всю презентацию! Спасибо! hi raz0r, I’ve seen your open_basedir bypass with soap wsdl cache, it’s amazing. However, it seems that the name of a cache file cannot be controlled. Is it really exploitable or did i miss something? Thanks Unfortunately you can control only the directory. Leave a Reply Cancel replyYour email address will not be published.Comment Name Email Website Notify me of follow-up comments by email. Notify me of new posts by email. This site uses Akismet to reduce spam. Learn how your comment data is processed.