CONFidence 2013: PHP Object Injection Revisited

3 replies on “CONFidence 2013: PHP Object Injection Revisited”

Вернусь с отдыха, подробно разберу всю презентацию! Спасибо!

hi raz0r,
I’ve seen your open_basedir bypass with soap wsdl cache, it’s amazing.
However, it seems that the name of a cache file cannot be controlled.
Is it really exploitable or did i miss something? Thanks

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.