Raz0r.name

CONFidence 2013: PHP Object Injection Revisited

Posted

in

by

Raz0r

Tags:

, ,

Comments

3 responses to “CONFidence 2013: PHP Object Injection Revisited”

  1. Kuzya Avatar
    Kuzya

    Вернусь с отдыха, подробно разберу всю презентацию! Спасибо!

  2. /fd Avatar
    /fd

    hi raz0r,
    I’ve seen your open_basedir bypass with soap wsdl cache, it’s amazing.
    However, it seems that the name of a cache file cannot be controlled.
    Is it really exploitable or did i miss something? Thanks

  3. Raz0r Avatar
    Raz0r

    Unfortunately you can control only the directory.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.