It's a PHP Unserialization Vulnerability Jim, but Not as We Know It

It's a PHP Unserialization Vulnerability Jim, but Not as We Know It

Black Hat via YouTube Direct link

Quick Polyglot Demo

9 of 17

9 of 17

Quick Polyglot Demo

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

It's a PHP Unserialization Vulnerability Jim, but Not as We Know It

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 What is PHP (un)serialization?
  3. 3 Introduction
  4. 4 Stream Wrappers
  5. 5 Basic Attack Methodology
  6. 6 Difference from "unserialize()"
  7. 7 Phar File Format
  8. 8 Phar/Tar File Format
  9. 9 Quick Polyglot Demo
  10. 10 Phar Planting
  11. 11 Identifying Vulnerabilities
  12. 12 PHPGGC / PHARGGC Payloads
  13. 13 Case Studies
  14. 14 Case Study B - Wordpress - Payload
  15. 15 Case Study C-TCPDF (via Contao)
  16. 16 Defence
  17. 17 Take aways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.