Nytro Posted February 2, 2015 Report Posted February 2, 2015 Understanding PHP Object InjectionJanuary 5, 2015Ionut PopescuPHP Object Injection is not a very common vulnerability, it may be difficult to exploit but it also may be really dangerous. In order to understand this vulnerability, understanding of basic PHP code is required.Vulnerable applicationsIf you may think this is not an important type of vulnerability, please see the list below. Researchers found PHP Object Injection vulnerabilities in very common PHP applications:WordPress 3.6.1Magento 1.9.0.1Joomla 3.0.3IP Board 3.3.4And many others. There may be a lot of other undiscovered PHP Object Injections in these or in other very common PHP applications, so maybe you can take a coffee break and try to understand it.Articol complet: http://securitycafe.ro/2015/01/05/understanding-php-object-injection/ Quote
