Advertisement
Top

New PHP Exploit Chain Highlights Dangers of Deserialization

August 16, 2018

Via: Dark Reading
Category:

PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.

PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las Vegas demonstrated that the attack surface for PHP unserialization is broader than originally thought.

“What I presented was basically a new way to start an unserialization attack,” says Sam Thomas, director of research at Secarma Ltd. “In PHP, there’s specific command called ‘unserialize,’ which starts unserialization, but actually it turns out that because of other stuff that goes into the core of PHP, there’s another other way to trigger it.”

Read More on Dark Reading

RELATED PUBLICATIONS

OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories
Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector
Google Patches Exploited Pixel Vulnerabilities

Latest Publications

Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Autodesk Drive Abused in Phishing Attacks 
Google fixed critical Chrome vulnerability CVE-2024-4058
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!