PHP unserialization vulnerabilities – what are we missing? presented at BSidesManchester 2015

by Sam Thomas,

Summary : We regularly find unserialization issues during penetration testing engagements, often within previously tested systems, which often results in a serious compromise. This suggests the area is not sufficiently understood and testing methodologies need to be improved. This presentation will include demonstrations of some lesser known techniques which can be utilised to compromise Wordpress<3.6.1 and SilverStripe<2.4.6 amongst others.