Is PHP unserialize() exploitable without any magic methods?
Say that there was a publicly accessible web page with the following PHP code:
<?php
class NotInteresting
{
public function noExploits() {
echo “Whatever.”;
}
}
$unsafe = unserialize($_GET[‘data’]);
$unsaf… Continue reading Is PHP unserialize() exploitable without any magic methods?