PHP code review: is it open to object code injection through unserialize [closed]

I’m trying to figure out if the code below is open to object injection:
<?php
// loggin level
define(‘CRIT’, 5);
define(‘ERROR’, 4);
// secret is defined somewhere in the script like this
define(‘SECRET’, ‘mYs3cr37P4… Continue reading PHP code review: is it open to object code injection through unserialize [closed]

Why object injection doesn’t work but payload is stored along with session cookies on Joomla 2.5.11 unpatched?

I have read and understand object injection from this question. Then I wanted to test the security issue behind Joomla CMS Object injection through serialization.

TEST MACHINE

xammp 1.7.3 for windows
Apache/2.2.14 (Win32) … Continue reading Why object injection doesn’t work but payload is stored along with session cookies on Joomla 2.5.11 unpatched?