Collaborate Disseminate
I’m trying to figure out if the code below is open to object injection:
<?php
// loggin level
define(‘CRIT’, 5);
define(‘ERROR’, 4);
// secret is defined somewhere in the script like this
define(‘SECRET’, ‘mYs3cr37P4… Continue reading PHP code review: is it open to object code injection through unserialize [closed]
Is there a problem to use reflection (specifically class.forName) in server side application?
My main thread about this is someone to inject a code dumping memory in JVM and adding commands in reference memory field, but this is unlike in … Continue reading Dyanamic class load for server side application
This question already has an answer here:
I found unknown PHP code on my server. How do I de-obfuscate the code?
2 answers
… Continue reading What’s the point of this php shell? [duplicate]
I just had a random occurrence when I went to one of my hosted websites, and saw the page was broken.
We host several domains at this IP, but one domain is actually in the server’s webroot directory, inside are all the direc… Continue reading Trying to figure out if I was hit by an obscure exploit attempt of some kind
I have read and understand object injection from this question. Then I wanted to test the security issue behind Joomla CMS Object injection through serialization.
TEST MACHINE
xammp 1.7.3 for windows
Apache/2.2.14 (Win32) … Continue reading Why object injection doesn’t work but payload is stored along with session cookies on Joomla 2.5.11 unpatched?
It just came to my mind that few years ago many iOS applications where infected by XcodeGhost (notably WeChat). This made me think about few possible scenarios:
Malicious code injected in object files
Compilers produce many temporary fil… Continue reading Injected malicious code in temporary files
I have been reading up on Insecure Deserialization and how it can affect Java applications.
https://owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization
If the captured traffic data include the following patterns it… Continue reading Insecure Deserialization in C# (.NET) – How to identify and test
I’m assessing the security of a webportal for a client and I found a vulnerability. The code is basically doing this:
$var = unserialize($_REQUEST[‘something’]);
I have complete control over variable. But there are no clas… Continue reading Is it possible to exploit PHP unserialize without classes?
I am testing my code on ESLint. It says:
Variable Assigned to Object Injection Sink (security/detect-object-injection).
I’m not using an outer resource to assign it to my variable, though. Is there really a problem in the var a = ne… Continue reading Variable Assigned to Object Injection Sink (security/detect-object-injection)
Say that there was a publicly accessible web page with the following PHP code:
<?php
class NotInteresting
{
public function noExploits() {
echo “Whatever.”;
}
}
$unsafe = unserialize($_GET[‘data’]);
$unsaf… Continue reading Is PHP unserialize() exploitable without any magic methods?