How can PHP unserialize() object injection be used to bypass authentication?
So I came across with this authentication bypass security notice and the fix for it was just simply changing all serialization to json encoding.
I am just wondering how is this really exploitable? I know that unserialize()… Continue reading How can PHP unserialize() object injection be used to bypass authentication?