php Archives | Invicti

Sven Morgenroth Talks About PHP Object Injection Vulnerabilities on Paul’s Security Weekly Podcast

Thu, 20 Dec 2018

End of Support for PHP 5 and PHP 7.0

Tue, 18 Dec 2018

PHP Wrappers, Streams & Local File Intrusion (LFI)

Wed, 14 Nov 2018

Sven Morgenroth Talks About PHP Type Juggling on Paul’s Security Weekly Podcast

Tue, 18 Sep 2018

PHP Type Juggling Exploit: Vulnerability, Payloads, and Fixes

Wed, 22 Aug 2018

PHP Unserialize: Never Pass Untrusted Data Online

Thu, 29 Mar 2018

Unserialize is a PHP function that, while often classified as a security risk, is seldom defined. This article explains the vulnerability and contains a PHP Classes Crash Course that includes properties and ‘magic methods’. It uses examples to illustrate the basic concepts of Deserialization, PHP Object Injection and Class Autoloading in PHP.

Netsparker’s Weekly Security Roundup 2018 – Week 05

Fri, 09 Feb 2018

In this week’s edition of our security roundup: why you should be careful what you put into your composer.json file, why you need to use a Package Manager, the Principle of Least Privilege and DNS Rebinding

Missing Function Level Access Control Vulnerabilities in Maian Support Helpdesk Allow Complete Take Over of the System

Wed, 22 Feb 2017

This article looks into the details of how malicious hackers can exploit a number of missing function level access control vulnerabilities to take over an installation of Maian Support Helpdesk, a web application developed in php.