It's a PHP Unserialization Vulnerability Jim, but Not as We Know It

preview_player
Показать описание
The presentation will include demos of long lived and previously unidentified RCE exploits against some of the most widely deployed open source PHP web applications and libraries.

By Sam Thomas

  1. Black Hat
  2. Black Hat USA
  3. Black Hat USA 18
  4. BlackHat
  5. Black Hat
  6. BlackHatUSA
Рекомендации по теме
It's a PHP 0:47:26

It's a PHP Unserialization Vulnerability Jim, but Not as We Know It

BSidesMCR 2018: It's 0:47:26

BSidesMCR 2018: It's A PHP Unserialization Vulnerability Jim, But Not As We Know It by Sam Thom...

Exploiting PHP7 unserialize 0:44:02

Exploiting PHP7 unserialize (33c3)

phar:// PHP Unserialization 0:18:19

phar:// PHP Unserialization Vulnerability

Insecure Deserialization Attack 0:08:52

Insecure Deserialization Attack Explained

PHP Unserialize & 0:08:33

PHP Unserialize & Race Condition - Tenet on HackTheBox

Black Hat USA 0:47:26

Black Hat USA 2018 - It's a PHP Unserialization Vulnerability Jim, but Not as We Know It

Intro to PHP 0:29:46

Intro to PHP Deserialization / Object Injection

Insecure Deserialization | 0:09:04

Insecure Deserialization | OWASPT Top 10

Advanced PHP Deserialization 0:26:06

Advanced PHP Deserialization - Phar Files

2017 OWASP Top 0:08:50

2017 OWASP Top 10: Insecure Deserialization

phpBB 3.2.3 Phar 0:00:52

phpBB 3.2.3 Phar Deserialization to RCE Exploit

How to Exploit 0:19:22

How to Exploit PHAR Deserialization

PHP 7.4 ~ 0:08:18

PHP 7.4 ~ Lesson 9: Serialize & Unserialize Magic Methods

a php vulnerability 0:03:17

a php vulnerability

CVE-2010-0094 : Java 0:01:51

CVE-2010-0094 : Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

Insecure Deserialization: Lab 0:10:26

Insecure Deserialization: Lab #6 - Exploiting PHP deserialization with a pre-built gadget chain

Deserialization Vulnerability Remediation 0:32:20

Deserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian Haken

Attacking .NET deserialization 0:38:47

Attacking .NET deserialization - Alvaro Muñoz

Insecure Deserialization For 0:19:07

Insecure Deserialization For Beginners

PHP Imap Vulnerability 0:05:04

PHP Imap Vulnerability in Debian/Ubuntu

Using application functionality 0:02:22

Using application functionality to exploit insecure deserialization

How to prevent 0:08:12

How to prevent malicious SQL injections & deserialization vulnerabilities

[In]secure Deserialization, And 0:39:50

[In]secure Deserialization, And How [Not] To Do It - Alexei Kojenov

Комментарии
Автор

The best web security talk content I have heard in a long time, but oh my god I can hardly follow along his voice is monotone.

corymarsh
Автор

only amaters use windows as a web server!

JNET_Reloaded