原文出處:https://blog.ripstech.com/2018/new-php-exploitation-technique/
The security researcher Sam Thomas from Secarma found a new exploitation technique that can lead to critical PHP object injection vulnerabilities - without using the PHP function unserialize(). The new technique was announced at the BlackHat USA conference in his talk It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It1. It can enable attackers to escalate the severity of file related vulnerabilities to remote code execution. We added the detection of this new type of attack to our RIPS Code Analysis engine.
文章圖片來源:https://blog.ripstech.com/2018/new-php-exploitation-technique/
前言引用來源:https://blog.ripstech.com/2018/new-php-exploitation-technique/
-------------------
如果你認同支持我們每日分享的文章的話,請幫我們按個讚並且點擊追蹤「搶先看」,這樣就可以快速獲得最新消息囉!
您的分享及點讚,是我們最大的動力來源。
https://www.facebook.com/LonelyPoPo/
