Diving into unserialize(): POP Chains

Achieving RCE with POP chain exploits

Vickie Li

Sep 23, 2019·3 min read

Last time, we talked about how PHP’s unserialize() can introduce serious vulnerabilities if it is given user-controlled input.