Vickie Li

Sep 23, 2019

3 min read

Diving into unserialize(): POP Chains

Soda, or pop?

Last time, we talked about how PHP’s unserialize() can introduce serious vulnerabilities if it is given user-controlled input.

--

--

More from Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vickie Li

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

More from Medium

Samuel

These are the Cybersecurity Lessons from La Casa De Papel (Money Heist)

These are the Cybersecurity Lessons from La Casa De Papel (Money Heist)
Thexssrat

You should put scope over exploits! Or should you?

Annika Clarke

Debug Walkthrough: Exploiting SSH MOTD and PHP Deserialization

Daryan Hanshew

HackThisSite Realistic Mission 6

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable