PHP Object Injection & Serialization Vulnerabilities

PHP Object Injection & Serialization Vulnerabilities PHP Object injection vulnerabilities can be fairly hard to exploit in a black box penetration testing scenario. In this tutorial, I’m gonna show you guys how serialization vulnerabilities actually work in PHP. I’m going to cover the following points in this video tutorial. Video Intro Serialization Vulnerabilities in Other […]

Continue reading


[Mass Exploit] Joomla 3.2 to 3.4 SQL Injection

Introduction You guys know how I love to automate stuff. So earlier today I decided to automate the SQL injection vulnerability in open source CMS joomla (3.2 to 3.4.4) found by Trust Wave Labs here. CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858 cover this SQL Injection vulnerability. I have used Google Scraper and Mass Exploiter from one of my previous […]

Continue reading