| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 0.5.8 |
| Bug #21179 | PHP Object Injection through PHP Serializer | ||
|---|---|---|---|
| Submitted: | 2017-02-07 00:09 UTC | ||
| From: | ryat | Assigned: | |
| Status: | Open | Package: | HTML_AJAX (version 0.5.8) |
| PHP Version: | Irrelevant | OS: | |
| Roadmaps: | (Not assigned) | ||
[2017-02-07 00:09 UTC] ryat
(Taoguang Chen)
Description:
------------
The fixes for bug#21165 can be bypassed since PHP's deserialization
parser quirks.
PoC:
```
o:1:"i:0;i:1;}
```