Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.5.8

Bug #21179 PHP Object Injection through PHP Serializer
Submitted: 2017-02-07 00:09 UTC
From: ryat Assigned:
Status: Open Package: HTML_AJAX (version 0.5.8)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 30 + 14 = ?

 
 [2017-02-07 00:09 UTC] ryat (Taoguang Chen)
Description: ------------ The fixes for bug#21165 can be bypassed since PHP's deserialization parser quirks. PoC: ``` o:1:"i:0;i:1;} ```

Comments