Загрузка...

m0leCon 2025 - Hiroki Matsukuma - Unawakened Wakeup: A New PHP Object Injection Technique for __w...

m0leCon 2025 Turin, Italy - 22/03/2025

PHP Object Injection is one of the critical vulnerabilities in web field as counted in OWASP Top Ten in 2017 and 2021. It allows an attacker to get shell access or read/write files by performing code reuse attack with carefully crafted objects (POP gadgets). Many researchers have developed powerful POP gadget chains however PHP package developers have also worked to reduce POP gadgets.
Some of web application frameworks and libraries have neutralized their POP gadgets by overriding __wakeup() to force an exception during deserialization. This kind of change is very simple for developers and works effectively as a mitigation. For example, Guzzle/RCE1 of PHPGGC, the POP gadget chain used for PoC exploit for CVE-2019-6340 of Drupal RCE, no longer works after guzzlehttp/guzzle 6.3.2 released in 2018.
In this talk, we will introduce a new technique that could bypass __wakeup() for PHP Object Injection with demonstration of the concept by reviving Guzzle/RCE1 to the present on Neos Flow framework. This talk will benefit penetration testers, exploit developer, and CTF players.

Видео m0leCon 2025 - Hiroki Matsukuma - Unawakened Wakeup: A New PHP Object Injection Technique for __w... канала pwnthem0le
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
22 сентября 2025 г. 18:19:45
00:44:20
pwnthem0le
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

m0leCon 2019 - Mariano Graziano - Binary Analysis Notesm0leCon 2019 - Mariano Graziano - Binary Analysis Notes

m0leCon 2023 - Lukas Gerlach, Daniel Weber - Rowhammer Revisited: From Exploration to Exploitatio...m0leCon 2023 - Lukas Gerlach, Daniel Weber - Rowhammer Revisited: From Exploration to Exploitatio...

m0leCon 2023 - Chih-Jen Huang - PyJails in the Wild: Bringing CTF Challenges to the Real Worldm0leCon 2023 - Chih-Jen Huang - PyJails in the Wild: Bringing CTF Challenges to the Real World

m0leCon 2021 - Len Noe - BioHacker The Invisible Threatm0leCon 2021 - Len Noe - BioHacker The Invisible Threat

m0leCon 2022 - Omri Misgav - DSE, KDP and Everything In Between: New Techniques to Run Unsigned R...m0leCon 2022 - Omri Misgav - DSE, KDP and Everything In Between: New Techniques to Run Unsigned R...

m0leCon 2021 - Enrico Barberis, Hany Ragab - Rage Against The Machine Clearm0leCon 2021 - Enrico Barberis, Hany Ragab - Rage Against The Machine Clear

m0leCon 2020 - Giovanni Rocca - Using Cracking Techniques to Protect the Android Userspacem0leCon 2020 - Giovanni Rocca - Using Cracking Techniques to Protect the Android Userspace

m0leCon 2019 - Matteo Ranalli - Data Breach: real world adversary tactics and techniquesm0leCon 2019 - Matteo Ranalli - Data Breach: real world adversary tactics and techniques

m0leCon 2022 - Paolo Stagno - The Talented Mr RiPPLeym0leCon 2022 - Paolo Stagno - The Talented Mr RiPPLey

m0leCon 2021 - Luca Cancelliere, Vittorio Mignini - A VDI Adventurem0leCon 2021 - Luca Cancelliere, Vittorio Mignini - A VDI Adventure

m0leCon 2022 - Nils Albartus, Julian Speith - The Painful Life of a Hardware Reverse Engineerm0leCon 2022 - Nils Albartus, Julian Speith - The Painful Life of a Hardware Reverse Engineer

m0leCon 2023 - Luca Ginex - VirtualBox is collapsing: a n-day storym0leCon 2023 - Luca Ginex - VirtualBox is collapsing: a n-day story

m0leCon 2020 - Allie Mellen - Mobile Security in a Remote Worldm0leCon 2020 - Allie Mellen - Mobile Security in a Remote World

m0leCon 2021 - Daniele Ucci - Attackers vs AI how AI detects cyber threatsm0leCon 2021 - Daniele Ucci - Attackers vs AI how AI detects cyber threats

m0leCon 2022 - Bobby Rauch - “GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFsm0leCon 2022 - Bobby Rauch - “GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs

m0leCon 2020 - Andrea Menin - Fantastic Bypass and Where to Find Themm0leCon 2020 - Andrea Menin - Fantastic Bypass and Where to Find Them

m0leCon 2023 - Luciano Maino - Attacks and New Developments in Isogeny-based Cryptographym0leCon 2023 - Luciano Maino - Attacks and New Developments in Isogeny-based Cryptography

m0leCon 2022 - Eran Ayalon, Ilan Sokol - Container Escape: All you need is cap (capabilities)m0leCon 2022 - Eran Ayalon, Ilan Sokol - Container Escape: All you need is cap (capabilities)

m0leCon 2019 - Luca Pezzolla - Up near the clouds all the servers (can) go downm0leCon 2019 - Luca Pezzolla - Up near the clouds all the servers (can) go down

m0leCon 2025 - Robin Jadoul - How to prove that 42 is primem0leCon 2025 - Robin Jadoul - How to prove that 42 is prime

m0leCon 2025 - Emanuele Barbeno, Yves Bieri - Now I See You: Pwning the Synology BC500 Cameram0leCon 2025 - Emanuele Barbeno, Yves Bieri - Now I See You: Pwning the Synology BC500 Camera

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять