All posts filed under “Net Sec

Unserialize PHP Exploit Samples

Unserialize PHP exploit is a kind of PHP Object injection. This exploit will occur when a user defined input is not being sanitized properly before being passed to unseriliaze function. For this exploit to work, you need to take advantage…

MongoDB Injection Example

Below is a example on how MongoDB Injection works: For example you have a PHP code like this. <?php $m = new \MongoDB\Driver\Manager(); if(isset($_POST[‘u’]) && isset($_POST[‘p’])) { $c = new \MongoDB\Driver\Query(array(‘username’ => $_POST[‘u’], ‘password’ => $_POST[‘p’]), array(‘limit’ => 10)); $user…