Unserialize PHP exploit is a kind of PHP Object injection. This exploit will occur when a user defined input is not being sanitized properly before being passed to unseriliaze function. For this exploit to work, you need to take advantage…
All posts tagged “php”
cURL error 35 – Unknown SSL protocol error in connection
This problem bugs me for a couple of minutes. I was trying to use curl on sending POST request to a specific website with SSL but it returns cURL error 35. So I tried to ask my friend google for…
How to prevent SQL-injection on PHP/MySQL?
This is a very old vulnerability, but it surprises me how many developer doesn’t know it exists or doesn’t even bother coding to prevent it. How does SQL-injection work? SQL injection is simply just SQL statement not properly formated. The…
pecl install mysqlnd_ms – make: *** [php_mysqlnd_ms.lo] Error 1
This error will occur when you try to install mysqlnd_ms using pecl on PHP v5.6 and above. This is because the pecl package manager hasn’t been updated yet, thats why the extension for mysqlnd_ms is available only for PHP v5.3…
Create PHP Shell using Imagick (Image Magick) Vulnerability
Please don’t use this information to attack someone else’s application. Instead use this to protect yourself from being compromise on this particular vulnerability. This hack will work on Image Magick version 3.3.0 and below Below is a sample php code…