Don’t despair when you can’t RCE. How to achieve authentication bypass and SQL injection using PHP’s unserialize().
How PHP’s type comparison features lead to vulnerabilities, and how to avoid them.
Achieving RCE with POP chain exploits.
How PHP’s unserialize() works, and why it leads to vulnerabilities.
A totally unscientific analysis of deserialization vulnerabilities found in the wild.
Intro to PHP object injection vulnerabilities.
How attackers exploit Java Deserialization to achieve Remote Code Execution
And maximize their impact while hunting for bugs.