PHP Magic Methods
Magic methods that can be used to kick start your RCE chain.
Recent posts
Escalating PHP Deserialization
Don’t despair when you can’t RCE. How to achieve authentication bypass and SQL injection using PHP’s unserialize().
PHP Type Juggling Vulnerabilities
How PHP’s type comparison features lead to vulnerabilities, and how to avoid them.
PHP Pop Chains
Achieving RCE with POP chain exploits.
Diving into unserialize()
How PHP’s unserialize() works, and why it leads to vulnerabilities.
Deserialization Bugs In The Wild
A totally unscientific analysis of deserialization vulnerabilities found in the wild.
Exploiting PHP Deserialization
Intro to PHP object injection vulnerabilities.
Hacking Java Deserialization
How attackers exploit Java Deserialization to achieve Remote Code Execution