Skip to main content

Your Wordpress site could be at risk

Using Wordpress for your website? Your site could be at risk.


The risk of unserializing attacker-controlled data in PHP has been well known since Stefan Essar first presented the issue in detail in 2009[1]. This topic is closely associated with similar vulnerabilities in other languages (see CWE-502[2] and CWE-915[3]). Recent years have also seen several vulnerabilities in the native code implementing unserialization (CVE-2017-12934, CVE-2017-12933, CVE-2017- 12932 et al.) further demonstrating the risk of exposing unserialization to attacker-controlled data. 

This paper will present a novel attack technique specific to PHP which can cause unserialization to occur in a variety of exploitation scenarios. The technique can be used when an XXE vulnerability occurs, as well as such circumstance that would typically be considered an SSRF vulnerability and in a number of other scenarios where the vulnerability would previously have been considered an information disclosure issue.



Popular posts from this blog

March Satellite List 250304

Ivy Stone Place Home of the FREE Worldwide Satellite List Free Satellite Lists Download the list now Feel free to download our Satellite / Transponder list, now in EPUB as well as PDF. EPUB greatly reduces the size of the file. This is a reference list (not to be loaded into any meter), download to your PC, laptop, smartphone, etc and carry this reference list with you. This list contains: C-band Ku-band Ka-band -  as a reminder, most meters, receivers, and LNBs in use will not do Ka band. Active and inactive transponders   Sat / TP List Details March 4, 2025 Satellites:  237 Transponders:  4798 DVB-S2:  3798 DVB-S:  991 Vertical Polarity:  2069 Horizontal Polarity:  1997 RH Polarity:  363 LH Polarity:  360 PDF Pages:  96 PDF Size:  295.4 kB EPUB Size:  39.5 kB Download the list Want to know when new Satellite lists are released? Sign up for one or more of our Newsletters. Ivy Stone Place   DMS International   Sa...
Read more

December Satellite List

Ivy Stone Place Home of the FREE Worldwide Satellite List Free Satellite Lists Download the list now Feel free to download our Satellite / Transponder list, now in EPUB as well as PDF. EPUB greatly reduces the size of the file. This is a reference list (not to be loaded into any meter), download to your PC, laptop, smartphone, etc and carry this reference list with you. This list contains: C-band Ku-band Ka-band -  as a reminder, most meters, receivers, and LNBs in use will not do Ka band. Active and inactive transponders   Sat / TP List Details December 1, 2024 Satellites:  240 Transponders:  6030 DVB-S2:  4734 DVB-S:  1296 Vertical Polarity:  2592 Horizontal Polarity:  2655 RH Polarity:  379 LH Polarity:  404 PDF Pages:  118 PDF Size:  340.4 kB EPUB Size:  46.5 kB Download the list Want to know when new Satellite lists are released? Sign up for one or more of our Newsletters. Ivy Stone Place   DMS International ...
Read more

Veterans Day 2024 free meals and discounts

Veteran Free Meals and Discounts To find the latest information on Veterans Day free meals and discounts, I recommend checking the following reliable sources: Military.com: This website provides a comprehensive list of Veterans Day restaurant deals and discounts, updated regularly. You can find it here:  https://www.military.com/veterans-day/restaurants-veterans-day-military-discounts.html Military Money: This website offers a Top 100 list of Veterans Day military deals and discounts for 2024, including free meals at various restaurants. You can find it here:  https://www.militarymoney.com/discounts/veterans-day-deals/ Veteran.com: This website has a dedicated page for Veterans Day discounts, sales, deals, and free meals. You can find it here:  https://veteran.com/veterans-day-discounts-sales-deals-free-meals/ The Military Wallet: This website provides a list of verified Veterans Day free meals and discounts in 2024, including details on specific restaurants and offers. Y...
Read more