conference logo

Playlist "33C3: works for me"

Exploiting PHP7 unserialize

Yannay Livneh

PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions.
However, the language has gone through extensive changes and none of previous exploitation techniques are relevant.
In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and present re-usable primitives for remote exploitation of these vulnerabilities.