Archive for Security Research

Breaking PHP’s Garbage Collection and Unserialize

Breaking PHP’s Garbage Collection and Unserialize

Posted On: July 25, 2016

Hey PHP, those variables look like garbage don’t you agree? No? Well look again…   tl;dr: We have [...]

Fuzzing Unserialize

Fuzzing Unserialize

Posted On: July 23, 2016

While auditing Pornhub we have stumbled across several pages where user input was evaluated by unserialize and the [...]