Archive for Tag Archives: 'use-after-free'

Breaking PHP’s Garbage Collection and Unserialize

Breaking PHP’s Garbage Collection and Unserialize

Posted On: July 25, 2016

Hey PHP, those variables look like garbage don’t you agree? No? Well look again…   tl;dr: We have [...]

How we broke PHP, hacked Pornhub and earned $20,000

How we broke PHP, hacked Pornhub and earned $20,000

Posted On: July 23, 2016

It all started by auditing Pornhub, then PHP and ended in breaking both…   tl;dr: We have gained [...]

Fuzzing Unserialize

Fuzzing Unserialize

Posted On: July 23, 2016

While auditing Pornhub we have stumbled across several pages where user input was evaluated by unserialize and the [...]