Wrong unserialize input

This commit is contained in:
Giulio 2019-11-29 11:48:21 +01:00
parent dc9ec6c65e
commit 3060b81caa

View File

@ -318,10 +318,10 @@ Since I do not have access to the 8770 files and i can't test the upload code fo
* Multiple calls to unserialize on untrusted data: * Multiple calls to unserialize on untrusted data:
``` ```
unserialize(gzuncompress($MyG["themes"])); unserialize(gzuncompress($_COOKIE["themes"]));
unserialize(gzuncompress($_COOKIE["station"])); unserialize(gzuncompress($_COOKIE["station"]));
unserialize(gzuncompress($_COOKIE["cfilter"])); unserialize(gzuncompress($_COOKIE["cfilter"]));
unserialize(gzuncompress($MyG["bookmarks"])); unserialize(gzuncompress($_COOKIE["bookmarks"]));
``` ```
I did not find an exploitable chain but: all the PHP version shipped with this product have multiple unserialize CVE and I did not find a way but it is possible to play with the COM class. I did not find an exploitable chain but: all the PHP version shipped with this product have multiple unserialize CVE and I did not find a way but it is possible to play with the COM class.