Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:105271 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 43032 invoked from network); 14 Apr 2019 18:11:23 -0000 Received: from unknown (HELO mail-vk1-f173.google.com) (209.85.221.173) by pb1.pair.com with SMTP; 14 Apr 2019 18:11:23 -0000 Received: by mail-vk1-f173.google.com with SMTP id w140so3125767vkd.3 for ; Sun, 14 Apr 2019 08:09:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=3JsgsDRQwCsjsBkiC0eVC8qFKoJ3Uak5gGi8qM2bkMw=; b=hnRjoEWBic5QYffku2gdWF9A5/oewERkY4egisjkRhgDiHA4ip4oK9ntjxuitS66Pp bzeU4MbojFceH4+ncbwumq6MU9kk68I3dr6d7Q+2xxl//BhMjuefrSvfuqIbgDdr6GeP HiRpXHmHG6MqKAyeaOVvtZuI5jLZLFqAk1bKZqnnwkr0KClvINAzZYUiP6cyurVabrkW bGeA6ah8R7xA0Ke7shprFXHTQMZ47pdAgx5E5DQBKtGgP2h/S3htOhgd9cOD2zLYe/v6 mYNazOAMHfFKP+Bbci0N//Ppq+UFs+lWBuPp0K2TLmheK2bcFuw5bdSb75VM6biYAmIG 5RNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=3JsgsDRQwCsjsBkiC0eVC8qFKoJ3Uak5gGi8qM2bkMw=; b=qVvmLFzIPjv9SHNRCaEN5b9zyeai+mVw8WYOSojRdKve/pYEkW7J8DxgYtaX//1tMK c0tNViQPCcOFzDz0xhma2w8mrSMS6rgWGc+Riqzi5XQGEfsgPV/bs7vb9P/dPfK5yNS/ mMZEESdNdVs94IpInLpTTyHL+O8/BWVGE8iFEpj8LTO/ZTI55WcsyKmUClDfbXzUmQld UzLLTPyRa83wktgJprx7d8PUvMCQ/2bOgJ/MGp6jAP67h/cbt6zIl1AnH+DR3z/yMPB5 YEdMH/Vr3WuZ+U0jbh9HIsp+u4sbrMPYbdBSLQhFC5fAOCsHHBwCl1CIbIdiRTGPtPhZ DM2A== X-Gm-Message-State: APjAAAVldeQ5eHnS1cPGSwRmtiZ2FIeDMgVQN9VWLA+ragX4iEyq6f8r F5j6gJBp9Bg0R8urAuctiwUQ4pvzWf9xu9NUTzkT4w== X-Google-Smtp-Source: APXvYqw8vMAwo9h4Z2jxhCJQSlhVFIiupH+j6SYJyvxaU+JCRndgNRijudnIx4sZ7PeVekyv5ILVO3Ryo25cWp/Zh84= X-Received: by 2002:a1f:264b:: with SMTP id m72mr26661961vkm.43.1555254572778; Sun, 14 Apr 2019 08:09:32 -0700 (PDT) MIME-Version: 1.0 Date: Sun, 14 Apr 2019 10:09:20 -0500 Message-ID: To: PHP Internals Content-Type: multipart/alternative; boundary="000000000000588a4905867eecee" Subject: PHP deserialization techniques offer rich pickings for security researchers From: xwisdom@gmail.com (Raymond Irving) --000000000000588a4905867eecee Content-Type: text/plain; charset="UTF-8" Hello Team, I came across this article which highlights a few issues with PHP deserialization techniques: https://portswigger.net/daily-swig/phar-out-php-deserialization-techniques-offer-rich-pickings-for-security-researchers --000000000000588a4905867eecee--