RSS09: Web Application Firewall Bypasses and PHP Exploits
November 28th, 2009 | by Stefan Esser |
At yesterday’s RSS09 conference I gave a slightly different version of my “Shocking News in PHP Exploitation” talk. This time I disclosed for the first time how unserializing user input in Zend Framework based applications can result in direct remote PHP code execution.
The topics of my talk were
- easy ways to bypass modsecurity and f5 big ip
- executing PHP code on Zend Framework based applications that unerialize user input
- how to still exploit PHP interruption vulnerabilities after recent fixes in PHP
You can grab my new slides here.