From 70d0ae9ed629af2913a22bf1ade47fabf0fa8a2f Mon Sep 17 00:00:00 2001 From: Leon Gross Date: Fri, 25 Jun 2021 09:41:39 +0200 Subject: [PATCH 1/2] issue #286 --- Insecure Deserialization/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Insecure Deserialization/README.md b/Insecure Deserialization/README.md index 514fd13..14df571 100644 --- a/Insecure Deserialization/README.md +++ b/Insecure Deserialization/README.md @@ -24,7 +24,8 @@ Check the following sub-sections, located in other files : * [RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN - elttam, Luke Jahnke](https://www.elttam.com.au/blog/ruby-deserialization/) * [Java Deserialization in manager.paypal.com](http://artsploit.blogspot.hk/2016/01/paypal-rce.html) by Michael Stepankin * [Instagram's Million Dollar Bug](http://www.exfiltrated.com/research-Instagram-RCE.php) by Wesley Wineberg -* [(Ruby Cookie Deserialization RCE on facebooksearch.algolia.com](https://hackerone.com/reports/134321) by Michiel Prins (michiel) +* [Ruby Cookie Deserialization RCE on facebooksearch.algolia.com](https://hackerone.com/reports/134321) by Michiel Prins (michiel) * [Java deserialization](https://seanmelia.wordpress.com/2016/07/22/exploiting-java-deserialization-via-jboss/) by meals * [Diving into unserialize() - Sep 19- Vickie Li](https://medium.com/swlh/diving-into-unserialize-3586c1ec97e) * [.NET Gadgets](https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.pdf) by Alvaro Muñoz (@pwntester) & OleksandrMirosh +* [ExploitDB Introduction](https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf) \ No newline at end of file From 391755ec20a729acffa95d67f1db34edc43b7b69 Mon Sep 17 00:00:00 2001 From: Leon Gross Date: Fri, 25 Jun 2021 09:51:00 +0200 Subject: [PATCH 2/2] add new PHP deserialization resource --- Insecure Deserialization/PHP.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Insecure Deserialization/PHP.md b/Insecure Deserialization/PHP.md index 08e002e..06d466f 100644 --- a/Insecure Deserialization/PHP.md +++ b/Insecure Deserialization/PHP.md @@ -189,6 +189,7 @@ $poc->stopBuffering(); ## References * [PHP Object Injection - OWASP](https://www.owasp.org/index.php/PHP_Object_Injection) +* [Utilizing Code Reuse/ROP in PHP](https://owasp.org/www-pdf-archive/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) * [PHP unserialize](http://php.net/manual/en/function.unserialize.php) * [PHP Generic Gadget - ambionics security](https://www.ambionics.io/blog/php-generic-gadget-chains) * [POC2009 Shocking News in PHP Exploitation](https://www.owasp.org/images/f/f6/POC2009-ShockingNewsInPHPExploitation.pdf)