From 7b22756571f4bfc5283f784a072bc7a3af57090b Mon Sep 17 00:00:00 2001 From: xanhacks Date: Wed, 13 Dec 2023 12:54:24 +0100 Subject: [PATCH] add unserialize flow --- content/en/docs/getting-started/vulnerability-reports.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/en/docs/getting-started/vulnerability-reports.md b/content/en/docs/getting-started/vulnerability-reports.md index 9b8f8d5..60f2fc7 100644 --- a/content/en/docs/getting-started/vulnerability-reports.md +++ b/content/en/docs/getting-started/vulnerability-reports.md @@ -54,6 +54,11 @@ toc: true - [Article - PHP filter chains: file read from error-based oracle](https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle) - [Github - synacktiv/php_filter_chains_oracle_exploit](https://github.com/synacktiv/php_filter_chains_oracle_exploit) +## Insecure Deserialization + +- [Article - Finding PHP Serialization Gadget Chain in PHP](https://www.xanhacks.xyz/p/php-gadget-chain/) +- [Article - Gadgets chain in Wordpress](https://fenrisk.com/publications/blogpost/2023/11/22/gadgets-chain-in-wordpress/) + ## XXE - [CTF - Client-Side XXE to exfiltrate a page](https://github.com/dicegang/dicectf-2023-challenges/tree/main/web/impossible-xss) @@ -83,4 +88,4 @@ toc: true - [Article - Detecting uBlock on Chrome Browser](https://blog.ankursundara.com/checking-enumerating-a-users-browser-extensions/) - [Article - Exploitation of iCalendar standard](https://spaceraccoon.dev/exploiting-icalendar-properties-enterprise-applications/) -- [Article - Uncovering Flaws in Open-Source Vulnerability Disclosures](https://blog.aquasec.com/50-shades-of-vulnerabilities-uncovering-flaws-in-open-source-vulnerability-disclosures) \ No newline at end of file +- [Article - Uncovering Flaws in Open-Source Vulnerability Disclosures](https://blog.aquasec.com/50-shades-of-vulnerabilities-uncovering-flaws-in-open-source-vulnerability-disclosures)