Confidence - (28-29.05 2013 Krakow)
Język: polski | english

Arseny Reutov

Arseny Reutov

Arseny Reutov Web application security researcher, various bug bounty participator, CTFs lover, author in Russian hacker magazine “Xakep”. Was a speaker at ZeroNights 2012 (http://zeronights.ru), took part in PHDays 2012 (http://phdays.com), listed in Top Ten Web Hacking Techniques of 2012 with a collaborative research regarding bruteforce of PHPSESSID.

Temat prezentacji:
PHP Object Injection revisted

Język prezentacji:
Angielski

Abstrakt:
The topic will cover new attack vectors regarding unserialiazation of user-supplied data due to vulnerabilities in PHP’s builtin classes. Universal XSS, local file read, open_basedir bypass, examples of vulnerable web applications including demo attack on latest vBulletin, Smarty and others.