1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

PHP Object Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
PHP

Target Type:
Web Application

Affected Mechanisms:
Input Validation

Invented In:
30/05/2013

Added In:
11/01/2015


Vector Operation Method:
Malicious inputs can affect and manipulate insecure PHP unserialize server-side methods


Direct Variant:

PHP Object Injection

Variant Title:
PHP Object Injection

Typical Severity:
Critical

Resources:

OWASP Attacks

Other I

Other II

White Papers:

Paper I

Paper II

Paper II

Learn More:



Persistent Variant:

Stored PHP Object Injection

Also Known As:
Persistent PHP Object Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

PHP Object Injection via Session Puzzling

Also Known As:
Session PHP Object Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:




TECAPI ©

Join