Flash sandbox bypass: local data exfiltration

CVE-2016-4271 – Flash sandbox bypass: local data exfiltration End of the love story between flash and local files 13 September 2016, Adobe kills the local-with-filesystem sandbox Like a lot of love stories, the one between Flash and local files is over. Local-with-filesystem sandbox has today, after a decade, been killed by Adobe, making (almost) obsolete […]

PHP Object Injection: getting dirty with SOAP

PHP Object Injection: getting dirty with SOAP Lately I have been spending some time digging into PHP, especially focusing on issues which could be used in Object Injection contexts; more specifically,for my research, I chose to target the SoapClient built-in class since it already had a past in terms of interesting findings. For the TL;DR guys: […]