use-after-free Archives

Breaking PHP’s Garbage Collection and Unserialize

July 25, 2016

Hey PHP, those variables look like garbage don’t you agree? No? Well look again… tl;dr: We have found two use-after-free vulnerabilities in...

Bug Bounties

How we broke PHP, hacked Pornhub and earned $20,000

July 23, 2016

Ruslan Habalov

34 Comments

It all started by auditing Pornhub, then PHP and ended in breaking both… tl;dr: We have gained remote code execution on pornhub.com and have earned a...

Security Research

Fuzzing Unserialize

July 23, 2016

Dario Weißer

7 Comments

While auditing Pornhub we have stumbled across several pages where user input was evaluated by unserialize and the result was reflected back to the page. After...

Tag - use-after-free

Breaking PHP’s Garbage Collection and Unserialize

How we broke PHP, hacked Pornhub and earned $20,000

Fuzzing Unserialize

Recent Comments