So I came across with this authentication bypass security notice and the fix for it was just simply changing all serialization to json encoding.
I am just wondering how this really is exploitable? I know that unserialize() can be used to perform object injection. But how can it be used to exploit this vulnerability be used to bypass authentication?
Aucun commentaire:
Enregistrer un commentaire