PHP Object Serialization

Introduction

This post will give a basic explanation of PHP (de)serialization and how such mechanism will be exploited in PHP Object Injection (POI).
Continue reading “PHP Object Serialization”

Advertisements

Analysis on CVE-2017-16995

Introduction

In this post, I will give a detailed explanation on the exploit development of CVE-2017-16995. This post is based on [1][2][3] and give more debugging information for a better understanding. This post will be divided into 3 parts. Part I will discuss what is eBPF, the basic data structure used in eBPF and how the the eBPF program given in exploit in [1] should be interpreted. Part II will give the analysis on the root cause of this vulnerability. Part III will explain how the exploit is developed, from arbitrary read/write to privilege escalation. Continue reading “Analysis on CVE-2017-16995”