PHP 5.2.1 unserialize() Information Leak Vulnerability
With PHP 5.2.1 the new S: data type was added to unserialize(). It is meant as compatibility layer for exchange of serialized data with future PHP 6. The data type itself is similar to the normal s: string data type with the exception that simple escaped bytes are supported. The following string is an example.
Quelle : MOPB-29-2007
HP 5.2.1 unserialize() Information Leak Vulnerability
With PHP 5.2.1 the new S: data type was added to unserialize(). It is meant as compatibility layer for exchange of serialized data with future PHP 6. The data type itself is similar to the normal s: string data type with the exception that simple escaped bytes are supported. The following string is an example.
Code:
S:10:"\55\44APXY"Quelle : MOPB-29-2007
HP 5.2.1 unserialize() Information Leak Vulnerability