Drupal Coder Module – Unauth RCE – SA-CONTRIB-2016-039

Note: This is an old write-up from 2016 but I was prompted to resurrect it after my tweet about it was recently retweeted. I do think it’s a good example…

Advertisements

POPping WordPress

Fun with PHP deserialization and some accidental WordPress bugs. A few months ago I was putting together a blog post on PHP deserialization vulnerabilities. I decided to look for a…