Home - tom.vg

Popular pages

• Home - tom.vg

  Home 18 August 2016 At the Black Hat USA 2016 conference, we presented “HEIST”. In a nutshell, HEIST is a set of techniques that exploit timing side-channels in the browser to determine the exact size...

• WordPress < 3.6.1 PHP Object Injection - tom.vg

  11 September 2013 After reading a blog post about a “PHP object injection” vulnerability in Joomla, I dug a bit deeper and found Stefan Esser’s slides of the 2010 BlackHat conference, which showed tha...

• Academic - tom.vg

  Academic Tom Van Goethem, Davy Preuveneers, Andrzej Duda, Wouter Joosen, Maciej Korczyński 27th Annual Network and Distributed System Security Symposium (NDSS), 2020. A Practical Approach for Taking D...

• Tagged MySQL - tom.vg

  unserialize() function can give rise to vulnerabilities when supplied user-generated content. So basically, the unserialize() function takes a string that represents a serialized value, and unseriali...

• Tagged Exploit - VaGoSec

  Some time ago, I published a blog post describing a PHP Object Injection vulnerability I found in WordPress. At that time, I consciously did not include instructions of how this vulnerability could be...

• Remote Code Execution exploit in WordPress 3.5.1 - tom.vg

  9 December 2013 Some time ago, I published a blog post describing a PHP Object Injection vulnerability I found in WordPress. At that time, I consciously did not include instructions of how this vulner...