::: left till the conference

PD%00

11:25
20 min
Web Village

Miss the days when you could achieve LFI with a zero-byte? Have you already suppressed your desire to insert null-bytes at the end of all parameters? Have you removed the null-byte from your fuzz lists? Shame. We will tell you how some PDO drivers handle null bytes and what it may lead to.

Speakers
Pavel Sorokin

Pentester

Share
Other Reports
Web Village
Vulnerabilities of dApps
Defensive Track
The invisible hand of AppSec in release builds
Main Stage
Exploring the Galaxy. Building emulators to find vulnerabilities in modern phones
Up