This extension adds an active scan check to find PHP object injection vulnerabilities.
It passes a serialized PDO object in each insertion point. If PHP
tries to unserialize this object a fatal exception is thrown triggered in the
object's __wakeup() method (ext/pdo/pdo_dbh.c).
| Author | Securify |
|---|---|
| Version | 1.1 |
| Rating | |
| Popularity | |
| Last updated | 01 June 2018 |
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
| You can view the source code for this BApp by visiting our GitHub page. | |
| Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.