Insecure Deserialization 7
- Exploiting Ruby deserialization using a documented gadget chain
- Exploiting PHP deserialization with a pre-built gadget chain
- Exploiting Java deserialization with Apache Commons
- Arbitrary object injection in PHP
- Using application functionality to exploit insecure deserialization
- Modifying serialized objects
- Modifying serialized objects