php

In this blog, we will cover on php template using Twig and how SSTI works. We will go deep dive on every single version of Twig to understand how researcher craft their payload to get RCE, arbitrary file read and etc.

This problem occurs when user input is passed directly to unserialize() function. We will learn how to invoke deserialization without using unserialize() function.

Create obfuscated webshell using emoji in php.