SANS Penetration Testing: Daily Archives: Dec 18, 2014

PHP Weak Typing Woes — With Some Pontification about Code and Pen Testing

By Josh Wright The other day I was reading Jos Wetzels' post on the Full Disclosure mailing list regarding a vulnerability in the open source social networking kit HumHub. One of the issues he pointed out was a PHP 'type juggling' attack where an attacker can force a password reset against HumHub for a user … Continue reading PHP Weak Typing Woes — With Some Pontification about Code and Pen Testing