# phpcodz **Repository Path**: csharphpython/phpcodz ## Basic Information - **Project Name**: phpcodz - **Description**: Php Codz Hacking - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-07-17 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # phpcodz Php Codz Hacking (http://www.80vul.com/pch/) ### What is PHP? > PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. After that, check out the online manual, and the example archive sites and some of the other resources available in the links section. ### About PCH[Php Codz Hacking] > 本项目主要是在php源代码的基础上去分析容易导致php应用程序的一些安全问题的根本所在,指导我们发现更加多的关于php的一些'特性'或漏洞. ### Research | Item | Title | | :-------- | :--------| | PCH-034 | [Yet Another Use After Free Vulnerability in unserialize() with SplDoublyLinkedList](https://github.com/80vul/phpcodz/blob/master/research/pch-034.md) | | PCH-033 | [Yet Another Use After Free Vulnerability in unserialize() with SplObjectStorage](https://github.com/80vul/phpcodz/blob/master/research/pch-033.md) | | PCH-032 | [Use After Free Vulnerability in unserialize() with GMP](https://github.com/80vul/phpcodz/blob/master/research/pch-032.md) | | PCH-031 | [Use After Free Vulnerabilities in Session Deserializer](https://github.com/80vul/phpcodz/blob/master/research/pch-031.md) | | PCH-030 | [Use After Free Vulnerabilities in unserialize()](https://github.com/80vul/phpcodz/blob/master/research/pch-030.md) | | PCH-029 | [Use After Free Vulnerability in unserialize() with SplDoublyLinkedList](https://github.com/80vul/phpcodz/blob/master/research/pch-029.md) | | PCH-028 | [Use After Free Vulnerability in unserialize() with SplObjectStorage](https://github.com/80vul/phpcodz/blob/master/research/pch-028.md) | | PCH-027 | [Use After Free Vulnerability in unserialize() with SPL ArrayObject](https://github.com/80vul/phpcodz/blob/master/research/pch-027.md) | | PCH-026 | [Type Confusion Infoleak and Heap Overflow Vulnerability in unserialize() with exception {CVE-2015-4603}](https://github.com/80vul/phpcodz/blob/master/research/pch-026.md) | | PCH-025 | [Type Confusion Infoleak Vulnerability in unserialize() with SoapFault {CVE-2015-4599}](https://github.com/80vul/phpcodz/blob/master/research/pch-025.md) | | PCH-024 | [Type Confusion Infoleak Vulnerabilities in SoapClient {CVE-2015-4600}](https://github.com/80vul/phpcodz/blob/master/research/pch-024.md) | | PCH-023 | [Type Confusion Vulnerability in SoapClient {CVE-2015-4600}](https://github.com/80vul/phpcodz/blob/master/research/pch-023.md)| | PCH-022 | [Use After Free Vulnerability in unserialize() with DateInterval](https://github.com/80vul/phpcodz/blob/master/research/pch-022.md) | | PCH-021 | [Use After Free Vulnerability in unserialize() {CVE-2015-2787}](https://github.com/80vul/phpcodz/blob/master/research/pch-021.md) | | PCH-020 | [Use After Free Vulnerability in unserialize() with DateTime* {CVE-2015-0273}](https://github.com/80vul/phpcodz/blob/master/research/pch-020.md) | | PCH-019 | [Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone](https://github.com/80vul/phpcodz/blob/master/research/pch-019.md) | | PCH-018 | [PHP 脚本多字节字符解析模式带来的安全隐患](https://github.com/80vul/phpcodz/blob/master/research/pch-018.md) | | PCH-017 | [About PHP's unserialize() Function Use-After-Free Vulnerability](https://github.com/80vul/phpcodz/blob/master/research/pch-017.md) | | PCH-016 | [XSS via Error Reporting Notices in HHVM's unserialize() Function](https://github.com/80vul/phpcodz/blob/master/research/pch-016.md) | | PCH-015 | [Code Injection Vul via unserialize() & var_export() Function...](https://github.com/80vul/phpcodz/blob/master/research/pch-015.md) | | PCH-014 | [PHP WDDX Serializier Data Injection Vulnerability](https://github.com/80vul/phpcodz/blob/master/research/pch-014.md) | | PCH-013 | [PHP Session 序列化及反序列化处理器设置使用不当带来的安全隐患](https://github.com/80vul/phpcodz/blob/master/research/pch-013.md) | | PCH-012 | [New feature of double-quoted string's complex-curly syntax](https://github.com/80vul/phpcodz/blob/master/research/pch-012.md) | | PCH-011 | [Destructor in PHP](https://github.com/80vul/phpcodz/blob/master/research/pch-011.md) | | PCH-010 | [PHP string序列化与反序列化语法解析不一致带来的安全隐患](https://github.com/80vul/phpcodz/blob/master/research/pch-010.md) | | PCH-009 | [Security risk of php string offset](https://github.com/80vul/phpcodz/blob/master/research/pch-009.md) | | PCH-008 | [parse_str的变量初始化问题](https://github.com/80vul/phpcodz/blob/master/research/pch-008.md) | | PCH-007 | [New Includes Function -- spl_autoload()](https://github.com/80vul/phpcodz/blob/master/research/pch-007.md) | | PCH-006 | [安全模式下exec等函数安全隐患[updata:2009-6-19]](https://github.com/80vul/phpcodz/blob/master/research/pch-006.md) | | PCH-005 | [当magic_quotes_gpc=off](https://github.com/80vul/phpcodz/blob/master/research/pch-005.md) | | PCH-004 | [关于magic_quotes_sybase](https://github.com/80vul/phpcodz/blob/master/research/pch-004.md) | | PCH-003 | [mb_ereg(i)_replace()代码注射漏洞及其延伸出的正则应用安全问题](https://github.com/80vul/phpcodz/blob/master/research/pch-003.md) | | PCH-002 | [preg_match(_all)的变量初始化问题](https://github.com/80vul/phpcodz/blob/master/research/pch-002.md) | | PCH-001 | [intval()使用不当导致安全漏洞](https://github.com/80vul/phpcodz/blob/master/research/pch-001.md) |