Weaponizing Perl Serialization Flaws with Metasploit
This was definitely not your average talk for Houston.pm. John Lightsey described a few flaws in Perl serialization frameworks. Then, he explained how one of these flaws is actually exploitable in the MovableType blogging system.
He walked us through using the Metasploit framework to use this flaw to open a shell prompt on another machine. In this case, he was attacking a virtual machine on his own laptop, but the implication was clear.
We had 12 people attending this month. As always, we'd like to thank Hostgator, LLC for providing the meeting space and food for the group.