Elasticsearch is a state-of-the-art full-text search engine you might want to use in your next project. It is based on a NoSQL-like document store and optimized for amazingly fast search queries. A powerful API enables features like fuzzy matching (find ‘Toronto’ when searching for ‘Torronto’), stemming (find ‘race’ when searching for ‘racing’) and n-grams (find ‘spaghetti’ with ‘ghett’). In this article, I will show you how to set up an Elasticsearch instance using Docker and PHP and how to easily ...
In August 2018, Sam Thomas discovered a new way to attack PHP applications. This exploitation works by causing the application to unserialize a data structure controlled by the attacker and leads to the execution of arbitrary code on the attacked system. Specifically, this attacks utilizes the phar:// stream wrapper which allows access to Phar application archives. The underlying problem is that PHP unserializes a Phar archive once it is first accessed by a file operation (e.g., file_exists()). In this post, ...