Insecure Deserialization

Lab: Arbitrary objection injection in PHP

When view the sitemap, we can see that there is a suspicious looking PHP file

After adding ~to the end of the path, we can see the source code of the PHP file. From there we can see the __deconstruct()function which will unlinkthe file.

Now, we will login to get the session cookie.

Next, we will replace the session cookie with this

O:14:"CustomTemplate":1:{s:14:"lock_file_path";s:23:"/home/carlos/morale.txt";}

PreviousWeb Cache Poisoning NextServer-side attacks

Last updated 10 months ago

hashtagLab: Arbitrary objection injection in PHP

Lab: Arbitrary objection injection in PHP