Link to this headingPHP Deserialization
PHP deseralization is triggered by the unseralize function. To exploit this you use Magic Methods that can get automatically executed during unseralizion. A great tool to generate payloads for this is PHPGGC.
This PHP Format is documented here.
Link to this headingMemcache
Link to this headingPHAR files
- Seralized Zip format
- easy to a ployglot
https://book.hacktricks.xyz/pentesting-web/file-inclusion/phar-deserialization
Try to exploit if know php and has a File Upload