PHP Deseralziation
PHP Deserialization¶
PHP deseralization is triggered by the unseralize function. To exploit this you use Magic Methods that can get automatically executed during unseralizion. A great tool to generate payloads for this is PHPGGC.
This PHP Format is documented here.
Memcache¶
PHAR files¶
- Seralized Zip format
- easy to a ployglot
https://book.hacktricks.xyz/pentesting-web/file-inclusion/phar-deserialization
Try to exploit if know php and has a File Upload