phpggc

1 article
Sort: New Top Best
clear filter
bug-bounty621 facebook427 xss316 google100 rce99 csrf60 microsoft56 web354 account-takeover53 writeup50 sqli41 apple38 ssrf34 cve33 exploit32 dos31 privilege-escalation28 defi28 cloudflare27 smart-contract-vulnerability25 idor24 subdomain-takeover24 smart-contract23 clickjacking23 ethereum23 vulnerability-disclosure21 access-control21 auth-bypass19 malware19 remote-code-execution18 lfi17 cors16 reverse-engineering15 race-condition15 cloud15 authentication-bypass14 solidity14 oauth12 info-disclosure12 aws12 browser11 phishing11 sql-injection11 delegatecall11 denial-of-service11 web-application-security10 web-security9 token-theft9 vulnerability9 responsible-disclosure9
0 7/10
Remote code execution through unsafe unserialize in PHP
tutorial

Technical guide explaining PHP object deserialization vulnerabilities via unserialize(), the gadget chain exploitation technique using phpggc tool, and a real-world case study of exploiting an ebooks webshop's PRODUCTHISTORY cookie containing serialized data.

php-unserialize remote-code-execution gadget-chains deserialization php-security object-injection vulnerability-exploitation cookie-manipulation phpggc monolog
phpggc Monolog Symfony Laravel Zend Framework Doctrine SyslogUdpHandler BufferHandler DateTime
sjoerdlangkemper.nl · kh4sh3i/bug-bounty-writeups · 4 hours ago · details