The Startup
Published in

The Startup

Diving into unserialize(): Magic Methods

Magic methods that can be used to kick start your RCE chain

Photo by Almos Bechtold on Unsplash

Previously, we talked about how PHP’s unserialize leads to vulnerabilities, and how an attacker can utilize it to achieve RCE.




Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +756K followers.

Recommended from Medium

!P.D.F D.o.w.n.l.o.a.d Nim in Action Full PDF Online

Using AWS X-Ray with JavaScript Lambda

Leadership experience

Enable PrestoSQL/Trino Password File Authentication

LSP Reward Report — March 2022

Using Google Calendar and Spreadsheet API for billing automation — part II

Kubernetes Gateway API — Evolution of Service Networking

Flutter — GetX (Powerful State Management)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vickie Li

Vickie Li

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics.

More from Medium

Scanning All The Things with ProjectDiscovery’s Nuclei

Hacking with Rake

Cansina — Open Source Hidden Content Discovery Tool on Linux

HTTP Header Injection