Welcome back on Exploitnetworking! Today we’ll see an interesting writeup of 35c3ctf ctf for a challenge with an unserialize that permit you to obtain an object injection.

The challenge gave us the vulnerable source code:

Copy to Clipboard

From code we can see that for obtain the flag we need to trigger the __destruct function. Remember that this function will be performed at the end of the script or during a normal destruct of the object that can be happen later an error!

I have create a simple php script for create an array serialized:

Copy to Clipboard

that in output gave me the following result:

Copy to Clipboard

The unserialize of vulnerable code will take the array and deserialize it, the first thing that will unserialize will be the index zero, after that the index one and so on.

If we remove the last semicolon, the unserialize fails, performing the __destruct method on all unserialize objects created until that moment!

Copy to Clipboard
  • If you are interested in web security, read this book 🙂

Recent Tweets

For privacy reasons Twitter needs your permission to be loaded.
I Accept