Skip to content
attack.paths
Iniciar sesión
← LibraryTechnique entry
W-DESER-PHPExecution

Deserialization — PHP unserialize

unserialize() on user input — POP chains via __wakeup / __destruct lead to file_put_contents / system.

§ Where this technique fits

W-DESER-PHP is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.