← LibraryTechnique entry
W-DESER-PHPExecution
Deserialization — PHP unserialize
unserialize() on user input — POP chains via __wakeup / __destruct lead to file_put_contents / system.
§ Where this technique fits
W-DESER-PHP is catalogued under the Execution tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.