Firebird - PHP Deserialization

tags: [[CTF]] [[firebird training]] [[PHP]]

Firebird CTF - PHP Deserialization

New skills: Run php locally: php -S 127.0.0.1 with index.php

Solution:

  1. When user object get destruct, it prints out the content for farewell_file

  2. construct() is useless. It is not executed because we didn't call new User

  3. O:4:"User":2:{s:8:"username";s:6:"stanly";s:13:"farewell_file";s:8:"flag.php";}

  4. digits above means number of text characters

PreviousCTFNextFirebird - Escape Again

Last updated