Writeups for CTF and OSCP Boxes
  • CTF
    • Firebird - PHP Deserialization
    • Firebird - Escape Again
    • Firebird - Secret Code
    • Firebird - M$Office Meta Reader
    • Firebird - Office Meta Reader 2
  • HackTheBox
    • Shocker
    • Optimum
    • Devel
    • Beep
  • VulnHub
Powered by GitBook
On this page
  1. CTF

Firebird - PHP Deserialization

PreviousCTFNextFirebird - Escape Again

Last updated 2 years ago

tags: [[CTF]] [[firebird training]] [[PHP]]

Firebird CTF - PHP Deserialization

New skills: Run php locally: php -S 127.0.0.1 with index.php

Solution:

  1. When user object get destruct, it prints out the content for farewell_file

  2. construct() is useless. It is not executed because we didn't call new User

  3. O:4:"User":2:{s:8:"username";s:6:"stanly";s:13:"farewell_file";s:8:"flag.php";}

  4. digits above means number of text characters