icon

Insecure Deserialization

Last modified: 2023-02-17

Insecure Deserialization is the exploitation of vulnerabilities in the deserialization process of a computer system to execute unauthorized code, gain access to sensitive information, or perform other malicious actions.

PHP Gadget Chains

PHPGGC

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

phpggc -l

Ysoserial

Ysoserial is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.