Insecure Deserialization
Last modified: 2023-02-17
Insecure Deserialization is the exploitation of vulnerabilities in the deserialization process of a computer system to execute unauthorized code, gain access to sensitive information, or perform other malicious actions.
PHP Gadget Chains
PHPGGC
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
phpggc -l
Ysoserial
Ysoserial is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.