Insecure Deserialization

Last modified: 2023-02-17


Insecure Deserialization is the exploitation of vulnerabilities in the deserialization process of a computer system to execute unauthorized code, gain access to sensitive information, or perform other malicious actions.

PHP Gadget Chains


PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

phpggc -l


Ysoserial is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.