Attack and defense world web advanced area unserialize3

subject

Related content

In fact, a deserialization article has been recorded before .

PHP Deserialization -(web_php_unserialize)

The topic of deserialization , It's more complicated than this .

Since I haven't practiced for a long time , And I saw this in the offensive and defensive world unserialize3 The subject of , Just review deserialization .

The problem solving steps

First new An object , And then serialize it , The code is as follows ：

The result of serialization is as follows ：

"xctf":1: There is only one attribute in the serialized object , If the string to be deserialized , The number of attributes does not conform to the actual , be __wakeup() invalid .

therefore , take "xctf":1: Change it to "xctf":2: Bypass __wakeup() .

The results of parameter transmission are as follows ：