Insecure Deserialization - Harsh Dhamaniya

Insecure Deserialization Lab 6 : Exploiting PHP deserialization with a pre-built gadget chain

Harsh Dhamaniya
April 29, 2024
6 min read

Access Lab : https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-exploiting-php-deserialization-with-a-pre-built-gadget-chain Understanding the Concept What is PHP Generic Gadget Chains PHP Generic Gadget Chains are sets of exploit payloads crafted for PHP-based web applications vulnerable to insecure deserialization. These gadget chains utilize weaknesses in PHP’s serialization mechanism to manipulate the flow of data within the application, potentially leading to remote code execution […]

Insecure Deserialization Lab 5 : Exploiting Java deserialization with Apache Commons

Harsh Dhamaniya
April 29, 2024
9 min read

Access Lab : https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-exploiting-java-deserialization-with-apache-commons Understanding the Concept the concept of gadget chains plays a pivotal role in understanding and mitigating the risks associated with insecure deserialization vulnerabilities. To delve into this topic comprehensively, let’s break down the key components and implications of gadget chains. Understanding Insecure Deserialization: Deserialization is the process of converting data that […]

Insecure Deserialization Lab 4 : Arbitrary object injection in PHP

Harsh Dhamaniya
April 28, 2024
9 min read

Access Lab : https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-arbitrary-object-injection-in-php Understanding the Concept What are Magic Methods? Magic methods are special methods in object-oriented programming languages that are automatically invoked under specific circumstances without needing to be explicitly called by the programmer. These methods are indicated by double underscores (__) either as a prefix or surrounding the method name. Why are […]

Insecure Deserialization Lab 3 : Using application functionality to exploit insecure deserialization

Harsh Dhamaniya
April 27, 2024
2 min read

Access Lab : https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-using-application-functionality-to-exploit-insecure-deserialization Objective This lab uses a serialization-based session mechanism. A certain feature invokes a dangerous method on data provided in a serialized object. To solve the lab, edit the serialized object in the session cookie and use it to delete the morale.txt file from Carlos’s home directory. You can log in to […]

Insecure Deserialization Lab 2 : Modifying serialized data types (Privilege Escalation Technique using PHP Data Comparision Concept)

Harsh Dhamaniya
April 26, 2024
4 min read

Access Lab : https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-data-types Understanding the Concept In PHP, there’s a risky behavior involving the loose comparison operator (==) when dealing with different data types. Let’s break it down: Loose Comparison Oddity: When you compare an integer with a string using ==, PHP tries to turn the string into an integer. So, 5 == “5” […]

Insecure Deserialization Lab 1 : Modifying serialized objects (Privilege Escalation Technique)

Harsh Dhamaniya
April 26, 2024
2 min read

Access Lab : https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-objects Objective This lab utilizes a session mechanism based on serialization, which makes it vulnerable to privilege escalation. To complete the lab, modify the serialized object in the session cookie to exploit this vulnerability and obtain administrative privileges. Once you have these privileges, delete the user carlos. To log into your account, […]