• Expert Lab: Developing a custom gadget chain for PHP deserialization

  blog Web Application Security Web Security Academy Expert Labs Insecure Deserialization Remote Code Execution Gadget Chains PHP
  18 Jan 2023

  

  Lab Link Lab: Developing a custom gadget chain for PHP deserialization Lab Description This lab uses a serialization-based session mechanism. By deploying a custom gadget chain, you can exploit its insecure deserialization to achieve remote code execution. To solve the lab, delete the morale.txt file from Carlos’s home directory. You...

• Insecure Deserialization - How to trace down a gadget chain - Other examples in Ruby

  links Web Application Security Web Security Academy Labs Insecure Deserialization Remote Code Execution Gadget Chains Ruby
  25 Dec 2022

  

  These are some Ruby examples equivalents of my previous post(about gadget chains in PHP), that show the process of finding gadget chains in Ruby programming language; also as mentioned in one of these articles, there may still be some undiscovered gadget chains for cybersecurity researchers to find. Also there is...

• Insecure Deserialization - How to trace down a gadget chain

  links Web Application Security Insecure Deserialization Remote Code Execution Gadget Chains PHP
  23 Dec 2022

  

  This article explains clearly the process of finding a sample gadget chain and then writing a small code to build the payload for insecure deserialization exploitation in cases where there are no existing pre-built gadget chains. External Links Insecure Deserialization - How to trace down a gadget chain References Icon...