{"id":11554,"date":"2021-01-14T09:42:05","date_gmt":"2021-01-14T09:42:05","guid":{"rendered":"http:\/\/blog.bachi.net\/?p=11554"},"modified":"2021-01-14T11:03:04","modified_gmt":"2021-01-14T11:03:04","slug":"php-7","status":"publish","type":"post","link":"https:\/\/blog.bachi.net\/?p=11554","title":{"rendered":"PHP 7"},"content":{"rendered":"<p><!-- --------------------------------------------------------------------------------------------------------------- --><\/p>\n<h3>Interactive<\/h3>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\r\n$ pkg install php73-readline\r\n\r\n$ php -a\r\nphp &gt;\r\n<\/pre>\n<p><!-- --------------------------------------------------------------------------------------------------------------- --><\/p>\n<h3>Composer<\/h3>\n<p><a href=\"https:\/\/packagist.org\/\">Packagist &#8211; The PHP Package Repository<\/a><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ curl -sS https:\/\/getcomposer.org\/installer | php\r\nSome settings on your machine make Composer unable to work properly.\r\nMake sure that you fix the issues listed below and run this script again:\r\n\r\nThe phar extension is missing.\r\nInstall it or recompile php without --disable-phar\r\n\r\nThe filter extension is missing.\r\nInstall it or recompile php without --disable-filter\r\n\r\n$ pkg install php73-phar\r\n$ pkg install php73-filter\r\n\r\n<\/pre>\n<h3>Serialization \/ Unserialization<\/h3>\n<ul>\n<li>Object Injection<\/li>\n<li>Pop Chains<\/li>\n<li>Object Relation Mapper<\/li>\n<li>LFI Scripts<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.youtube.com\/watch?v=HaW15aMzBUM\">Intro to PHP Deserialization \/ Object Injection<\/a><br \/>\n<a href=\"https:\/\/www.youtube.com\/watch?v=fHZKSCMWqF4\">Advanced PHP Deserialization &#8211; Phar Files<\/a><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n&lt;?php\r\n\r\nclass User {\r\n    \r\n    public $username;\r\n    public $isAdmin;\r\n\r\n    public function PrintData() {\r\n        if ($this-&gt;isAdmin) {\r\n            echo $this-&gt;username . &quot; is an admin\\n&quot;;\r\n        } else {\r\n            echo $this-&gt;username . &quot; is NOT an admin\\n&quot;;\r\n        }\r\n    }\r\n\r\n}\r\n\r\n$obj = new User();\r\n$obj-&gt;username = 'ippsec';\r\n$obj-&gt;isAdmin = True;\r\necho serialize($obj);\r\n\r\n?&gt;\r\n<\/pre>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nType:Length:Name of class\/variable:How many items in the object\r\nO:4:&quot;User&quot;:2:{s:8:&quot;username&quot;;s:6:&quot;ippsec&quot;;s:7:&quot;isAdmin&quot;;b:1;}\r\n\r\nType\r\nO = Object\r\ns = String\r\nb = Boolean\r\n<\/pre>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$obj = unserialize($_POST&#x5B;'ippsec']);\r\n$obj-&gt;PrintData();\r\n<\/pre>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n$ php -S 127.0.0.1:8070 &amp;\r\n&#x5B;1] 1245\r\n\r\nPHP 7.3.26 Development Server started at Thu Jan 14 11:56:06 2021\r\nListening on http:\/\/127.0.0.1:8070\r\nDocument root is \/usr\/home\/andreas\/composer\r\nPress Ctrl-C to quit.\r\n\r\n$ curl -XPOST -d 'ippsec=O:4:&quot;User&quot;:2:{s:8:&quot;username&quot;;s:6:&quot;ippsec&quot;;s:7:&quot;isAdmin&quot;;b:1;}' localhost:8070\/test.php\r\n&#x5B;Thu Jan 14 12:01:17 2021] 127.0.0.1:38066 &#x5B;200]: \/test.php\r\n\r\nippsec is an admin\r\n\r\n<\/pre>\n<p><!-- --------------------------------------------------------------------------------------------------------------- --><\/p>\n<h3>Local File Inclusion (LFI)<\/h3>\n<p><a href=\"https:\/\/medium.com\/@Aptive\/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601\">Local File Inclusion (LFI) \u2014 Web Application Penetration Testing<\/a><\/p>\n<blockquote><p>Local File Inclusion (LFI) allows an attacker to include files on a server through the web browser. This vulnerability exists when a web application includes a file without correctly sanitising the input, allowing and attacker to manipulate the input and inject path traversal characters and include other files from the web server.<\/p><\/blockquote>\n<p><!-- --------------------------------------------------------------------------------------------------------------- --><\/p>\n<h3>Object Relational Mapper (ORM)<\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Interactive $ pkg install php73-readline $ php -a php &gt; Composer Packagist &#8211; The PHP Package Repository $ curl -sS https:\/\/getcomposer.org\/installer | php Some settings on your machine make Composer unable to work properly. Make sure that you fix the issues listed below and run this script again: The phar extension is missing. Install it [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11554","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/11554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11554"}],"version-history":[{"count":16,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/11554\/revisions"}],"predecessor-version":[{"id":11570,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=\/wp\/v2\/posts\/11554\/revisions\/11570"}],"wp:attachment":[{"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bachi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}