https://github.com/qeeqbox/insecure-deserialization
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
https://github.com/qeeqbox/insecure-deserialization
deserialization infosecsimplified insecure qeeqbox vulnerability
Last synced: 3 months ago
JSON representation
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
- Host: GitHub
- URL: https://github.com/qeeqbox/insecure-deserialization
- Owner: qeeqbox
- License: agpl-3.0
- Created: 2023-06-22T06:41:58.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-01-29T00:57:17.000Z (over 1 year ago)
- Last Synced: 2025-01-16T05:55:51.418Z (4 months ago)
- Topics: deserialization, infosecsimplified, insecure, qeeqbox, vulnerability
- Homepage:
- Size: 76.2 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A threat actor may tamper with a stream that gets deserialized on the target causing the target to access data or perform non-intended actions
## Example #1
1. An application sends serialized user's settings in a http request to backend api
2. A threat actor finds out how the serialization works, and inject malicious actions with settings
3. The backend api deserialize the request and perform threat actor's actions
## Code
#### Target-Logic
```php
username = 'Victim';
$user->admin = FALSE;
$Info = unserialize($user);
echo $Info->admin
?>
```
#### Target-In
```php
O:4:"Info":2:{s:8:"username";s:6:"Victim";s:5:"admin";b:1;}
```
#### Target-Out
```
Admin: True
```
## Impact
High
## Names
- Insecure deserialization
- Untrusted deserialization
## Risk
- Read & modify data
## Redemption
- Use pure data format
- Deserialize signed data only
## ID
a244242a-a9d5-47e0-9c01-86eecdf073ea
## References
- [Wikipedia](https://en.wikipedia.org/wiki/Serialization)