Directory
1 Definition of serialization 2 . Serialize: Serialization 3 . Unserialize: Deserialization 4. Serialization and deserialization of security risks
1. Definition of serialization
Serialization usually has the following definitions in computer science:
12
There are several advantages of serialization
1 . A simple and durable way to keep objects going 2 3. A method of distributing objects, especially within software components such as COM and CORBA
Relevant Link:
http://zh.wikipedia.org/wiki/%e5%ba%8f%e5%88%97%e5%8c%96http:// Baike.baidu.com/view/160029.htm
2. Serialize: Serialization
Serialize: Produces a representation of a value that can be stored
Serialize () returns a string that contains a byte stream representing value that can be stored anywhere. This facilitates the storage or delivery of PHP values without losing their type and structure
Serialize () can handle any type except resource, including
1 . An array that points to its own reference 2 references in arrays/objects of. Serialize () will also be stored (the reference itself will also be serialized) 3.....
Essentially, the process of serialization is an "object (generalized object, including integer, float, string, array, Object)" for object destruction, and then converted to a generic intermediate stored string, throughout the serialization process, The declaration period of the object experience is as follows
1 . __sleep (): Get execute permission before executing object destruction 2. __destruct (): Perform the actual object destruction operation
Code
<?PHPclassConnection {var$protected _var; var$private _var; Publicfunction __construct ($server, $username, $password, $db) {echo"function __construct () is called"."</br>"; $ This->protected_var ="Protected_var"; $ This->private_var ="Private_var"; } function __destruct () {echo"function __destruct () is called"."</br>"; } Publicfunction __sleep () {echo"function __sleep () is called"."</br>"; } Publicfunction __wakeup () {echo"function __wakeup () is called"."</br>"; } } //Initialize a var$obj =NewConnection (); //Var_dump ($obj);$result=serialize ($obj); //Var_dump ($result);unserialize ($result);?>
Relevant Link:
http://php.net/manual/zh/function.serialize.phphttp://php.net/manual/zh/ Language.oop5.magic.php#object.wakeuphttp://php.net/manual/zh/language.oop5.decon.php
3. Unserialize: Deserialization
To create a PHP value from a stored representation
Unserialize () operates on a single serialized variable and converts it back to the value of PHP
In deserialization, the object declaration period that is experienced is
1 . __construct (): Perform object registration, including registration of members in Objects 2. __wakeup: Get execute permission after the constructor executes
Relevant Link:
http://php.net/manual/zh/function.unserialize.php
4. Serialization and deserialization of security risks
0x1: Object Injection
<?php #GOAL:GetThe secret; classJust4Fun {var$enter; var$secret; } if(Isset ($_get['Pass']) {$pass= $_get['Pass']; if(GET_MAGIC_QUOTES_GPC ()) {$pass=stripslashes ($pass); } $o=unserialize ($pass); if($o) {$o->secret ="?????????????????????????????"; if($o->secret = = = $oEnter) echo"congratulation! Here is my secret:". $osecret; ElseEcho"Oh No ... You can ' t fool me"; } ElseEcho"Is you trolling?"; }?>
Serialize a Just4Fun object that is referenced before serialization is assigned
$o->enter = & $o->secret
0x2:php Session serialization and deserialization processor
http://drops.wooyun.org/tips/3909
0x3: Webshell hiding techniques based on serialization and deserialization
http://www.cnblogs.com/LittleHann/p/3522990.html search:0x22
Relevant Link:
http://drops.wooyun.org/papers/660
Copyright (c) Littlehann All rights reserved
PHP Serialize && unserialize Security Risk (undone)