|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2017-07-31 12:46 UTC] zeev@php.net
[2017-08-02 17:23 UTC] cmb@php.net
-Type: Security
+Type: Bug
[2020-12-05 16:20 UTC] cmb@php.net
[2020-12-05 16:20 UTC] cmb@php.net
-Status: Open
+Status: Not a bug
-Assigned To:
+Assigned To: cmb
[2020-12-05 16:20 UTC] cmb@php.net
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 13:01:31 2024 UTC |
Description: ------------ Create an Unexpected Object in During WDDX Deserialization In During WDDX Deserialization, an unexpected object can be created via the crafted wddx pockets, and bypass __wakeup() method PoC: ``` class obj { function __wakeup() { var_dump('hi'); } } $wddx = <<<EOT <?xml version='1.0'?> <wddxPacket version='1.0'> <header/> <data> <struct> <var name='php_class_name'> <string>obj</string> </var> <var name='prop'> <string>ryat</string> </var> EOT; var_dump(wddx_deserialize($wddx)); ```