polyfill-unserialize icon indicating copy to clipboard operation
polyfill-unserialize copied to clipboard

Published 20 hours ago verified publisher icon dbrumann

Prevent circumvention via specially crafted serialized string

Open huncrys opened this issue 7 months ago • 0 comments

According to upstream sources a sign (+, -) is accepted before the length: https://github.com/php/php-src/blob/PHP-5.4.45/ext/standard/var_unserializer.re#L260-L266

So it is possible to circumvent the polyfill by manually adding it, i.e.:

O:9:"Exception" vs O:+9:"Exception"

huncrys avatar Mar 12 '25 15:03 huncrys