In a hurry to share PHP common class for deserialization vulnerabilities.
It's FileCookieJar class of Guzzle project.
Look at its destructor https://github.com/guzzle/guzzle/blob/master/src/Cookie/FileCookieJar.php#L37-L61:
It's easy.
It's FileCookieJar class of Guzzle project.
Look at its destructor https://github.com/guzzle/guzzle/blob/master/src/Cookie/FileCookieJar.php#L37-L61:
<?Who can construct valid exploit without hints? ;)
publicfunction__destruct()
{
$this->save($this->filename);
}
/**
* Saves the cookies to a file.
*
* @param string $filename File to save
* @throws \RuntimeException if the file cannot be found or created
*/
publicfunctionsave($filename)
{
$json= [];
foreach ($thisas$cookie) {
/** @var SetCookie $cookie */
if (CookieJar::shouldPersist($cookie, $this->storeSessionCookies)) {
$json[] =$cookie->toArray();
}
}
if (false===file_put_contents($filename, json_encode($json))) {
thrownew \RuntimeException("Unable to save file {$filename}");
}
}
?>
It's easy.
