webmedium

POP Restaurant

hackthebox

Task: Achieve RCE on a PHP food ordering application. Solution: Exploit unserialize() on user-controlled POST data by crafting a POP chain: Pizza.__destruct() triggers Spaghetti.__get() triggers IceCream.__invoke() triggers ArrayHelpers.current() which calls call_user_func("system", command) for arbitrary command execution.

$ ls tags/ techniques/
sqlitercephpapacheobject_injectionunserializepop_chainmagic_methodsphp7
php_object_injectionpop_chaininsecure_deserializationcall_user_func_rce
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]