Skip to content

Latest commit

 

History

History
19 lines (12 loc) · 793 Bytes

TaintedUnserialize.md

File metadata and controls

19 lines (12 loc) · 793 Bytes

TaintedUnserialize

Tainted input detected to an unserialize call.

Passing untrusted user input to unserialize calls is dangerous – from the PHP documentation on unserialize:

Do not pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Use a safe, standard data interchange format such as JSON (via json_decode() and json_encode()) if you need to pass serialized data to the user.

<?php

$command = $_GET["data"];

getObject($command);

function getObject(string $data) : object {
    return unserialize($data);
}