pwnypack.php
– PHP related functions¶
-
pwnypack.php.
php_serialize
(value)¶ Serialize a value for use with PHP’s deserialize() function. This function can serialize bytes, strings, integers, floats, booleans, None, lists, dicts and custom objects implementing __php__().
Parameters: value – The value to serialize. Returns: The serialized form of value ready to be unserialized by PHP. Return type: bytes Example
>>> from pwny import * >>> php_serialize([b'foo', u'bar', 42, 2.5, True, None, {'a': 'b'}]) b'a:7:{i:0;s:3:"foo";i:1;s:3:"bar";i:2;i:42;i:3;d:2.5;i:4;b:1;i:5;N;i:6;a:1:{s:1:"a";s:1:"b";}}'
-
class
pwnypack.php.
PhpObject
(class_name, properties=None)¶ Bases:
object
Helper class to represent PHP objects for serialization using
php_serialize()
.Instances of this class act like a dictionary of properties that should be set on the deserialized PHP instance. You can prefix the property names with
'public '
,'protected '
or'private '
to ensure the correct instance variables are set.Parameters: - class_name (str) – The name of the PHP class to use when deserializing.
- properties (dict) – The properties to deserialize in this instance.
Example
>>> from pwny import * >>> o = PhpObject('Foo\Bar', {'protected fg': '#000000'}) >>> php_serialize(o) b'O:7:"Foo\Bar":1:{s:5:"\x00*\x00fg";s:7:"#000000";}'