Page tree
Skip to end of metadata
Go to start of metadata

Security Assessment


Risk Probability Impact
8.1 2.2 5.9

CSVV Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:N/MAC:H/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H



Vulnerability Information

Insecure Deserialization is an attack where a manipulated object is injected into the context of the web application. If the application is vulnerable, the object is deserialized and executed, which can result in SQL Injection, Path Traversal, Application Denial of Service and Remote Code Execution.



Guides

In order to protect your web application from this type of vulnerability, you should never pass a serialized object, which can be manipulated by the user, to the deserialize function. Instead of unserialize you could use a secure data interchange like JSON if you need to pass serialized data between the user and the web application.

As an Example how a serialized PHP object looks like, see the code block below:

Serialized PHP Object
O:9:"SomeClass":2:{s:20:"%00SomeClass%00file_name";N;s:16:"%00SomeClass%00value";N;}

The insecure deserialization vulnerability could be triggered if a untrusted user is able to manipulate the object and can send it directly to the PHP unserialized function.


Table of Contents

Further Reading

PHP-Security regarding the unserialize function

PHP Object Injection

Contribute

You are facing an issue that is not covered in our guides, we are happy to include solutions here. Please send us an e-mail to support@crashtest-security.com.



Crashtest Security

Crashtest Security is a Munich, Germany based start-up that redefines web application vulnerability scans.  The Crashtest Security Suite is differentiating itself as a fully automated vulnerability scanner enhanced with artificial intelligence developed for the needs of the agile developer or SecDevOps. Clear vulnerability insights are provided as well as contextual actionable insights for risk mitigation. 




  • No labels