gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

Indicators for deserialization

Browse Source
This commit is contained in:
Swissky
2025-12-12 11:32:33 +01:00
parent ba62eed782
commit 39da0328b8
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Insecure Deserialization/README.md
View File

@@ -19,12 +19,14 @@ Check the following sub-sections, located in other chapters :
* [Python : pickle, PyYAML, ...](Python.md) * [Python : pickle, PyYAML, ...](Python.md)
* [.NET : ysoserial.net, ...](DotNET.md) * [.NET : ysoserial.net, ...](DotNET.md)
| Object Type | Header (Hex) | Header (Base64) | | Object Type | Header (Hex) | Header (Base64) | Indicators |
|-----------------|--------------|-----------------| |-----------------|----------------|-----------------|------------------|
| Java Serialized | AC ED | rO | | .NET ViewState | `FF 01` | `/w` | Commonly found inside hidden inputs around HTML forms |
| .NET ViewState | FF 01 | /w | | BinaryFormatter | `0001 0000 00FF FFFF FF01` | `AAEAAAD` | Base64 decode and check for the long `FF FF FF FF` sequence. |
| Python Pickle | 80 04 95 | gASV | | Java Serialized | `AC ED` | `rO` | Base64 decode and check first bytes. |
| PHP Serialized | 4F 3A | Tz | | PHP Serialized | `4F 3A` | `Tz` | Prefixes like `O:, a:, s:, i:, b:` and length indicators. |
| Python Pickle | `80 04 95` | `gASV` | Text: opcodes like `(lp0, S'Test'`. |
| Ruby Marshal | `04 08` | `BAgK` | Base64 decode and look for `\x04\x08` at the start. |
## POP Gadgets ## POP Gadgets