Tags: serialization web
Rating: 5.0
We can call any function. Call file_puts_contents() to fill tmp session challenge file with serialized payload and we overwrite session file in session.save_path (/var/lib/php/sessions) using copy(), call eval() function inside verifyFromMath().