AWAE - OSWE Preparation / Resources
  • TL;DR
  • General
    • Resources
      • BurpSuite
      • WhiteBox
    • POCs
      • Deserialization
        • PHP
        • Java
          • Ysoserial
      • SQL Injection
      • Type Juggling
      • CSRF
  • By Vulnerability
    • SQL Injection
      • Summary
      • Types
      • Injection by clause
      • Bypassing Character Restrictions
      • By Language
        • JAVA
          • Regex
          • Summary
      • Regex
      • Resources
    • Deserialization
      • By Language
        • PHP
          • Regex
          • Summary
          • Practice
        • JAVA
          • Regex
          • Summary
          • Practice
          • Resources
        • .NET
          • Regex
          • Summary
          • Resources
      • Resources
    • XSS
    • XXE
      • By Language
        • PHP
          • Practice
          • Resources
        • Java
          • Vulnerable Libraries' Implementation
      • Resources
    • SSTI
      • Summary
      • Practice
      • Resources
    • File Upload Restrictions Bypass
      • Tricks
      • File Extension Filters Bypass List
      • Resources
  • REGEX
  • By Language
    • PHP
      • Regex
      • Type Juggling
        • Summary
        • Practice
    • Java
      • Decompiling
      • Compiling & Running
    • NodeJS
      • Practice
  • Random
  • Other Repositories
Powered by GitBook
On this page
  • Weak Comparison
  • Weak Filtering
  • Deserialization

Was this helpful?

  1. By Language
  2. PHP

Regex

Compilation of PHP's regular expressions.

Weak Comparison

((STRCMP).*== *0|0 *== *(STRCMP))
==

Weak Filtering

(PREG_REPLACE)[ \('"]*/ *[a-z0-9]{2,}

Deserialization

Regex to find unserialize function followed by anything being passed a variable.

unserialize\(.*(\$)*
PreviousPHPNextType Juggling

Last updated 4 years ago

Was this helpful?