deserialization

This problem occurs when user input is passed directly to unserialize() function. We will learn how to invoke deserialization without using unserialize() function.

TCP1PCTF was organized by Indonesian and it was opened to anyone. The challenge is solely focus on exploiting deserialization vulnerability and how to chain the gadget to get code execution.

TCP1PCTF was organized by Indonesian and it was opened to anyone. For this challenge specifically, it was really good. I do need to read the source code as well as chaining multiple vulnerabilities such as SQL Injection, SSRF and Insecure Deserialization to get RCE.