from Wiktionary, Creative Commons Attribution/Share-Alike License
- v. Present participle of unserialize.
Sorry, no etymologies found.
This time I disclosed for the first time how unserializing user input in Zend Framework based applications can result in direct remote PHP code execution.
By unserializing some of Piwik's objects it is possible to write arbitrary files to writable locations on the webserver which can be used to upload e.g. PHP files to writable directories within the webserver's document root which usually exist in a standard Piwik installation.
Also, magic functions will be invoked transparently by the PHP parser when serializing and unserializing objects, as well as when creating and destroying instances of a class.
And speaking of magic functions, you'll surely recall that I left off the last article discussing the use of the "__sleep ()" and "__wakeup ()" methods, which are invoked by the PHP interpreter when serializing and unserializing a specified object.