Challenge 4: The AI-Recommended Library
Team Hack
Goal: Trigger the
AdminProfile logic.
An AI recommended using "PHP native serialization" for a custom caching library because it's "faster than JSON". Can you exploit this advice?
Copy
<?php
// --- SIMULATED INPUT ---
// AI says: "Just pass the serialized string from the cookie"
$data = 'O:4:"User":1:{s:7:"profile";O:12:"GuestProfile":0:{}}';
// -----------------------
class User {
public $profile;
public function __wakeup() {
$this->profile->display();
}
}
class GuestProfile {
public function display() {
echo "Welcome, guest.";
}
}
class AdminProfile {
public function display() {
echo "Welcome Admin! FLAG{AI_RECOMMENDED_DESERIALIZATION}";
}
}
// VULNERABLE CODE
unserialize($data);
Team Fix
Goal: Ignore the AI's bad performance advice.
AI often prioritizes "clever" or "fast" solutions over secure ones. Replace unserialize() with a safe format like JSON.
Tip: JSON is a data-only format and doesn't trigger magic methods like __wakeup().