php反序列化无法出结果

LoRexxar / Kunlun-M

KunLun-M是一个完全开源的静态白盒扫描工具，支持PHP、JavaScript的语义扫描，基础安全、组件安全扫描，Chrome Ext\Solidity的基础扫描。

MIT License

2.21k stars 309 forks source link

php反序列化无法出结果 #238

Closed d1e4f1ag closed 11 months ago

d1e4f1ag commented 11 months ago

E:\CTF\工具\Kunlun-M-2.6.5>python .\kunlun.py plugin php_unserialize_chain_tools -t .\1.php [11:18:28] [INIT] Load Plugin php_unserialize_chain_tools. [11:18:28] [PhpUnSerChain] Target 1.php db load success

d1e4f1ag commented 11 months ago

有的时候还会报错：E:\CTF\工具\Kunlun-M-2.6.5>python .\kunlun.py plugin php_unserialize_chain_tools -t .\1.php [11:10:34] [INIT] Load Plugin php_unserialize_chain_tools. [11:10:34] [PhpUnSerChain] Target 1.php first Scan...Renew dataflow DB. [11:10:34] [INIT][PARSE_ARGS] Only one Language ['php']. [11:10:34] [PARSE-ARGS] Target Mode: file [11:10:34] [CLI] Target : .\1.php [11:10:34] [PICKUP] .\1.php [11:10:34] [PICKUP] [EXTENSION-COUNT] .php : 1 [11:10:34] [AST] [ERROR] parser 1.php SyntaxError [11:10:34] [PhpUnSerChain] New Base locate 1_php

d1e4f1ag commented 11 months ago

求带佬帮忙看看呜呜呜

LoRexxar commented 11 months ago

就没结果呗，这不是跑的挺正常的吗

LoRexxar commented 11 months ago

这个插件是需要有反序列化入口才会扫描的我记得

LoRexxar commented 11 months ago

下面报错那个不是写了，1.php中有语法错误

d1e4f1ag commented 11 months ago

okok，谢谢谢谢