home/categories/security/wgpsec-aboutsecurity-skills-exploit-deserialization-methodology-skill-md

securitytesting-security

deserialization-methodology

Name: deserialization-methodology
Author: wgpsec

不安全反序列化漏洞利用。当发现 Base64 编码的 Cookie/参数、Python pickle 数据、PHP serialized 字符串(O:4:...)、Java serialized 数据(rO0AB...)、Node.js 原型链污染时使用。可直接获取 RCE

maintainer

wgpsec

Updated 4/6/2026

Stars

1109

Forks

193

quick start

Installation and usage

Installation

$ install --globalskills.sh

Usage

Once installed, you can use this skill by running the following command in your terminal:

skills use deserialization-methodology