super late to the party, i see other writeups of same topic already sink to the second page, lol, writing is harder than i thought and whoa i smh can’t talk fluently now *facepalm*
i wrote the summary backwards i.e. root to foothold, less interesting than i expected but
the php object injection via deserialization part is detailed, as i dont know how such vuln works (i’ve heard about the word serial/deserial tho), so every step of reasoning to derive the exploit is documented hopefully
other stuff i just gloss over
if you still want to check it out: