Today we’ll be exploiting the unserialize() function in PHP.  The major lesson here is to NEVER unserialize() user input, and I’ll show you why. PHP.net describes the serialize() function as follows: “Generates a storable representation of a value.  This is useful for storing or passing PHP values around without losing