1. Setting

Enable Xdebug in PHP setting, MAMP PRO.


Settings have taken effect. In PHP.ini


Open the project in PHPStorm. In the upper right corner, Add Configuration, click + symbol, select PHP Web Page, set Name, select Server, click Apply and OK.


2. Debugging

Demo: QWB, Web, UPLOAD

Knowledge: code audit, PHP unserialize

Build an environment according to qwb-2019-upload in MAMP PRO.

Looked and found that it has register, login, upload image, etc.

And leak source code at url/www.tar.gz. It is based on ThinkPHP v5.

First, look at the routing configuration and understand the general structure.

Then, look for unserialize function. It appears in the login_check() of index.php.

Click at the beginning of the current line and appear a red dot.


In the upper right corner, select the Server Name, click on the red bug to start debugging.


It will open this server using a browser. URL: http://qwb/?XDEBUG_SESSION_START=11956

?XDEBUG_SESSION_START=11956 is the bridge to PHPStorm and PHP Xdebug connections.

NOTE: All urls that use it will pass PHPStorm!

Finally, implement the attack chain.

3. Attack chain