Docs for PHP Object Injection Emulator

docs/source/emulators.rst

@@ -88,6 +88,21 @@ It emulates `PHP code injection`_ vuln. Usually, this type of vuln is found wher
 functions like eval, assert. To mimic the functionality, user input is converted to the following code
 ``<?php eval('$a = user_input'); ?>`` and then passed to phpox to get php code emulation results.
 
+PHP Object Injection Emulator
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+It emulates `PHP object injection`_ vuln. PHP allows object serialization So, this type of vulnerability occurs when not
+properly sanitized input is passed to unserialize() PHP function. Exploiting this vulnerability involves Magic methods like
+``__destruct or __construct`` which are called automatically when an object is created or destroyed and methods like
+``__sleep or __wakeup`` are called when an object is serialized and unserialized. The input serialized object is
+detected with regex pattern.
+
+::
+
+(^|;|{|})O:[0-9]+:
+
+To mimic this functionality the user input is injected to a vulnerable custom class with magic methods and then it
+is passed to php sandbox to get the injection results.
+
 CRLF Emulator
 ~~~~~~~~~~~~~
 It emulates `CRLF`_ vuln. The attack is detected using ``\r\n`` pattern in the input. The parameter which looks suspicious
@@ -100,5 +115,6 @@ is injected as a header with parameter name as header name and param value as he
 .. _SQL injection: https://en.wikipedia.org/wiki/SQL_injection
 .. _Command Execution: https://www.owasp.org/index.php/Command_Injection
 .. _PHP Code Injection: https://www.owasp.org/index.php/Code_Injection
+.. _PHP object injection: https://www.owasp.org/index.php/PHP_Object_Injection
 .. _CRLF: https://www.owasp.org/index.php/CRLF_Injection
 .. _manual: https://github.com/client9/libinjection/wiki/doc-sqli-python