Online PHP editor | output for 9iGE6

@ 2026-02-07T03:23:04Z

<?php
// test.php
class xctf{
    public $flag = '111';
    public function __wakeup(){
        exit('bad requests');
    }
}

// 测试1：正常反序列化
$obj = new xctf();
$ser = serialize($obj);
echo "正常序列化: " . $ser . "\n\n";

// 测试2：修改数量后的字符串
$payload = 'O:4:"xctf":2:{s:4:"flag";s:3:"111";}';
echo "修改数量: " . $payload . "\n";
$result = unserialize($payload);
var_dump($result);
?>

Output for 8.3.0 - 8.3.30, 8.4.1 - 8.4.18, 8.5.0 - 8.5.3: 正常序列化: O:4:"xctf":1:{s:4:"flag";s:3:"111";} 修改数量: O:4:"xctf":2:{s:4:"flag";s:3:"111";} Warning: unserialize(): Unexpected end of serialized data in /in/9iGE6 on line 18 Warning: unserialize(): Error at offset 35 of 36 bytes in /in/9iGE6 on line 18 bool(false)
Output for 7.0.0 - 7.0.1: 正常序列化: O:4:"xctf":1:{s:4:"flag";s:3:"111";} 修改数量: O:4:"xctf":2:{s:4:"flag";s:3:"111";} Notice: unserialize(): Unexpected end of serialized data in /in/9iGE6 on line 18 Notice: unserialize(): Error at offset 35 of 36 bytes in /in/9iGE6 on line 18 bool(false)

preferences:dark modelive previewkey bindings