- var_dump: documentation ( source)
- unserialize: documentation ( source)
<?php
class Foo {
private function __construct()
{
}
public function bar() {
echo 'Never gonna give you up' . PHP_EOL;
}
}
$hijacked = 'O:3:"Foo":0:{}';
$instantiated = unserialize($hijacked);
$instantiated->bar();
var_dump($instantiated);