- Output for 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.7
- O:3:"foo":0:{}
<?php
class foo {
public function __wakeup() {
echo 'exploited';
}
}
$userInput = serialize(new foo);
echo $userInput;
$serialisedStr = serialize([
$userInput,
]);
unserialize($serialisedStr);