3v4l.org

run code in 300+ PHP versions simultaneously
<?php class foo { public function __wakeup() { echo 'exploited'; } } $userInput = serialize(new foo); echo $userInput; $serialisedStr = serialize([ $userInput, ]); unserialize($serialisedStr);
Output for 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.7
O:3:"foo":0:{}
preferences:
168.36 ms | 403 KiB | 211 Q