3v4l.org

run code in 300+ PHP versions simultaneously
<?php class foo { public function __wakeup() { echo 'exploited'; } } $userInput = serialize(new foo); echo $userInput; $serialisedStr = serialize([ $userInput, ]); unserialize($serialisedStr);
preferences:
60.43 ms | 402 KiB | 5 Q