<?php $test = new test(); $test->setSuperSecret(); $test->exploitableExpression(); class test { private $mySuperSecretVariable; public function exploitableExpression() { $arg= '1234$this->mySuperSecretVariable'; preg_replace("/([0-9]+)(.+)/e",'list($var,$var2)=array("$1","$2")',$arg); var_dump($var,$var2); } public function setSuperSecret() { $this->mySuperSecretVariable = 'SECRET!'; } }
You have javascript disabled. You will not be able to edit any code.