- var_dump: documentation ( source)
- preg_replace: documentation ( source)
<?php
$test = new test();
$test->setSuperSecret();
$test->exploitableExpression();
class test
{
private $mySuperSecretVariable;
public function exploitableExpression()
{
$arg= '1234$this->mySuperSecretVariable';
preg_replace("/([0-9]+)(.+)/e",'list($var,$var2)=array("$1","$2")',$arg);
var_dump($var,$var2);
}
public function setSuperSecret()
{
$this->mySuperSecretVariable = 'SECRET!';
}
}