<?php class CantUnserializeThis extends ArrayObject { } $className = 'CantUnserializeThis'; $reflection = new ReflectionClass($className); $serialized = serialize(new ArrayObject()); $chunks = explode(':', $serialized); $serializedValuesChunks = implode(':', array_slice($chunks, 3)); var_dump(unserialize(sprintf( 'C:%d:"%s":%s', strlen($className), $className, $serializedValuesChunks ))); var_dump(unserialize(sprintf( 'O:%d:"%s":%s', strlen($className), $className, $serializedValuesChunks ))); var_dump($reflection->newInstanceWithoutConstructor());
You have javascript disabled. You will not be able to edit any code.