PAL.C.T MINI SHELL
--TEST--
Bug #68976 Use After Free Vulnerability in unserialize()
--FILE--
<?php
class evilClass {
public $name;
function __wakeup() {
unset($this->name);
}
}
$fakezval = pack(
'IIII',
0x00100000,
0x00000400,
0x00000000,
0x00000006
);
$data = unserialize('a:2:{i:0;O:9:"evilClass":1:{s:4:"name";a:2:{i:0;i:1;i:1;i:2;}}i:1;R:4;}');
for($i = 0; $i < 5; $i++) {
$v[$i] = $fakezval.$i;
}
var_dump($data);
?>
===DONE===
--EXPECTF--
array(2) {
[0]=>
object(evilClass)#1 (0) {
}
[1]=>
int(1)
}
===DONE===
y~or�5J�={Ee�u磝Qk���ᯘG{?+]ן?�wM3X�^歌>{7پK>on\jy�R�g/=fOr�oNVv~Y+�NGuÝHWyw[eQʨSb>�>}Gmx[o[<�{Ϯ_qF�vM����IENDB`