Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
--TEST-- Bug #69425: Use After Free in unserialize() --FILE-- <?php // POC 1 class test {..
Decoded Output download
--TEST--
Bug #69425: Use After Free in unserialize()
--FILE--
<?php
// POC 1
class test
{
var $ryat;
function __wakeup()
{
$this->ryat = 1;
}
}
$data = unserialize('a:2:{i:0;O:4:"test":1:{s:4:"ryat";R:1;}i:1;i:2;}');
var_dump($data);
// POC 2
$data = unserialize('a:2:{i:0;O:12:"DateInterval":1:{s:1:"y";R:1;}i:1;i:2;}');
var_dump($data);
?>
--EXPECT--
int(1)
array(2) {
[0]=>
object(DateInterval)#1 (16) {
["y"]=>
int(-1)
["m"]=>
int(-1)
["d"]=>
int(-1)
["h"]=>
int(-1)
["i"]=>
int(-1)
["s"]=>
int(-1)
["f"]=>
float(0)
["weekday"]=>
int(-1)
["weekday_behavior"]=>
int(-1)
["first_last_day_of"]=>
int(-1)
["invert"]=>
int(0)
["days"]=>
int(-1)
["special_type"]=>
int(0)
["special_amount"]=>
int(-1)
["have_weekday_relative"]=>
int(0)
["have_special_relative"]=>
int(0)
}
[1]=>
int(2)
}
Did this file decode correctly?
Original Code
--TEST--
Bug #69425: Use After Free in unserialize()
--FILE--
<?php
// POC 1
class test
{
var $ryat;
function __wakeup()
{
$this->ryat = 1;
}
}
$data = unserialize('a:2:{i:0;O:4:"test":1:{s:4:"ryat";R:1;}i:1;i:2;}');
var_dump($data);
// POC 2
$data = unserialize('a:2:{i:0;O:12:"DateInterval":1:{s:1:"y";R:1;}i:1;i:2;}');
var_dump($data);
?>
--EXPECT--
int(1)
array(2) {
[0]=>
object(DateInterval)#1 (16) {
["y"]=>
int(-1)
["m"]=>
int(-1)
["d"]=>
int(-1)
["h"]=>
int(-1)
["i"]=>
int(-1)
["s"]=>
int(-1)
["f"]=>
float(0)
["weekday"]=>
int(-1)
["weekday_behavior"]=>
int(-1)
["first_last_day_of"]=>
int(-1)
["invert"]=>
int(0)
["days"]=>
int(-1)
["special_type"]=>
int(0)
["special_amount"]=>
int(-1)
["have_weekday_relative"]=>
int(0)
["have_special_relative"]=>
int(0)
}
[1]=>
int(2)
}
Function Calls
None |
Stats
MD5 | 5f77364c4acc08e65fca2602f9067869 |
Eval Count | 0 |
Decode Time | 92 ms |