mirror of
https://github.com/php/php-src.git
synced 2026-04-17 21:11:02 +02:00
17 lines
653 B
PHP
17 lines
653 B
PHP
--TEST--
|
|
Bug #69152: Type Confusion Infoleak Vulnerability in unserialize()
|
|
--FILE--
|
|
<?php
|
|
$x = unserialize('O:9:"exception":1:{s:16:"'."\0".'Exception'."\0".'trace";s:4:"ryat";}');
|
|
echo $x;
|
|
$x = unserialize('O:4:"test":1:{s:27:"__PHP_Incomplete_Class_Name";R:1;}');
|
|
$x->test();
|
|
|
|
?>
|
|
--EXPECTF--
|
|
Exception in %s:%d
|
|
Stack trace:
|
|
#0 {main}
|
|
|
|
Fatal error: main(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "unknown" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide an autoloader to load the class definition in %s on line %d
|