mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
9 lines
288 B
PHP
9 lines
288 B
PHP
<?php
|
|
// Phase 03 (Track J.1) — PHP deserialize vuln fixture.
|
|
//
|
|
// `unserialize` without `allowed_classes` will materialise any
|
|
// `O:N:"ClassName":` blob the attacker sends, triggering `__wakeup`
|
|
// / `__destruct` chains.
|
|
function run(string $blob) {
|
|
return unserialize($blob);
|
|
}
|