Zend Engine V3.4.0 Exploit |link|

$obj = new Evil; $obj->prop = new ArrayObject(); $obj->prop->x = "target"; $serialized = 'O:4:"Evil":1:s:4:"prop";O:11:"ArrayObject":1:s:1:"x";s:6:"target";'; unserialize($serialized); ?>

Let’s walk through a theoretical exploit chain against a hardened Zend Engine 3.4.0. zend engine v3.4.0 exploit