\x00 + 类名 + \x00 + 变量名 -> 反序列化为private变量\x00 + + \x00 + 变量名 -> 反序列化为protected变量O是工具,s是字符串,i是数字由于是private润色的以是要加%00充当空格
<?phphighlight_file(__FILE__);class user{private $name2 = 'leo';protected $age2 = 19;public function print_data(){echo $this->name2 . ' is ' . $this->age2 . ' years old <br>';}}$user = new user();$user->print_data();echo serialize($user);?> leo is 19 years oldO:4:"user":2:{s:11:" user name2";s:3:"leo";s:7:" age2";i:19;}注:O是工具,s是字符串,i是数字; %00user%00name2、%00%00age2例:/?select=O:4:"Name":3:{s:14:"%00Name%00username";s:5:"admin";s:14:"%00Name%00password";i:100;}
