1--TEST-- 2Bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability) 3--SKIPIF-- 4<?php 5if (!extension_loaded("wddx")) print "skip"; 6?> 7--FILE-- 8<?php 9ini_set('session.serialize_handler', 'wddx'); 10session_start(); 11 12$hashtable = str_repeat('A', 66); 13$wddx = "<?xml version='1.0'?> 14<wddxPacket version='1.0'> 15<header/> 16 <data> 17 <string>$hashtable</string> 18 </data> 19</wddxPacket>"; 20session_decode($wddx); 21?> 22DONE 23--EXPECTF-- 24 25Warning: session_decode(): Failed to decode session object. Session has been destroyed in %s on line %d 26DONE
