xref: /PHP-8.2/ext/soap/tests/bug71610.phpt (revision de51612b)
1--TEST--
2SOAP Bug #71610 - Type Confusion Vulnerability - SOAP / make_http_soap_request()
3--EXTENSIONS--
4soap
5--SKIPIF--
6<?php
7if (!file_exists(__DIR__ . "/../../../sapi/cli/tests/php_cli_server.inc")) {
8    echo "skip sapi/cli/tests/php_cli_server.inc required but not found";
9}
10?>
11--FILE--
12<?php
13include __DIR__ . "/../../../sapi/cli/tests/php_cli_server.inc";
14php_cli_server_start();
15
16$url = "http://" . PHP_CLI_SERVER_ADDRESS;
17$ser = 'O:10:"SoapClient":3:{s:3:"uri";s:1:"a";s:8:"location";s:' . strlen($url) . ':"'
18    . $url . '";s:8:"_cookies";a:1:{s:8:"manhluat";a:3:{i:0;s:0:"";i:1;N;i:2;N;}}}';
19
20$exploit = unserialize($ser);
21try {
22$exploit->blahblah();
23} catch(SoapFault $e) {
24    echo $e->getMessage()."\n";
25}
26?>
27--EXPECT--
28looks like we got no XML document
29