1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
--TEST--
Bug #73055 (Type confusion vulnerability in merge_param())
--SKIPIF--
<?php
include "skipif.inc";
?>
--FILE--
<?php
echo "Test\n";
try {
echo new http\QueryString("[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[&%C0[]E[=&2[&%C0[]E[16706[*[");
} catch (Exception $e) {
echo $e;
}
?>
===DONE===
--EXPECTF--
Test
%r(exception ')?%rhttp\Exception\BadQueryStringException%r(' with message '|: )%rhttp\QueryString::__construct(): Max input nesting level of %d exceeded%r'?%r in %sbug73055.php:%d
Stack trace:
#0 %sbug73055.php(%d): http\QueryString->__construct('[[[[[[[[[[[[[[[...')
#1 {main}
===DONE===
|
