Diving into unserialize(): POP Chains

Achieving RCE with POP chain exploits

Soda, or pop?