=== Testing PHP Object Injection via @type ===

[TEST] Malicious JSON payload: {"@type":"VulnerableTarget","data":"injected"}

[VULNERABILITY CONFIRMED] __wakeup() was called on arbitrary class!
[RESULT] Class instantiated: VulnerableTarget
[RESULT] Data value: injected
[RESULT] __wakeup() called: YES

[CHECK] setAllowedClasses() method: MISSING (vulnerable)

=== CONCLUSION ===
VULNERABILITY CONFIRMED: Arbitrary class instantiation works!
This version allows any class to be instantiated via @type.