3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php // ultimate goal...inject command into $upacked that will read a text file in the same dir as php file $post_seeds = "1154731896 "; $hard_coded_algo = "5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929"; $uPacked = unpack("H*", "ShA1(dATe('')) "); $test = $uPacked[1]; //abcdefghi pqrstuvwxy // allowed chars echo pack("H*", $test); echo "<br />"; echo pack("H*", $hard_coded_algo); echo "<br />"; if(comp($hard_coded_algo, $test)){ // ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI()))))))))) // magical execution printf(preg_replace("#\b(\d+)\b#se", pack("H*", $test), $post_seeds)); } else { echo "<br /> Hacker Detected "; } echo "<br />"; echo sha1(date('')); function comp($numOne, $numTwo){ // Show that php doesn't correctly compare numeric strings echo "<br />"; echo "<br />"; echo "Comparing the numbers"; echo "<br />"; echo $numOne; echo "<br />"; echo $numTwo; echo "<br />"; echo floatval($numOne); echo "<br />"; echo floatval($numTwo); echo "<br />"; if($numOne != $numTwo){ echo "Not Matching <br />"; return false; } else { echo "Matching </br>"; return true; } } ?>
Output for 5.4.4 - 5.6.23, hhvm-3.10.0 - 3.12.0, 7.0.0 - 7.1.0
ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />5368413128644154652827272929202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020<br />5.3684131286442E+123<br />5.3684131286442E+123<br />Not Matching <br /><br /> Hacker Detected <br />da39a3ee5e6b4b0d3255bfef95601890afd80709
Output for 4.3.5 - 4.3.9, 4.3.11 - 4.4.1, 4.4.3 - 5.0.2, 5.0.5 - 5.1.1, 5.1.3 - 5.4.3
ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />5368413128644154652827272929202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020<br />5.3684131286442E+123<br />5.3684131286442E+123<br />Matching </br>da39a3ee5e6b4b0d3255bfef95601890afd80709 <br />da39a3ee5e6b4b0d3255bfef95601890afd80709
Output for 4.4.2, 5.1.2
ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />53684131286441546528272729292020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020200<br />5.3684131286442E+123<br />5.3684131286442E+124<br />Not Matching <br /><br /> Hacker Detected <br />da39a3ee5e6b4b0d3255bfef95601890afd80709
Output for 4.3.10, 5.0.3 - 5.0.4
Warning: unpack(): Type H: outside of string in /in/16in5 on line 9 ShA1(dATe('')) <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br />5368413128644154652827272929202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020<br />5.3684131286442E+123<br />5.3684131286442E+123<br />Matching </br>da39a3ee5e6b4b0d3255bfef95601890afd80709 <br />da39a3ee5e6b4b0d3255bfef95601890afd80709
Output for 4.3.0 - 4.3.4
Notice: Undefined offset: 1 in /in/16in5 on line 10 <br />ShA1(dATe(CRyPT(CRC32(sTRReV(ABs($1%SqrT(eXP(EXp(pI())))))))))<br /><br /><br />Comparing the numbers<br />5368413128644154652843527950542843524333322873545252655628414273282431255371725428655850284558702870492829292929292929292929<br /><br />5.3684131286442E+123<br />0<br />Not Matching <br /><br /> Hacker Detected <br />da39a3ee5e6b4b0d3255bfef95601890afd80709