3v4l.org

run code in 300+ PHP versions simultaneously
<?php $regex = '/(?=xyz\K)/'; $subject = "aaaaxyzaaaa"; // Comment/uncomment below as wanted. // All 3 functions are vulnerable (note, other functions are affected as well) preg_match($regex, $subject, $matches);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/9K408
function name:  (null)
number of ops:  8
compiled vars:  !0 = $regex, !1 = $subject, !2 = $matches
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, '%2F%28%3F%3Dxyz%5CK%29%2F'
    4     1        ASSIGN                                                   !1, 'aaaaxyzaaaa'
    8     2        INIT_FCALL                                               'preg_match'
          3        SEND_VAR                                                 !0
          4        SEND_VAR                                                 !1
          5        SEND_REF                                                 !2
          6        DO_ICALL                                                 
          7      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
166.34 ms | 1394 KiB | 15 Q