3v4l.org

run code in 300+ PHP versions simultaneously
<?php $regex = '/(.a)(?=xyz\Kaa)./'; $subject = "aaaaxyzaabaa"; // Comment/uncomment below as wanted. // All 3 functions are vulnerable (note, other functions are affected as well) $x=preg_replace($regex, '\0',$subject); var_dump($x);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/FkPUK
function name:  (null)
number of ops:  12
compiled vars:  !0 = $regex, !1 = $subject, !2 = $x
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, '%2F%28.a%29%28%3F%3Dxyz%5CKaa%29.%2F'
    4     1        ASSIGN                                                   !1, 'aaaaxyzaabaa'
    8     2        INIT_FCALL                                               'preg_replace'
          3        SEND_VAR                                                 !0
          4        SEND_VAL                                                 '%5C0'
          5        SEND_VAR                                                 !1
          6        DO_ICALL                                         $5      
          7        ASSIGN                                                   !2, $5
    9     8        INIT_FCALL                                               'var_dump'
          9        SEND_VAR                                                 !2
         10        DO_ICALL                                                 
         11      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
169.06 ms | 1394 KiB | 17 Q