3v4l.org

run code in 300+ PHP versions simultaneously
<?php $html = '<ul class="newsfeed"> <li> <span class="feed-link"> <a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/GIZJHbqr1wQ/797-20191202-core-various-sql-injections-through-configuration-parameters.html" target="_blank"> [20191202] - Core - Various SQL injections through configuration parameters</a></span> <div class="feed-item-date"> 16 December 2019 </div> <div class="feed-item-description"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> <span class="label label-danger">High</span></li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 2.5.0 - 3.9.13</li> <li><strong>Exploit type:</strong>&nbsp;SQL&nbsp;injection</li> <li><strong>Reported Date:</strong> 2019-December-01</li> <li><strong>Fixed Date:</strong> 2019-December-17</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19846">CVE-2019-19846</a></li> </ul> <h3>Description</h3> <p>The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 2.5.0 - 3.9.13</p> <h3>Solution</h3> <p>Upgrade to version 3.9.14</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By:&nbsp;</strong>ka1n4t</div><div class="feedflare"> <a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=GIZJHbqr1wQ:mKZamezlv3g:yIl2AUoC8zA"></a> </div> </div> </li> <li> <span class="feed-link"> <a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_fWsZ57Sw7g/796-20191201-core-path-disclosure-in-framework-files.html" target="_blank"> [20191201] - Core - Path Disclosure in framework files</a></span> <div class="feed-item-date"> 16 December 2019 </div> <div class="feed-item-description"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong>&nbsp;Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.8.0 - 3.9.13</li> <li><strong>Exploit type:</strong> Path Disclosure</li> <li><strong>Reported Date:</strong> 2019-November-22</li> <li><strong>Fixed Date:</strong> 2019-December-17</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19845">CVE-2019-19845</a></li> </ul> <h3>Description</h3> <p>Missing access check in framework files could lead to a path disclosure.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.8.0 - 3.9.13</p> <h3>Solution</h3> <p>Upgrade to version 3.9.14</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By:&nbsp;</strong>Lee Thao, Viettel Cyber Security</div><div class="feedflare"> <a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=_fWsZ57Sw7g:uVTwWaDiNQ0:yIl2AUoC8zA"></a> </div> </div> </li> <li> <span class="feed-link"> <a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/Zi-lVuM4KoY/795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html" target="_blank"> [20191002] - Core - Path Disclosure in phpuft8 mapping files</a></span> <div class="feed-item-date"> 05 November 2019 </div> <div class="feed-item-description"> <ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong>&nbsp;Low</li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 3.6.0 - 3.9.12</li> <li><strong>Exploit type:</strong> Path Disclosure</li> <li><strong>Reported Date:</strong> 2019-November-01</li> <li><strong>Fixed Date:</strong> 2019-November-05</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18674">CVE-2019-18674</a></li> </ul> <h3>Description</h3> <p>Missing access check in the phputf8 mapping files could lead to an path disclosure.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 3.6.0 - 3.9.12</p> <h3>Solution</h3> <p>Upgrade to version 3.9.13</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By:&nbsp;</strong>Phil Taylor</div><div class="feedflare"> <a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=Zi-lVuM4KoY:eFsJw4QiCW0:yIl2AUoC8zA"></a> </div> </div> </li> </ul>'; $doc = new DOMDocument(); $doc->loadHTML($html); $xpath = new DOMXPath($doc); $feed_items = $xpath->query('//div[contains(@class, "feed-item-description")]'); foreach ($feed_items as $feed_item) { $impact_node = $xpath->query('*/li[contains(string(), "Impact:")]', $feed_item); echo "Impact: " . str_replace('Impact: ', '', $impact_node->item(0)->textContent); echo "\n"; $severity_node = $xpath->query('*/li[contains(string(), "Severity:")]/span[contains(@class, "label-info")]', $feed_item); echo "Severity: " . $severity_node->item(0)->textContent . "\n"; }
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 77) Position 1 = 16, Position 2 = 47
Branch analysis from position: 16
2 jumps found. (Code = 78) Position 1 = 17, Position 2 = 47
Branch analysis from position: 17
1 jumps found. (Code = 42) Position 1 = 16
Branch analysis from position: 16
Branch analysis from position: 47
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 47
filename:       /in/R1A7i
function name:  (null)
number of ops:  49
compiled vars:  !0 = $html, !1 = $doc, !2 = $xpath, !3 = $feed_items, !4 = $feed_item, !5 = $impact_node, !6 = $severity_node
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, '%3Cul+class%3D%22newsfeed%22%3E%0A%09%09%09%09%09%09%09%09%09%3Cli%3E%0A%09%09%09%09%09%09%09%09%09%09%09%3Cspan+class%3D%22feed-link%22%3E%0A%09%09%09%09%09%09%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Er%2FJoomlaSecurityNews%2F%7E3%2FGIZJHbqr1wQ%2F797-20191202-core-various-sql-injections-through-configuration-parameters.html%22+target%3D%22_blank%22%3E%0A%09%09%09%09%09%09%5B20191202%5D+-+Core+-+Various+SQL+injections+through+configuration+parameters%3C%2Fa%3E%3C%2Fspan%3E%0A%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%3Cdiv+class%3D%22feed-item-date%22%3E%0A%09%09%09%09%09%09%0916+December+2019%09%09%09%09%09%09%3C%2Fdiv%3E%0A%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%3Cdiv+class%3D%22feed-item-description%22%3E%0A%09%09%09%09%09%09%3Cul%3E%0A%3Cli%3E%3Cstrong%3EProject%3A%3C%2Fstrong%3E+Joomla%21%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESubProject%3A%3C%2Fstrong%3E+CMS%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EImpact%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-danger%22%3EHigh%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESeverity%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-info%22%3ELow%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EVersions%3A%3C%2Fstrong%3E+2.5.0+-+3.9.13%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EExploit+type%3A%3C%2Fstrong%3E%26nbsp%3BSQL%26nbsp%3Binjection%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EReported+Date%3A%3C%2Fstrong%3E+2019-December-01%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EFixed+Date%3A%3C%2Fstrong%3E+2019-December-17%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ECVE+Number%3A%3C%2Fstrong%3E+%3Ca+href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-19846%22%3ECVE-2019-19846%3C%2Fa%3E%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Ch3%3EDescription%3C%2Fh3%3E%0A%3Cp%3EThe+lack+of+validation+of+configuration+parameters+used+in+SQL+queries+caused+various+SQL+injection+vectors.%3C%2Fp%3E%0A%3Ch3%3EAffected+Installs%3C%2Fh3%3E%0A%3Cp%3EJoomla%21+CMS+versions+2.5.0+-+3.9.13%3C%2Fp%3E%0A%3Ch3%3ESolution%3C%2Fh3%3E%0A%3Cp%3EUpgrade+to+version+3.9.14%3C%2Fp%3E%0A%3Ch3%3EContact%3C%2Fh3%3E%0A%3Cp%3EThe+JSST+at+the+%3Ca+title%3D%22Contact+the+JSST%22+href%3D%22https%3A%2F%2Fdeveloper.joomla.org%2Fsecurity-centre.html%22%3EJoomla%21+Security+Centre%3C%2Fa%3E.%3C%2Fp%3E%0A%3Cdiv+class%3D%22alert+alert-info%22%3E%3Cstrong%3EReported+By%3A%26nbsp%3B%3C%2Fstrong%3Eka1n4t%3C%2Fdiv%3E%3Cdiv+class%3D%22feedflare%22%3E%0A%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Eff%2FJoomlaSecurityNews%3Fa%3DGIZJHbqr1wQ%3AmKZamezlv3g%3AyIl2AUoC8zA%22%3E%3C%2Fa%3E%0A%3C%2Fdiv%3E%09%09%09%09%09%09%3C%2Fdiv%3E%0A%09%09%09%09%09%09%09%09%09%3C%2Fli%3E%0A%09%09%09%09%09%09%09%09%09%3Cli%3E%0A%09%09%09%09%09%09%09%09%09%09%09%3Cspan+class%3D%22feed-link%22%3E%0A%09%09%09%09%09%09%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Er%2FJoomlaSecurityNews%2F%7E3%2F_fWsZ57Sw7g%2F796-20191201-core-path-disclosure-in-framework-files.html%22+target%3D%22_blank%22%3E%0A%09%09%09%09%09%09%5B20191201%5D+-+Core+-+Path+Disclosure+in+framework+files%3C%2Fa%3E%3C%2Fspan%3E%0A%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%3Cdiv+class%3D%22feed-item-date%22%3E%0A%09%09%09%09%09%09%0916+December+2019%09%09%09%09%09%09%3C%2Fdiv%3E%0A%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%3Cdiv+class%3D%22feed-item-description%22%3E%0A%09%09%09%09%09%09%3Cul%3E%0A%3Cli%3E%3Cstrong%3EProject%3A%3C%2Fstrong%3E+Joomla%21%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESubProject%3A%3C%2Fstrong%3E+CMS%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EImpact%3A%3C%2Fstrong%3E%26nbsp%3BLow%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESeverity%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-info%22%3ELow%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EVersions%3A%3C%2Fstrong%3E+3.8.0+-+3.9.13%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EExploit+type%3A%3C%2Fstrong%3E+Path+Disclosure%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EReported+Date%3A%3C%2Fstrong%3E+2019-November-22%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EFixed+Date%3A%3C%2Fstrong%3E+2019-December-17%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ECVE+Number%3A%3C%2Fstrong%3E+%3Ca+href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-19845%22%3ECVE-2019-19845%3C%2Fa%3E%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Ch3%3EDescription%3C%2Fh3%3E%0A%3Cp%3EMissing+access+check+in+framework+files+could+lead+to+a+path+disclosure.%3C%2Fp%3E%0A%3Ch3%3EAffected+Installs%3C%2Fh3%3E%0A%3Cp%3EJoomla%21+CMS+versions+3.8.0+-+3.9.13%3C%2Fp%3E%0A%3Ch3%3ESolution%3C%2Fh3%3E%0A%3Cp%3EUpgrade+to+version+3.9.14%3C%2Fp%3E%0A%3Ch3%3EContact%3C%2Fh3%3E%0A%3Cp%3EThe+JSST+at+the+%3Ca+title%3D%22Contact+the+JSST%22+href%3D%22https%3A%2F%2Fdeveloper.joomla.org%2Fsecurity-centre.html%22%3EJoomla%21+Security+Centre%3C%2Fa%3E.%3C%2Fp%3E%0A%3Cdiv+class%3D%22alert+alert-info%22%3E%3Cstrong%3EReported+By%3A%26nbsp%3B%3C%2Fstrong%3ELee+Thao%2C+Viettel+Cyber+Security%3C%2Fdiv%3E%3Cdiv+class%3D%22feedflare%22%3E%0A%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Eff%2FJoomlaSecurityNews%3Fa%3D_fWsZ57Sw7g%3AuVTwWaDiNQ0%3AyIl2AUoC8zA%22%3E%3C%2Fa%3E%0A%3C%2Fdiv%3E%09%09%09%09%09%09%3C%2Fdiv%3E%0A%09%09%09%09%09%09%09%09%09%3C%2Fli%3E%0A%09%09%09%09%09%09%09%09%09%3Cli%3E%0A%09%09%09%09%09%09%09%09%09%09%09%3Cspan+class%3D%22feed-link%22%3E%0A%09%09%09%09%09%09%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Er%2FJoomlaSecurityNews%2F%7E3%2FZi-lVuM4KoY%2F795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html%22+target%3D%22_blank%22%3E%0A%09%09%09%09%09%09%5B20191002%5D+-+Core+-+Path+Disclosure+in+phpuft8+mapping+files%3C%2Fa%3E%3C%2Fspan%3E%0A%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%3Cdiv+class%3D%22feed-item-date%22%3E%0A%09%09%09%09%09%09%0905+November+2019%09%09%09%09%09%09%3C%2Fdiv%3E%0A%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%09%3Cdiv+class%3D%22feed-item-description%22%3E%0A%09%09%09%09%09%09%3Cul%3E%0A%3Cli%3E%3Cstrong%3EProject%3A%3C%2Fstrong%3E+Joomla%21%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESubProject%3A%3C%2Fstrong%3E+CMS%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EImpact%3A%3C%2Fstrong%3E%26nbsp%3BLow%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESeverity%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-info%22%3ELow%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EVersions%3A%3C%2Fstrong%3E+3.6.0+-+3.9.12%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EExploit+type%3A%3C%2Fstrong%3E+Path+Disclosure%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EReported+Date%3A%3C%2Fstrong%3E+2019-November-01%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EFixed+Date%3A%3C%2Fstrong%3E+2019-November-05%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ECVE+Number%3A%3C%2Fstrong%3E+%3Ca+href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-18674%22%3ECVE-2019-18674%3C%2Fa%3E%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Ch3%3EDescription%3C%2Fh3%3E%0A%3Cp%3EMissing+access+check+in+the+phputf8+mapping+files+could+lead+to+an+path+disclosure.%3C%2Fp%3E%0A%3Ch3%3EAffected+Installs%3C%2Fh3%3E%0A%3Cp%3EJoomla%21+CMS+versions+3.6.0+-+3.9.12%3C%2Fp%3E%0A%3Ch3%3ESolution%3C%2Fh3%3E%0A%3Cp%3EUpgrade+to+version+3.9.13%3C%2Fp%3E%0A%3Ch3%3EContact%3C%2Fh3%3E%0A%3Cp%3EThe+JSST+at+the+%3Ca+title%3D%22Contact+the+JSST%22+href%3D%22https%3A%2F%2Fdeveloper.joomla.org%2Fsecurity-centre.html%22%3EJoomla%21+Security+Centre%3C%2Fa%3E.%3C%2Fp%3E%0A%3Cdiv+class%3D%22alert+alert-info%22%3E%3Cstrong%3EReported+By%3A%26nbsp%3B%3C%2Fstrong%3EPhil+Taylor%3C%2Fdiv%3E%3Cdiv+class%3D%22feedflare%22%3E%0A%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Eff%2FJoomlaSecurityNews%3Fa%3DZi-lVuM4KoY%3AeFsJw4QiCW0%3AyIl2AUoC8zA%22%3E%3C%2Fa%3E%0A%3C%2Fdiv%3E%09%09%09%09%09%09%3C%2Fdiv%3E%0A%09%09%09%09%09%09%09%09%09%3C%2Fli%3E%0A%09%09%09%09%3C%2Ful%3E'
   96     1        NEW                                              $8      'DOMDocument'
          2        DO_FCALL                                      0          
          3        ASSIGN                                                   !1, $8
   97     4        INIT_METHOD_CALL                                         !1, 'loadHTML'
          5        SEND_VAR_EX                                              !0
          6        DO_FCALL                                      0          
   98     7        NEW                                              $12     'DOMXPath'
          8        SEND_VAR_EX                                              !1
          9        DO_FCALL                                      0          
         10        ASSIGN                                                   !2, $12
   99    11        INIT_METHOD_CALL                                         !2, 'query'
         12        SEND_VAL_EX                                              '%2F%2Fdiv%5Bcontains%28%40class%2C+%22feed-item-description%22%29%5D'
         13        DO_FCALL                                      0  $15     
         14        ASSIGN                                                   !3, $15
  100    15      > FE_RESET_R                                       $17     !3, ->47
         16    > > FE_FETCH_R                                               $17, !4, ->47
  101    17    >   INIT_METHOD_CALL                                         !2, 'query'
         18        SEND_VAL_EX                                              '%2A%2Fli%5Bcontains%28string%28%29%2C+%22Impact%3A%22%29%5D'
         19        SEND_VAR_EX                                              !4
         20        DO_FCALL                                      0  $18     
         21        ASSIGN                                                   !5, $18
  102    22        INIT_FCALL                                               'str_replace'
         23        SEND_VAL                                                 'Impact%3A+'
         24        SEND_VAL                                                 ''
         25        INIT_METHOD_CALL                                         !5, 'item'
         26        SEND_VAL_EX                                              0
         27        DO_FCALL                                      0  $20     
         28        FETCH_OBJ_R                                      ~21     $20, 'textContent'
         29        SEND_VAL                                                 ~21
         30        DO_ICALL                                         $22     
         31        CONCAT                                           ~23     'Impact%3A+', $22
         32        ECHO                                                     ~23
  103    33        ECHO                                                     '%0A'
  104    34        INIT_METHOD_CALL                                         !2, 'query'
         35        SEND_VAL_EX                                              '%2A%2Fli%5Bcontains%28string%28%29%2C+%22Severity%3A%22%29%5D%2Fspan%5Bcontains%28%40class%2C+%22label-info%22%29%5D'
         36        SEND_VAR_EX                                              !4
         37        DO_FCALL                                      0  $24     
         38        ASSIGN                                                   !6, $24
  105    39        INIT_METHOD_CALL                                         !6, 'item'
         40        SEND_VAL_EX                                              0
         41        DO_FCALL                                      0  $26     
         42        FETCH_OBJ_R                                      ~27     $26, 'textContent'
         43        CONCAT                                           ~28     'Severity%3A+', ~27
         44        CONCAT                                           ~29     ~28, '%0A'
         45        ECHO                                                     ~29
  100    46      > JMP                                                      ->16
         47    >   FE_FREE                                                  $17
  106    48      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
183.57 ms | 1408 KiB | 15 Q