Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/V3tAF
function name: (null)
number of ops: 6
compiled vars: !0 = $str
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
35 0 E > ASSIGN !0, 'qwejlj%3Cimg+src+%3Dx+onerror%3Dconfirm%28document.cookie%29%3Blol'
37 1 INIT_FCALL 'xss_clean'
2 SEND_VAR !0
3 DO_FCALL 0 $2
4 ECHO $2
5 > RETURN 1
Function xss_clean:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 44) Position 1 = 93, Position 2 = 84
Branch analysis from position: 93
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 84
filename: /in/V3tAF
function name: xss_clean
number of ops: 95
compiled vars: !0 = $str, !1 = $old
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
3 0 E > RECV !0
6 1 INIT_FCALL 'str_replace'
2 SEND_VAL '%00'
3 SEND_VAL ''
4 SEND_VAR !0
5 DO_ICALL $2
6 ASSIGN !0, $2
8 7 INIT_FCALL 'str_replace'
8 SEND_VAL <array>
9 SEND_VAL <array>
10 SEND_VAR !0
11 DO_ICALL $4
12 ASSIGN !0, $4
9 13 INIT_FCALL 'preg_replace'
14 SEND_VAL '%2F%28%26%23%2A%5Cw%2B%29%5B%5Cx00-%5Cx20%5D%2B%3B%2Fu'
15 SEND_VAL '%241%3B'
16 SEND_VAR !0
17 DO_ICALL $6
18 ASSIGN !0, $6
10 19 INIT_FCALL 'preg_replace'
20 SEND_VAL '%2F%28%26%23x%2A%5B0-9A-F%5D%2B%29%3B%2A%2Fiu'
21 SEND_VAL '%241%3B'
22 SEND_VAR !0
23 DO_ICALL $8
24 ASSIGN !0, $8
11 25 INIT_FCALL 'preg_replace'
26 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%3Bbase64%2C.%2B%3E%7C%3C%5B%5E%3E%5D%2B%3F.%2B%3Bbase64%2C.%2B%3E.%2B%3C%5C%2F.%2B%3E%29%23'
27 SEND_VAL ''
28 SEND_VAR !0
29 DO_ICALL $10
30 ASSIGN !0, $10
13 31 INIT_FCALL 'html_entity_decode'
32 SEND_VAR !0
33 SEND_VAL 2
34 DO_ICALL $12
35 ASSIGN !0, $12
15 36 INIT_FCALL 'preg_replace'
37 SEND_VAL '%23%28%3F%3Aon%5Ba-z%5D%2B%7Cxmlns%29%5Cs%2A%3D%5Cs%2A%5B%27%22%5Cx00-%5Cx20%5D%3F%5B%5E%27%3E%22%5D%2A%5B%27%22%5Cx00-%5Cx20%5D%3F%5Cs%3F%23iu'
38 SEND_VAL ''
39 SEND_VAR !0
40 DO_ICALL $14
41 ASSIGN !0, $14
17 42 INIT_FCALL 'preg_replace'
43 SEND_VAL '%23%28%5Ba-z%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%28%5B%60%27%22%5D%2A%29%5B%5Cx00-%5Cx20%5D%2Aj%5B%5Cx00-%5Cx20%5D%2Aa%5B%5Cx00-%5Cx20%5D%2Av%5B%5Cx00-%5Cx20%5D%2Aa%5B%5Cx00-%5Cx20%5D%2As%5B%5Cx00-%5Cx20%5D%2Ac%5B%5Cx00-%5Cx20%5D%2Ar%5B%5Cx00-%5Cx20%5D%2Ai%5B%5Cx00-%5Cx20%5D%2Ap%5B%5Cx00-%5Cx20%5D%2At%5B%5Cx00-%5Cx20%5D%2A%3A%23iu'
44 SEND_VAL '%241%3D%242nojavascript...'
45 SEND_VAR !0
46 DO_ICALL $16
47 ASSIGN !0, $16
18 48 INIT_FCALL 'preg_replace'
49 SEND_VAL '%23%28%5Ba-z%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A%3D%28%5B%27%22%5D%2A%29%5B%5Cx00-%5Cx20%5D%2Av%5B%5Cx00-%5Cx20%5D%2Ab%5B%5Cx00-%5Cx20%5D%2As%5B%5Cx00-%5Cx20%5D%2Ac%5B%5Cx00-%5Cx20%5D%2Ar%5B%5Cx00-%5Cx20%5D%2Ai%5B%5Cx00-%5Cx20%5D%2Ap%5B%5Cx00-%5Cx20%5D%2At%5B%5Cx00-%5Cx20%5D%2A%3A%23iu'
50 SEND_VAL '%241%3D%242novbscript...'
51 SEND_VAR !0
52 DO_ICALL $18
53 ASSIGN !0, $18
19 54 INIT_FCALL 'preg_replace'
55 SEND_VAL '%23%28%5Ba-z%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A%3D%28%5B%27%22%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A-moz-binding%5B%5Cx00-%5Cx20%5D%2A%3A%23u'
56 SEND_VAL '%241%3D%242nomozbinding...'
57 SEND_VAR !0
58 DO_ICALL $20
59 ASSIGN !0, $20
21 60 INIT_FCALL 'preg_replace'
61 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%29style%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%5B%60%27%22%5D%2A.%2A%3Fexpression%5B%5Cx00-%5Cx20%5D%2A%5C%28%5B%5E%3E%5D%2A%2B%3E%23is'
62 SEND_VAL '%241%3E'
63 SEND_VAR !0
64 DO_ICALL $22
65 ASSIGN !0, $22
22 66 INIT_FCALL 'preg_replace'
67 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%29style%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%5B%60%27%22%5D%2A.%2A%3Fbehaviour%5B%5Cx00-%5Cx20%5D%2A%5C%28%5B%5E%3E%5D%2A%2B%3E%23is'
68 SEND_VAL '%241%3E'
69 SEND_VAR !0
70 DO_ICALL $24
71 ASSIGN !0, $24
23 72 INIT_FCALL 'preg_replace'
73 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%29style%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%5B%60%27%22%5D%2A.%2A%3Fs%5B%5Cx00-%5Cx20%5D%2Ac%5B%5Cx00-%5Cx20%5D%2Ar%5B%5Cx00-%5Cx20%5D%2Ai%5B%5Cx00-%5Cx20%5D%2Ap%5B%5Cx00-%5Cx20%5D%2At%5B%5Cx00-%5Cx20%5D%2A%3A%2A%5B%5E%3E%5D%2A%2B%3E%23ius'
74 SEND_VAL '%241%3E'
75 SEND_VAR !0
76 DO_ICALL $26
77 ASSIGN !0, $26
25 78 INIT_FCALL 'preg_replace'
79 SEND_VAL '%23%3C%21--%2A%5Cw%2B%3A%5Cw%5B%5E--%3E%5D%2A%2B%3E%23i'
80 SEND_VAL ''
81 SEND_VAR !0
82 DO_ICALL $28
83 ASSIGN !0, $28
28 84 > ASSIGN !1, !0
29 85 INIT_FCALL 'preg_replace'
86 SEND_VAL '%23%3C%21--%2A%28%3F%3Aapplet%7Cb%28%3F%3Aase%7Cgsound%7Clink%29%7Cembed%7Cilayer%7Cl%28%3F%3Aayer%7Cink%29%7Cmeta%7Cobject%7Cs%28%3F%3Acript%7Ctyle%29%7Ctitle%7Cxml%29%5B%5E--%3E%5D%2A%2B%3E%23i'
87 SEND_VAL ''
88 SEND_VAR !0
89 DO_ICALL $31
90 ASSIGN !0, $31
31 91 IS_NOT_IDENTICAL !1, !0
92 > JMPNZ ~33, ->84
32 93 > > RETURN !0
33 94* > RETURN null
End of function xss_clean
Generated using Vulcan Logic Dumper, using php 8.0.0