Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/V3tAF function name: (null) number of ops: 6 compiled vars: !0 = $str line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 35 0 E > ASSIGN !0, 'qwejlj%3Cimg+src+%3Dx+onerror%3Dconfirm%28document.cookie%29%3Blol' 37 1 INIT_FCALL 'xss_clean' 2 SEND_VAR !0 3 DO_FCALL 0 $2 4 ECHO $2 5 > RETURN 1 Function xss_clean: Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 44) Position 1 = 93, Position 2 = 84 Branch analysis from position: 93 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 84 filename: /in/V3tAF function name: xss_clean number of ops: 95 compiled vars: !0 = $str, !1 = $old line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 3 0 E > RECV !0 6 1 INIT_FCALL 'str_replace' 2 SEND_VAL '%00' 3 SEND_VAL '' 4 SEND_VAR !0 5 DO_ICALL $2 6 ASSIGN !0, $2 8 7 INIT_FCALL 'str_replace' 8 SEND_VAL <array> 9 SEND_VAL <array> 10 SEND_VAR !0 11 DO_ICALL $4 12 ASSIGN !0, $4 9 13 INIT_FCALL 'preg_replace' 14 SEND_VAL '%2F%28%26%23%2A%5Cw%2B%29%5B%5Cx00-%5Cx20%5D%2B%3B%2Fu' 15 SEND_VAL '%241%3B' 16 SEND_VAR !0 17 DO_ICALL $6 18 ASSIGN !0, $6 10 19 INIT_FCALL 'preg_replace' 20 SEND_VAL '%2F%28%26%23x%2A%5B0-9A-F%5D%2B%29%3B%2A%2Fiu' 21 SEND_VAL '%241%3B' 22 SEND_VAR !0 23 DO_ICALL $8 24 ASSIGN !0, $8 11 25 INIT_FCALL 'preg_replace' 26 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%3Bbase64%2C.%2B%3E%7C%3C%5B%5E%3E%5D%2B%3F.%2B%3Bbase64%2C.%2B%3E.%2B%3C%5C%2F.%2B%3E%29%23' 27 SEND_VAL '' 28 SEND_VAR !0 29 DO_ICALL $10 30 ASSIGN !0, $10 13 31 INIT_FCALL 'html_entity_decode' 32 SEND_VAR !0 33 SEND_VAL 2 34 DO_ICALL $12 35 ASSIGN !0, $12 15 36 INIT_FCALL 'preg_replace' 37 SEND_VAL '%23%28%3F%3Aon%5Ba-z%5D%2B%7Cxmlns%29%5Cs%2A%3D%5Cs%2A%5B%27%22%5Cx00-%5Cx20%5D%3F%5B%5E%27%3E%22%5D%2A%5B%27%22%5Cx00-%5Cx20%5D%3F%5Cs%3F%23iu' 38 SEND_VAL '' 39 SEND_VAR !0 40 DO_ICALL $14 41 ASSIGN !0, $14 17 42 INIT_FCALL 'preg_replace' 43 SEND_VAL '%23%28%5Ba-z%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%28%5B%60%27%22%5D%2A%29%5B%5Cx00-%5Cx20%5D%2Aj%5B%5Cx00-%5Cx20%5D%2Aa%5B%5Cx00-%5Cx20%5D%2Av%5B%5Cx00-%5Cx20%5D%2Aa%5B%5Cx00-%5Cx20%5D%2As%5B%5Cx00-%5Cx20%5D%2Ac%5B%5Cx00-%5Cx20%5D%2Ar%5B%5Cx00-%5Cx20%5D%2Ai%5B%5Cx00-%5Cx20%5D%2Ap%5B%5Cx00-%5Cx20%5D%2At%5B%5Cx00-%5Cx20%5D%2A%3A%23iu' 44 SEND_VAL '%241%3D%242nojavascript...' 45 SEND_VAR !0 46 DO_ICALL $16 47 ASSIGN !0, $16 18 48 INIT_FCALL 'preg_replace' 49 SEND_VAL '%23%28%5Ba-z%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A%3D%28%5B%27%22%5D%2A%29%5B%5Cx00-%5Cx20%5D%2Av%5B%5Cx00-%5Cx20%5D%2Ab%5B%5Cx00-%5Cx20%5D%2As%5B%5Cx00-%5Cx20%5D%2Ac%5B%5Cx00-%5Cx20%5D%2Ar%5B%5Cx00-%5Cx20%5D%2Ai%5B%5Cx00-%5Cx20%5D%2Ap%5B%5Cx00-%5Cx20%5D%2At%5B%5Cx00-%5Cx20%5D%2A%3A%23iu' 50 SEND_VAL '%241%3D%242novbscript...' 51 SEND_VAR !0 52 DO_ICALL $18 53 ASSIGN !0, $18 19 54 INIT_FCALL 'preg_replace' 55 SEND_VAL '%23%28%5Ba-z%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A%3D%28%5B%27%22%5D%2A%29%5B%5Cx00-%5Cx20%5D%2A-moz-binding%5B%5Cx00-%5Cx20%5D%2A%3A%23u' 56 SEND_VAL '%241%3D%242nomozbinding...' 57 SEND_VAR !0 58 DO_ICALL $20 59 ASSIGN !0, $20 21 60 INIT_FCALL 'preg_replace' 61 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%29style%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%5B%60%27%22%5D%2A.%2A%3Fexpression%5B%5Cx00-%5Cx20%5D%2A%5C%28%5B%5E%3E%5D%2A%2B%3E%23is' 62 SEND_VAL '%241%3E' 63 SEND_VAR !0 64 DO_ICALL $22 65 ASSIGN !0, $22 22 66 INIT_FCALL 'preg_replace' 67 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%29style%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%5B%60%27%22%5D%2A.%2A%3Fbehaviour%5B%5Cx00-%5Cx20%5D%2A%5C%28%5B%5E%3E%5D%2A%2B%3E%23is' 68 SEND_VAL '%241%3E' 69 SEND_VAR !0 70 DO_ICALL $24 71 ASSIGN !0, $24 23 72 INIT_FCALL 'preg_replace' 73 SEND_VAL '%23%28%3C%5B%5E%3E%5D%2B%3F%29style%5B%5Cx00-%5Cx20%5D%2A%3D%5B%5Cx00-%5Cx20%5D%2A%5B%60%27%22%5D%2A.%2A%3Fs%5B%5Cx00-%5Cx20%5D%2Ac%5B%5Cx00-%5Cx20%5D%2Ar%5B%5Cx00-%5Cx20%5D%2Ai%5B%5Cx00-%5Cx20%5D%2Ap%5B%5Cx00-%5Cx20%5D%2At%5B%5Cx00-%5Cx20%5D%2A%3A%2A%5B%5E%3E%5D%2A%2B%3E%23ius' 74 SEND_VAL '%241%3E' 75 SEND_VAR !0 76 DO_ICALL $26 77 ASSIGN !0, $26 25 78 INIT_FCALL 'preg_replace' 79 SEND_VAL '%23%3C%21--%2A%5Cw%2B%3A%5Cw%5B%5E--%3E%5D%2A%2B%3E%23i' 80 SEND_VAL '' 81 SEND_VAR !0 82 DO_ICALL $28 83 ASSIGN !0, $28 28 84 > ASSIGN !1, !0 29 85 INIT_FCALL 'preg_replace' 86 SEND_VAL '%23%3C%21--%2A%28%3F%3Aapplet%7Cb%28%3F%3Aase%7Cgsound%7Clink%29%7Cembed%7Cilayer%7Cl%28%3F%3Aayer%7Cink%29%7Cmeta%7Cobject%7Cs%28%3F%3Acript%7Ctyle%29%7Ctitle%7Cxml%29%5B%5E--%3E%5D%2A%2B%3E%23i' 87 SEND_VAL '' 88 SEND_VAR !0 89 DO_ICALL $31 90 ASSIGN !0, $31 31 91 IS_NOT_IDENTICAL !1, !0 92 > JMPNZ ~33, ->84 32 93 > > RETURN !0 33 94* > RETURN null End of function xss_clean
Generated using Vulcan Logic Dumper, using php 8.0.0