Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 8, Position 2 = 9
Branch analysis from position: 8
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 9
2 jumps found. (Code = 43) Position 1 = 12, Position 2 = 24
Branch analysis from position: 12
2 jumps found. (Code = 43) Position 1 = 30, Position 2 = 33
Branch analysis from position: 30
1 jumps found. (Code = 42) Position 1 = 38
Branch analysis from position: 38
2 jumps found. (Code = 43) Position 1 = 40, Position 2 = 41
Branch analysis from position: 40
2 jumps found. (Code = 43) Position 1 = 45, Position 2 = 111
Branch analysis from position: 45
2 jumps found. (Code = 43) Position 1 = 52, Position 2 = 53
Branch analysis from position: 52
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 53
2 jumps found. (Code = 46) Position 1 = 120, Position 2 = 123
Branch analysis from position: 120
2 jumps found. (Code = 43) Position 1 = 124, Position 2 = 140
Branch analysis from position: 124
2 jumps found. (Code = 43) Position 1 = 139, Position 2 = 140
Branch analysis from position: 139
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 140
2 jumps found. (Code = 43) Position 1 = 141, Position 2 = 239
Branch analysis from position: 141
1 jumps found. (Code = 42) Position 1 = 218
Branch analysis from position: 218
2 jumps found. (Code = 44) Position 1 = 223, Position 2 = 142
Branch analysis from position: 223
2 jumps found. (Code = 43) Position 1 = 227, Position 2 = 239
Branch analysis from position: 227
2 jumps found. (Code = 43) Position 1 = 242, Position 2 = 243
Branch analysis from position: 242
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 243
Branch analysis from position: 239
Branch analysis from position: 142
2 jumps found. (Code = 43) Position 1 = 171, Position 2 = 172
Branch analysis from position: 171
1 jumps found. (Code = 42) Position 1 = 223
Branch analysis from position: 223
Branch analysis from position: 172
2 jumps found. (Code = 43) Position 1 = 175, Position 2 = 176
Branch analysis from position: 175
2 jumps found. (Code = 43) Position 1 = 177, Position 2 = 197
Branch analysis from position: 177
2 jumps found. (Code = 43) Position 1 = 179, Position 2 = 181
Branch analysis from position: 179
1 jumps found. (Code = 42) Position 1 = 218
Branch analysis from position: 218
Branch analysis from position: 181
2 jumps found. (Code = 43) Position 1 = 206, Position 2 = 217
Branch analysis from position: 206
2 jumps found. (Code = 44) Position 1 = 223, Position 2 = 142
Branch analysis from position: 223
Branch analysis from position: 142
Branch analysis from position: 217
Branch analysis from position: 197
Branch analysis from position: 176
Branch analysis from position: 239
Branch analysis from position: 140
Branch analysis from position: 123
Branch analysis from position: 111
Branch analysis from position: 41
Branch analysis from position: 33
2 jumps found. (Code = 43) Position 1 = 37, Position 2 = 38
Branch analysis from position: 37
2 jumps found. (Code = 43) Position 1 = 40, Position 2 = 41
Branch analysis from position: 40
Branch analysis from position: 41
Branch analysis from position: 38
Branch analysis from position: 24
filename: /in/Zr2No
function name: (null)
number of ops: 248
compiled vars: !0 = $guestbook, !1 = $adminPassword, !2 = $admin, !3 = $password, !4 = $file, !5 = $date, !6 = $id, !7 = $name, !8 = $lastname, !9 = $email, !10 = $comment, !11 = $tfile, !12 = $delete, !13 = $deleteId, !14 = $line
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
5 0 E > ASSIGN !0, 'guestbook.dat'
7 1 ASSIGN !1, '%24uP3rDUP3r'
12 2 INIT_FCALL 'error_reporting'
3 SEND_VAL 32757
4 DO_ICALL
16 5 ASSIGN !2, 0
17 6 IS_EQUAL !1, 'Change%24'
7 > JMPZ ~19, ->9
18 8 > > EXIT 'You+need+to+change+%24adminPassword+first.'
34 9 > INIT_FCALL_BY_NAME 'get_magic_quotes_gpc'
10 DO_FCALL 0 $20
11 > JMPZ $20, ->24
35 12 > INIT_FCALL 'stripslashes_nested'
13 FETCH_R global ~22 '_GET'
14 SEND_VAL ~22
15 DO_FCALL 0 $23
16 FETCH_W global $21 '_GET'
17 ASSIGN $21, $23
36 18 INIT_FCALL 'stripslashes_nested'
19 FETCH_R global ~26 '_POST'
20 SEND_VAL ~26
21 DO_FCALL 0 $27
22 FETCH_W global $25 '_POST'
23 ASSIGN $25, $27
39 24 > ECHO '%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3EGuestbook%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody%3E%0A%3Ch1+align%3D%22center%22%3ETriumphant+Personal+Care+Guestbook%3C%2Fh1%3E%0A%3Cdiv+align%3D%22center%22%3E%0A'
47 25 ASSIGN !3, ''
48 26 FETCH_R global ~30 '_POST'
27 FETCH_DIM_R ~31 ~30, 'password'
28 IS_EQUAL !1, ~31
29 > JMPZ ~32, ->33
49 30 > ASSIGN !2, 1
50 31 ASSIGN !3, !1
32 > JMP ->38
51 33 > FETCH_R global ~35 '_POST'
34 FETCH_DIM_R ~36 ~35, 'password'
35 STRLEN ~37 ~36
36 > JMPZ ~37, ->38
52 37 > ECHO '%3Ch2%3ELogin+Failed+%28Bad+Password%29%3C%2Fh2%3E%0A'
54 38 > ECHO '%09%0A%3Ctable+border%3D%220%22+cellpadding%3D%223%22+cellspacing%3D%223%22%3E%0A%3Ctr%3E%3Cth%3EDate%3C%2Fth%3E%3Cth%3ELast+Name%3C%2Fth%3E%3Cth%3EComment%3C%2Fth%3E%0A'
58 39 > JMPZ !2, ->41
59 40 > ECHO '%3Cth%3EControls%3C%2Fth%3E'
62 41 > ECHO '%3C%2Ftr%3E%0A'
64 42 FETCH_R global ~38 '_POST'
43 FETCH_DIM_R ~39 ~38, 'submit'
44 > JMPZ ~39, ->111
65 45 > INIT_FCALL 'fopen'
46 SEND_VAR !0
47 SEND_VAL 'a'
48 DO_ICALL $40
49 ASSIGN !4, $40
66 50 BOOL_NOT ~42 !4
51 > JMPZ ~42, ->53
67 52 > > EXIT 'Can%27t+write+to+guestbook+file'
69 53 > INIT_FCALL 'date'
54 SEND_VAL 'F+j%2C+Y%2C+g%3Ai+a'
55 DO_ICALL $43
56 ASSIGN !5, $43
70 57 INIT_FCALL 'rand'
58 DO_ICALL $45
59 ASSIGN !6, $45
71 60 FETCH_R global ~47 '_POST'
61 FETCH_DIM_R ~48 ~47, 'name'
62 ASSIGN !7, ~48
72 63 FETCH_R global ~50 '_POST'
64 FETCH_DIM_R ~51 ~50, 'lastname'
65 ASSIGN !8, ~51
73 66 FETCH_R global ~53 '_POST'
67 FETCH_DIM_R ~54 ~53, 'email'
68 ASSIGN !9, ~54
74 69 FETCH_R global ~56 '_POST'
70 FETCH_DIM_R ~57 ~56, 'comment'
71 ASSIGN !10, ~57
75 72 INIT_FCALL_BY_NAME 'clean'
73 SEND_VAR_EX !7
74 SEND_VAL_EX 40
75 DO_FCALL 0 $59
76 ASSIGN !7, $59
76 77 INIT_FCALL_BY_NAME 'clean'
78 SEND_VAR_EX !8
79 SEND_VAL_EX 40
80 DO_FCALL 0 $61
81 ASSIGN !8, $61
77 82 INIT_FCALL_BY_NAME 'clean'
83 SEND_VAR_EX !9
84 SEND_VAL_EX 40
85 DO_FCALL 0 $63
86 ASSIGN !9, $63
78 87 INIT_FCALL_BY_NAME 'clean'
88 SEND_VAR_EX !10
89 SEND_VAL_EX 40
90 DO_FCALL 0 $65
91 ASSIGN !10, $65
79 92 INIT_FCALL 'fwrite'
93 SEND_VAR !4
80 94 ROPE_INIT 12 ~68 !5
95 ROPE_ADD 1 ~68 ~68, '%09'
96 ROPE_ADD 2 ~68 ~68, !7
97 ROPE_ADD 3 ~68 ~68, '%09'
98 ROPE_ADD 4 ~68 ~68, !8
99 ROPE_ADD 5 ~68 ~68, '%09'
100 ROPE_ADD 6 ~68 ~68, !9
101 ROPE_ADD 7 ~68 ~68, '%09'
102 ROPE_ADD 8 ~68 ~68, !10
103 ROPE_ADD 9 ~68 ~68, '%09'
104 ROPE_ADD 10 ~68 ~68, !6
105 ROPE_END 11 ~67 ~68, '%0A'
106 SEND_VAL ~67
107 DO_ICALL
81 108 INIT_FCALL 'fclose'
109 SEND_VAR !4
110 DO_ICALL
83 111 > INIT_FCALL 'fopen'
112 SEND_VAR !0
113 SEND_VAL 'r'
114 DO_ICALL $76
115 ASSIGN !4, $76
84 116 ASSIGN !11, null
85 117 ASSIGN !12, 0
86 118 ASSIGN !13, ''
87 119 > JMPZ_EX ~81 !2, ->123
120 > FETCH_R global ~82 '_POST'
121 FETCH_DIM_R ~83 ~82, 'delete'
122 BOOL ~81 ~83
123 > > JMPZ ~81, ->140
88 124 > ASSIGN !12, 1
89 125 FETCH_R global ~85 '_POST'
126 FETCH_DIM_R ~86 ~85, 'id'
127 ASSIGN !13, ~86
90 128 BEGIN_SILENCE ~88
129 INIT_FCALL 'fopen'
130 NOP
131 FAST_CONCAT ~89 !0, '.tmp'
132 SEND_VAL ~89
133 SEND_VAL 'w'
134 DO_ICALL $90
135 END_SILENCE ~88
136 ASSIGN !11, $90
91 137 BOOL_NOT ~92 !11
138 > JMPZ ~92, ->140
92 139 > > EXIT 'Can%27t+create+temporary+file+for+delete+operation'
95 140 > > JMPZ !4, ->239
96 141 > > JMP ->218
97 142 > INIT_FCALL 'fgets'
143 SEND_VAR !4
144 DO_ICALL $93
145 ASSIGN !14, $93
98 146 INIT_FCALL 'trim'
147 SEND_VAR !14
148 DO_ICALL $95
149 ASSIGN !14, $95
100 150 INIT_FCALL_BY_NAME 'split'
151 SEND_VAL_EX '%09'
152 SEND_VAR_EX !14
153 SEND_VAL_EX 6
154 DO_FCALL 0 $97
155 FETCH_LIST_R $98 $97, 0
99 156 ASSIGN !5, $98
157 FETCH_LIST_R $100 $97, 1
158 ASSIGN !7, $100
159 FETCH_LIST_R $102 $97, 2
160 ASSIGN !8, $102
161 FETCH_LIST_R $104 $97, 3
162 ASSIGN !9, $104
163 FETCH_LIST_R $106 $97, 4
164 ASSIGN !10, $106
165 FETCH_LIST_R $108 $97, 5
166 ASSIGN !6, $108
167 FREE $97
101 168 STRLEN ~110 !5
169 BOOL_NOT ~111 ~110
170 > JMPZ ~111, ->172
102 171 > > JMP ->223
104 172 > STRLEN ~112 !6
173 BOOL_NOT ~113 ~112
174 > JMPZ ~113, ->176
106 175 > ASSIGN !6, !5
108 176 > > JMPZ !12, ->197
109 177 > IS_EQUAL !6, !13
178 > JMPZ ~115, ->181
110 179 > > JMP ->218
180* JMP ->197
112 181 > INIT_FCALL 'fwrite'
182 SEND_VAR !11
113 183 ROPE_INIT 12 ~117 !5
184 ROPE_ADD 1 ~117 ~117, '%09'
185 ROPE_ADD 2 ~117 ~117, !7
186 ROPE_ADD 3 ~117 ~117, '%09'
187 ROPE_ADD 4 ~117 ~117, !8
188 ROPE_ADD 5 ~117 ~117, '%09'
189 ROPE_ADD 6 ~117 ~117, !9
190 ROPE_ADD 7 ~117 ~117, '%09'
191 ROPE_ADD 8 ~117 ~117, !10
192 ROPE_ADD 9 ~117 ~117, '%09'
193 ROPE_ADD 10 ~117 ~117, !6
194 ROPE_END 11 ~116 ~117, '%0A'
195 SEND_VAL ~116
196 DO_ICALL
116 197 > ROPE_INIT 7 ~125 '%3Ctr%3E%3Ctd%3E'
198 ROPE_ADD 1 ~125 ~125, !5
199 ROPE_ADD 2 ~125 ~125, '%3C%2Ftd%3E%3Ctd%3E'
200 ROPE_ADD 3 ~125 ~125, !8
201 ROPE_ADD 4 ~125 ~125, '%3C%2Ftd%3E%3Ctd%3E'
202 ROPE_ADD 5 ~125 ~125, !10
203 ROPE_END 6 ~124 ~125, '%3C%2Ftd%3E'
204 ECHO ~124
118 205 > JMPZ !2, ->217
119 206 > ECHO '%3Ctd%3E'
121 207 ECHO '%3Cform+action%3D%22keith.php%22+method%3D%22POST%22%3E'
122 208 INIT_FCALL_BY_NAME 'passwordField'
209 DO_FCALL 0
123 210 INIT_FCALL_BY_NAME 'hiddenField'
211 SEND_VAL_EX 'id'
212 SEND_VAR_EX !6
213 DO_FCALL 0
126 214 ECHO '%3Cinput+type%3D%22submit%22+value%3D%22Delete%22+name%3D%22delete%22%3E'
127 215 ECHO '%3C%2Fform%3E'
128 216 ECHO '%3C%2Ftd%3E'
130 217 > ECHO '%3C%2Ftr%3E%0A'
96 218 > INIT_FCALL 'feof'
219 SEND_VAR !4
220 DO_ICALL $131
221 BOOL_NOT ~132 $131
222 > JMPNZ ~132, ->142
132 223 > INIT_FCALL 'fclose'
224 SEND_VAR !4
225 DO_ICALL
133 226 > JMPZ !12, ->239
134 227 > INIT_FCALL 'fclose'
228 SEND_VAR !11
229 DO_ICALL
135 230 INIT_FCALL 'unlink'
231 SEND_VAR !0
232 DO_ICALL
136 233 INIT_FCALL 'rename'
234 NOP
235 FAST_CONCAT ~136 !0, '.tmp'
236 SEND_VAL ~136
237 SEND_VAR !0
238 DO_ICALL
172 239 > ECHO '%3C%2Ftable%3E%0A'
174 240 BOOL_NOT ~138 !2
241 > JMPZ ~138, ->243
176 242 > ECHO '%3Cform+action%3D%22keith.php%22+method%3D%22POST%22%3E%0A%3Cb%3EAdmin+Login%3C%2Fb%3E%0A%3Cp%3E%0AAdmin+Password%3A+%3Cinput+type%3D%22password%22+name%3D%22password%22%3E%0A%3Cinput+type%3D%22submit%22+name%3D%22login%22+value%3D%22Log+In%22%3E%0A%3C%2Fform%3E%0A'
185 243 > ECHO '%3Cform+action%3D%22keith.php%22+method%3D%22POST%22%3E%0A%3Ctable+border%3D%220%22+cellpadding%3D%225%22+cellspacing%3D%225%22%3E%0A%3Ctr%3E%0A%3Ctd+colspan%3D%222%22%3ESign+My+Guestbook%21%3C%2Ftd%3E%0A%3C%2Ftr%3E%0A%3Ctr%3E%0A%3Cth%3EName%3C%2Fth%3E%3Ctd%3E%3Cinput+name%3D%22name%22+maxlength%3D%2240%22%3E%3C%2Ftd%3E%0A%3C%2Ftr%3E%0A%3Ctr%3E%0A%3Cth%3ELast+Name%3C%2Fth%3E%3Ctd%3E%3Cinput+name%3D%22lastname%22+maxlength%3D%2240%22%3E%3C%2Ftd%3E%0A%3C%2Ftr%3E%0A%3Ctr%3E%0A%3Cth%3EEmail%3C%2Fth%3E%3Ctd%3E%3Cinput+name%3D%22email%22+maxlength%3D%2240%22%3E%3C%2Ftd%3E%0A%3C%2Ftr%3E%0A%3Ctr%3E%0A%3Cth%3EComment%3C%2Fth%3E%3Ctd%3E%3Cinput+name%3D%22comment%22+maxlength%3D%2240%22%3E%3C%2Ftd%3E%0A%3C%2Ftr%3E%0A%3Ctr%3E%0A%3Cth+colspan%3D%222%22%3E%0A%3Cinput+type%3D%22submit%22+name%3D%22submit%22+value%3D%22Sign+the+Guestbook%22%3E%0A%3C%2Fth%3E%0A%3C%2Ftr%3E%0A%0A%3C%2Ftable%3E+%0A'
210 244 INIT_FCALL 'passwordfield'
245 DO_FCALL 0
212 246 ECHO '%3C%2Fform%3E%0A%3C%2Fdiv%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E'
215 247 > RETURN 1
Function stripslashes_nested:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 3, Position 2 = 9
Branch analysis from position: 3
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 9
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/Zr2No
function name: stripslashes_nested
number of ops: 14
compiled vars: !0 = $v
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
25 0 E > RECV !0
27 1 TYPE_CHECK 128 !0
2 > JMPZ ~1, ->9
28 3 > INIT_FCALL 'array_map'
4 SEND_VAL 'stripslashes_nested'
5 SEND_VAR !0
6 DO_ICALL $2
7 > RETURN $2
8* JMP ->13
30 9 > INIT_FCALL 'stripslashes'
10 SEND_VAR !0
11 DO_ICALL $3
12 > RETURN $3
32 13* > RETURN null
End of function stripslashes_nested
Function clean:
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/Zr2No
function name: clean
number of ops: 34
compiled vars: !0 = $name, !1 = $max
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
139 0 E > RECV !0
1 RECV !1
142 2 INIT_FCALL_BY_NAME 'ereg_replace'
3 SEND_VAL_EX '%5B%5B%3Aspace%3A%5D%5D'
4 SEND_VAL_EX '+'
5 SEND_VAR_EX !0
6 DO_FCALL 0 $2
7 ASSIGN !0, $2
145 8 INIT_FCALL_BY_NAME 'ereg_replace'
9 SEND_VAL_EX '%26'
10 SEND_VAL_EX '%26amp%3B'
11 SEND_VAR_EX !0
12 DO_FCALL 0 $4
13 ASSIGN !0, $4
146 14 INIT_FCALL_BY_NAME 'ereg_replace'
15 SEND_VAL_EX '%3C'
16 SEND_VAL_EX '%26lt%3B'
17 SEND_VAR_EX !0
18 DO_FCALL 0 $6
19 ASSIGN !0, $6
147 20 INIT_FCALL_BY_NAME 'ereg_replace'
21 SEND_VAL_EX '%3E'
22 SEND_VAL_EX '%26gt%3B'
23 SEND_VAR_EX !0
24 DO_FCALL 0 $8
25 ASSIGN !0, $8
149 26 INIT_FCALL 'substr'
27 SEND_VAR !0
28 SEND_VAL 0
29 SEND_VAR !1
30 DO_ICALL $10
31 ASSIGN !0, $10
157 32 > RETURN !0
158 33* > RETURN null
End of function clean
Function passwordfield:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 4, Position 2 = 5
Branch analysis from position: 4
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 5
1 jumps found. (Code = 62) Position 1 = -2
filename: /in/Zr2No
function name: passwordField
number of ops: 10
compiled vars: !0 = $admin, !1 = $password
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
160 0 E > BIND_GLOBAL !0, 'admin'
161 1 BIND_GLOBAL !1, 'password'
162 2 BOOL_NOT ~2 !0
3 > JMPZ ~2, ->5
163 4 > > RETURN null
165 5 > INIT_FCALL_BY_NAME 'hiddenField'
6 SEND_VAL_EX 'password'
7 SEND_VAR_EX !1
8 DO_FCALL 0
166 9 > RETURN nulGenerated using Vulcan Logic Dumper, using php 8.0.0