|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 111
Members: 0
Total: 111
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Need to decode this code |
|
Posted: Wed Nov 17, 2010 3:06 pm |
|
|
sanczo |
Beginner |
|
|
Joined: Nov 17, 2010 |
Posts: 4 |
|
|
|
|
|
|
|
|
|
|
|
Posted: Fri Nov 19, 2010 1:28 pm |
|
|
sanczo |
Beginner |
|
|
Joined: Nov 17, 2010 |
Posts: 4 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Posted: Fri Nov 19, 2010 2:21 pm |
|
|
sugianto |
Advanced user |
|
|
Joined: Mar 27, 2010 |
Posts: 62 |
|
|
|
|
|
|
|
Code: | <?php
require('includes/application_top.php');
$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');
if (tep_not_null($action)) {
$pole = $_POST['pole'];
$wartosc = $_POST['wartosc'];
$opis = $_POST['opis'];
$zawartosc_pliku = '<?php' . "\n";
for ($i = 0; $i < sizeof($pole); $i++) {
if ($pole[$i] != '') {
if ($wartosc[$i] == 'true' || $wartosc[$i] == 'false') {
$war = $wartosc[$i];
} else {
$war = "'" . $wartosc[$i] . "'";
if (substr($pole[$i], 0, 9) == '**INPUT**') {
$pole[$i] = str_replace('**INPUT**', '', $pole[$i]);
$opis[$i] = '**INPUT**' . $opis[$i];
}
}
$zawartosc_pliku .= "define('" . $pole[$i] . "'," . $war . "); //" . $opis[$i] . "\n";
} else {
$zawartosc_pliku .= preg_replace("/\r\n|\n\r|\r|\n/", "", $opis[$i]) . "\n";
}
}
$zawartosc_pliku .= '?>';
$file = '../includes/configure_osc.php';
if ($fp = fopen($file, "wt")) {
flock($fp, 2);
fwrite($fp, $zawartosc_pliku);
flock($fp, 3);
fclose($fp);
tep_redirect(tep_href_link(FILENAME_CONFIGURATIONS . '?wynik=ok'));
} else {
tep_redirect(tep_href_link(FILENAME_CONFIGURATIONS . '?wynik=blad'));
}
}
print(agF1gTdKEBPd6CaJ($sxqlut929));
require(DIR_WS_INCLUDES . 'header.php');
print(agF1gTdKEBPd6CaJ($wanbki930));
echo 'Dodatkowe ustawienia wyglądu';
print(agF1gTdKEBPd6CaJ($qhrove931));
echo tep_draw_separator('pixel_trans.gif', '80', '80');
print(agF1gTdKEBPd6CaJ($vbumfa932));
if (isset($_GET['wynik'])) {
if ($_GET['wynik'] == 'ok') {
echo "<tr><td><script type='text/javascript' language='javascript'>okno('Dane zostały zaktualizowane')</script></td> </tr>";
}
if ($_GET['wynik'] == 'blad') {
echo "<tr><td><script type='text/javascript' language='javascript'>okno('Nastąpił błąd podczas zapisu. Możliwe że plik nie ma praw do zapisu !!')</script></td></tr>";
}
}
print(agF1gTdKEBPd6CaJ($nxljgy933));
echo 'action="' . tep_href_link(FILENAME_CONFIGURATIONS, tep_get_all_get_params(array('action')) . 'action=zapisz', 'NONSSL') . '"';
print(agF1gTdKEBPd6CaJ($hvawah934));
$plik_dane = '../includes/configure_osc.php';
$lines = file($plik_dane);
for ($i = 0; $i < sizeof($lines); $i++) {
$lines[$i] = preg_replace("/\r\n|\n\r|\r|\n/", "", $lines[$i]);
if (substr($lines[$i], 0, 2) == '//') {
echo '<tr><td class="main" colspan="2" style="font-weight:bold;font-size:13px;color:#275628;background:#d4d4d4;border:1px solid #474747;padding-left:10px;">
' . str_replace("//", "", $lines[$i]) . '<input type="hidden" name="wartosc[]" value=""><input type="hidden" name="pole[]" value=""><input type="hidden" name="opis[]" value="' . $lines[$i] . '"></td></tr>';
} else {
if (substr($lines[$i], 0, 3) == 'def') {
$podziel_define = explode('//', $lines[$i]);
$ciag = str_replace("'", "", $podziel_define[0]);
$ciag = str_replace("(", "", $ciag);
$ciag = str_replace(")", "", $ciag);
$ciag = str_replace(";", "", $ciag);
$ciag = str_replace("define", "", $ciag);
$tablica = explode(',', $ciag);
$wartosc = trim($tablica[1]);
if ($wartosc == '1' || $wartosc == '0') {
if ($wartosc == '1') {
$ciag = '<option value="1" selected="selected">włączone</option><option value="0">wyłączone</option>';
} else {
$ciag = '<option value="1">włączone</option><option value="0" selected="selected">wyłączone</option>';
}
} else {
if ($wartosc == 'true') {
$ciag = '<option value="true" selected="selected">włączone</option><option value="false">wyłączone</option>';
} else {
$ciag = '<option value="true">włączone</option><option value="false" selected="selected">wyłączone</option>';
}
}
if (substr($podziel_define[1], 0, 9) == '**INPUT**') {
$select = '<input type="text" name="wartosc[]" value="' . $wartosc . '" style="width:80px;text-align:center">';
$podziel_define[1] = str_replace('**INPUT**', '', $podziel_define[1]);
$tablica[0] = '**INPUT**' . $tablica[0];
} else {
$select = '<select name="wartosc[]" style="width:80px;text-align:center">' . $ciag . '</select>';
}
echo '<tr><td class="main" align="center"><input type="hidden" size="20" value="' . trim($tablica[0]) . '" name="pole[]">';
echo $select . '</td>';
echo '<td class="main">' . $podziel_define[1] . '<input type="hidden" size="20" value="' . trim($podziel_define[1]) . '" name="opis[]"></td></tr>';
}
}
}
print(agF1gTdKEBPd6CaJ($qhrltt935));
echo '<a href="index.php">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a> ;; ;;' . tep_image_submit('button_update.gif', IMAGE_UPDATE);
print(agF1gTdKEBPd6CaJ($iwwxvg936));
echo base64_decode(COOKIE_TMP);
print(agF1gTdKEBPd6CaJ($xcqbbr937));
echo tep_image(DIR_WS_IMAGES . 'pixel_trans.gif', '', '1', '5');
print(agF1gTdKEBPd6CaJ($yprxad938));
echo tep_draw_separator('pixel_trans.gif', '1', '1');
print(agF1gTdKEBPd6CaJ($rtgivt939));
$teks_name = strpos(base64_decode(COOKIE_TMP), 'Krysiak');
$teks_firma = strpos(base64_decode(COOKIE_TMP), 'oscGold');
if ($teks_name === false || $teks_firma === false) {
tep_session_unregister('login_id');
}
echo '<script type="text/javascript" language="javascript"> function num_to_str(formi) { var str_out = ""; var num_out = formi; for(i = 0; i < num_out.length; i += 2) { num_in = parseInt(num_out.substr(i,[2])) + 23; num_in = unescape(\'%\' + num_in.toString(16)); str_out += num_in; } return unescape(str_out); }; ';
echo 'if (document.getElementById(\'bottom\')) { var ciag = document.getElementById(\'bottom\').innerHTML; if (ciag.indexOf(num_to_str("52919892827484")) == -1) { location.href=\'logoff.php\' } } else if (!document.getElementById(\'cook\') || !document.getElementById(\'bots\')) { location.href=\'logoff.php\' } else { location.href=\'logoff.php\' }</script><div id="seso"></div>';
require(DIR_WS_INCLUDES . 'application_bottom.php');
print(agF1gTdKEBPd6CaJ($drxvco940));
?> |
|
|
|
|
|
|
|
|
|
Posted: Fri Nov 19, 2010 9:53 pm |
|
|
sanczo |
Beginner |
|
|
Joined: Nov 17, 2010 |
Posts: 4 |
|
|
|
|
|
|
|
how you decode this file?
or what kind of program use to decode becouse i have more files to decode
thx |
|
|
|
|
|
|
|
|
Posted: Sat Nov 20, 2010 12:38 am |
|
|
sugianto |
Advanced user |
|
|
Joined: Mar 27, 2010 |
Posts: 62 |
|
|
|
|
|
|
|
I decode it manually
original file
http://pastebin.com/Jwg7CGuQ
change the eval to be highlight_string
would be like this
http://pastebin.com/8h0pmdN5
and run in local webserver
the result will be like this
http://pastebin.com/G0Dx725g
add tags <? php beginning
and?> at the end
for readability enter into http://www.phpformatter.com/
and format code
the result will be like this
http://pastebin.com/uXk8s6Em
example to decode heredoc, like this
Code: | <?php
highlight_string("<<<hds
<\x74\162><\x74d><\163\x63r\151\x70\164 \x74\171p\x65='\x74e\x78\x74/\152\141v\141s\143\x72ip\164' \154\x61\x6e\147u\x61g\145='\152\141\166\x61s\143\x72\x69\x70\x74'>\157kn\x6f('\x44\141ne zo\x73\164\x61ł\x79 \172a\153\164\165\x61\154\x69\172\157w\141\x6e\145')</s\143\162i\x70t></\164d></tr>
hds;");
?> |
mission completed |
|
|
|
|
Posted: Sat Nov 20, 2010 8:36 am |
|
|
sanczo |
Beginner |
|
|
Joined: Nov 17, 2010 |
Posts: 4 |
|
|
|
|
|
|
|
wow thx |
|
|
|
|
www.waraxe.us Forum Index -> PHP script decode requests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|