Decoding: eval(stripslashes(gzinflate(base64_decode

[creative]

I am working in a non-profit website, and the template I got has “eval(stripslashes(gzinflate(base64_decode” encoded on the footer. I can not run a website that it has encryption, it could have malicious code. Can any one help me to de-encrypt it?

There may be eventual a paypal botton for donations and private info.

[clokey2k]

http://jsfiddle.net/8hEYK/ is the decoded section, I have no idea why it is encoded.

Maybe to prevent spam bots from entering the form detail? maybe for speed?

[creative]

U RULE! I was always told, if some one is hiding something, you should be careful.

Would you please let me know how you did that? Please.

[clokey2k]

If I’m honest I just took the risk and pasted into a php file, but I don’t see any advantage to encode and compress?

A safer option is to use a utility like: http://www.tareeinternet.com/scripts/decrypt.php

but this service had problems serving the result yesterday.

[dhechler]

Here’s the whole output of that.

> 		   	    			
			
			>Show/Hide Footer Actions		
				
>			
							
					" class="action">Follow Us!					
						
							
						
						
					
				
																					
				
Your email has been sent! Thank you!
				
Please enter your name, a message and a valid email address.
				
Your email failed. Try again later.
					
					
																							
					
						your message<br />

[creative]

Thanks guys!

[TT_Mark]

@clokey2k

On the TareeInternet link you have to remove the stripslashes command because the utility is not set up to understand it

[clokey2k]

Yeah, I overcome that issue, but the result overflowed into the actual HTML of the page. Closing the text box and flowing down the page to the button.

[TheDoc]

A lot of free templates will include malicious code like that. I would be weary of where you go it from.

[creative]

I have tried this website. http://www.tareeinternet.com/scripts/decrypt.php

But so far it did not work in decrypting this type of code. I do not know why.

[clokey2k]

@creative see TT_mark’s comment, you need to remove the ‘stripslashes’ and it’s corresponding brackets.

[hell]

http://love-xb.us/tools/dec.php
use that

[damian]

Hey can you help me? I have a PHP file zakdowany but I can not deal with it;/ Please help

eval(stripslashes(gzinflate(base64_decode("DZfHDsTGEUR/RdBJBg/MCbYskFzmzGW+GMw5Z369d+4DVM1UvUb/89///DPX8x/FmfR/bfvazFufbHWx/VW9zVj2yV78lSZbQWD/y4tsyou//vzEpfBukZ5O/hm73/WkpsYVV9+L20IXc7eOO9ynQUtA2Jg+hZe0QIoEQSpGhqDE/dA8n1eCD5LkTcIAQsAFEdh7g84Be6s/sL4q4dIr4tcryTd9xekWUXQoZIJ5avomc18v4pwOdzCjKMUZb4KQK+4tebjcyqn7VnJZC3IPWLOPts3wcHTQH4zcLWxs9YKDMEHBp8vDsyqZNCB+Mcau0PG+cE6F5AsCF1LLOgakuR2IOOK2f6YB862vFGExuFuikZN4q8cMcBLfAJP4A+OxebaUDXnOXhJ9h6DdSZl6iSa01TQaTaSGS9kAi0EYStg6xqhpWS48XsmY5JKlDL70ZG/E3fbc3kWM9+QeHNuaHNgxkWu233+8IqJgT/D5WROtXdK/+OO1gytym8UGJq411zsjC6JQOPKazwmpdljczVMiK9+hxiKYLLFi6oHIee+gGCGs4XLRLXaa5WIn+EgNWHTqPLBDiCZ4ekZPscD5Qp/7UJA3jnjT5Czm1IpkeVT6mcrSQthMyBWTPbA55rfkqOfQFSth/BTjSdzoiU2EWPgtwoJQ8YVkpLL/KoREh1qhRkasep294IUK9Zaar2jswVE8GlohfLUBXa+7ekjRCxvjbqhaG6EBG7CpymyHxUsA2zADhKNPedcr0Cn+mNkl1ekGLeKpCOr7ByhuAr24w0+CFN2onXifzcvdgW7R6QR9nhSqpGZjBSVWk2PtZvLTCyhiiYMg8IA5AoZUkKMZtgsgZchIJ+tPd7AnhoyvsodK4Q5DiTZdOABG2FbZN6MvvPEJndg2SQDNrML0ab2JMRHn9863L772zfcYnQRCml4z/AodRIrAAfnNWiRnAAJ8y/ORmGL4tnbaw9tuNAQM6AKe9gBJWoqxgmOjj4TcbqH6doWDNLLFD/hXeakvGAwU2T6yy7aEt5R1NNQHeo8f+ohldt5ZWPKrkAEreAdMWS9eNIVkaKB2NM7tz5Q7ivGt59ecTwrTg9cl+dzV0Do7hWsSFrm+7nIslExDvyOr61M03NK78+xcAA/udmLp8/SKinDhvpy5twgTY5pZ9zk1U9QhFanjBUF1hZfNHKjWdVUYBAfVGFJx7C9Wj/pYkU9MVaEHu/pqDIyO9a8eSHQPGezsJaKR8qKzkna+ElRM0Fc90Ifx2RUYGiMvq+W5ATbKn4putdkDoLdvd6FFN49Kp1sW+k0oUgSwmnhNNluXeDOIUrtm32Sn2DDTW+8N57xbs4TDKrRklY7wZxr6/jV77KvbXhyFgzkiSq+ez34GPkxiprVRJPBLCpv0ZBQDuq45TFtMe9WT6PUpfkCEhXHdrbi3CyxUezxyYBdFC/KQwQ13596mYS5gz2K+wr5Q5JKNujI+iSOQjHNMs+0kjDXJO7ZNxEwK7HsEVT98UqmmOxTLtor3XQbnN+ZdmG7Z4jEVe+xjUbmu6zjxPeKGozNXYu9V7ubvo0gkEfxKQ6cb5Nqdn6pNztc2Wx9iTGy1DfA+Kbb8wXfw/HFlzrerNrO5V9vx4HA67U6eaoiIcqX5xt37HJ4hN/GvAZPx2w0l0Wa08uZ/iayBr46k5vG0JdGpBE58BNbUXk+35WT7Op6RJWxAx9TMSwSJ3G57lLM8GGi4r3mqv7tXo80nYH8vKQsvQ3/mh31SFWBVKKsEZOGHzHkZIdouskx8i/0QvNf4dJwzi42JqPq5UjsHQXFQTtmgt8nmKdtI4feu63nw9IlQbWRslr3eer+InojAndF+76AhEIavnvHmeH4W5+CClhcKhr3CvFBF4ywFjjyWbRYl2e71irCNXDzqxYm6iGwAgvSRy+8z3NuzPC6P9WqKu45Qv8iLkaOZ5vM0lDA60vEyxEatNpT/+GTVGr4XPM2x3iWio7x1diVChlHbSl+Sh08gsviYd7+A7/6UwlK4ODSa06hDJfJi5YGkSA9DE7Ha5bmQqRCFxKaV01O41VXMy71hVK+7uKhItTu0Q2pRdRKMW4mLLYDfMUz1WRVNW5kSr/RV28pT5KfVCQxbzcoaWuEJm3B8SYWPTzTmrlUxTkIP4oETS1BWrgnGVFSTOUrp5+ey+wA6tstpyztC8z5AvTf6rCXOWD+FUeZbeZeuuBX5mbw+TjPMXOgawR2Y4V274rQv+F6rvaasbQgY12LCU+nfEVzXh3IJvuYgyR+w2MVurEdXuazwTSK6WEzjl2TDSt1SJnyTRBAo/QPVrUaJYGA4ZEJ/fgC/AliThA0xw8RVLX57R14rCOCieReK8I+gpjAY04cK969UMtQpUwdg9FPbqHOZ0xAmoXY2deCAKdB27bX8NRu+fovAmUt8dF2c0YfiuzhTcxfsLUZj4EPNTxSZlshvml6li2ATAXGbn3A7PzSqu+tAPPm86bnd4QADzGN5ZivIQttL+qq4H9tMafPt07KVvPEuQcNaINCvdh9l8kIqen+gX0JsE7AKPflqJRE5eW9+TERDVuxZ78raEOMrWnh/laGIrEYA7Fc+6HhEfjzrIAAMZOxQimg1fGF52eX5KncuGXCF3POoCymjKtBpxEHXafRw0FxHEYiIRkNLgyCUrdNDoUbM4XOZ20Ier+F7jIhFZ5tyamvq/QQ2d8dlcKb47+JCd0JGly20S1YXPQM53ri0agBAKynNq/IdeLwMb4/NcnKjZuydfze7Vg+DeywDocb1Y0PvIuSAm+w1fqKX/qmFAs7FofPWi4/8/N1v4lygr6oq+YxJ4eXQugM6CsDddEnoz/FDpC9oRcPDeIpyMLqIaGaWCDTdOV1JGaZ6ZQPoqEkl77BbmZp7XCrMsy6Uoj9/TGCazr01ltT2EShvBZlP9icdjrvYyZ7R7NjuoiC4y6uN7LtrFnEUDcfo7O1KWOeDPvGjvfON2trrmxMgS2KzyL6qFnCCNZvGdjQgX/nBB2ZLn1Lko1RF5ly7fPq7yW+vMN1mm93m+V5I5msVzUA/hz3JpC3IjCedy5OiYODlknV2L+d35D0bq2+lD3mPlTBeTJ1krQUQczWQZWcreD2P8b17pODd1TpW9C6cFcxsmMaQsfQffXntCc419trW02vFeVU/E8nSCDtesg0a1epasDML60NYHS5OiQ7301a9jhsiH+sHC4k+5MY+YFzRLSj9V+Nc1hXVfAj2r1FYZt/UuTEq6JXXmguf2kZMTqJX7IXcvj4Ys8ouSOj/FoEoozdvqYL46NN1PX7ocVxD2/rUTMhmVTfJH/1epIUjUvO89JCok/gP3mgRqXL6UQB+Gn2V1aPCXLhHvs/gFXxPG/F6u2LPNpJpUrh7MKcDe+5c7sinwD/UjPil1IL0voRW683gTBh0OlF+tR1XSXVFXeMap4FAWszX1Bbh2d/CB+eyuVHiecEIEzksqtwLs5yXSY8JHLEXT0ltjplvOEZpWvPdSn4rs2k+MzT7PoI3iOos1LorQLpZai3GaI6kx2nFiOHigPUAgJCV6UfC46fH2gUX+Td8JXui9wU/y8LUuKOSi9H3z/LI7xmE8IcG1GTTSzQVdxjVAoP+yRruZaISjOnn+9tVKlV6jo/SBK90R/8r4B1B8FlZ08kWgrLXETlWEGV/RQrSX/xVgp0WR0BYMDQAlmCJXx1XdLSPXvjuyRV/n/E7IyM0Z6kjgamxRnHEY58cIWjW9yw9C68ntlsudW45FTXN5uzc5q44pQoK7bjL4W5Vi0oQDEPwRU+QfOlbAqzr77///Nfv/PuPf37b6f8B"))));

[mccsuresh]

He Damian,

Here is the decoded output:

$ver = “cmd/ver.php”;
$fpx = fopen($ver, “w”);
flock($fpx, 2);
fwrite($fpx, ‘ /*
Copyright by kamilOS. All rights reserved
page: http://gadu-czat.pl
e-mail: [email protected]
*/
me(“Copyright by kamilOS. All rights reserved
Sprawdzanie Licencji: http://gadu-czat.pl/license.php?number=$_GET%5Bto%5D”, $from, $SEND);
?>’ );
flock($fpx, 3);
fclose($fpx);
require_once(‘functions/MessageBuilder.php’);
require_once(‘functions/PushConnection.php’);
include(‘config.php’);
include(‘functions/security.php’);
$wynikx = file_get_contents(‘http://www.kamiloschatscript.yoyo.pl/tekst.php’);
preg_match_all(‘#123(.*?)456#’, $wynikx, $matches1);
$tekst =$matches1[1][0];
$wynik = file_get_contents(‘http://www.kamiloschatscript.yoyo.pl/license.php?number=’.$_GET);
preg_match_all(‘|uuuuuxxxxxxxxxxssssssuuuuu([0-9]{0,5})xxxxxxxxxxxxxxxxxxxxxxxx|’, $wynik, $matches);
$kod =$matches[1][0];
if($kod == ‘0’)
die(“$tekst”);
include(‘functions/basic.php’);
include(‘functions/lyrics.php’);
$from = $_GET;
$message = $HTTP_RAW_POST_DATA;
$msg = explode(‘ ‘, $message);
$SEND = new PushConnection($gg, $login, $password);
connection($mysql_server, $mysql_admin, $mysql_pass, $mysql_db);
mysql_query(“SET CHARSET utf8”);
mysql_query(“SET NAMES `utf8` COLLATE `utf8_polish_ci`”);
$sql = mysql_query(“SELECT * FROM chat_users WHERE number = ‘$from'”);
$users = mysql_fetch_array($sql);
$sqls = mysql_query(“SELECT * FROM chat_settings”);
$settingsc = mysql_fetch_array($sqls);
include(‘functions/rank.php’);
banned($sender, $from, $SEND);
status($SEND);
rekord();
if($message{0} == ‘/’) $sign = ‘/’;
else if($message{0} == ‘.’) $sign = ‘.’;

if(!$users) $staff_cmd = ‘0’;
else {$staff_cmd = $staff;}
if($message{0} == $sign) {
$cmd = substr($msg[0], 1);
$cmd_sql = mysql_query(“SELECT * FROM chat_cmd WHERE cmd = ‘$cmd'”);
$cmd_down = mysql_fetch_array($cmd_sql);
$alias_sql = mysql_query(“SELECT * FROM chat_cmd WHERE alias = ‘$cmd'”);
$alias_down = mysql_fetch_array($alias_sql);
if(!$cmd_down && !$alias_down)
die(me($cmd_not_exist, $from, $SEND));
if(!$alias_down) {
if($staff_cmd < $cmd_down)
die(me($a_small_staff, $from, $SEND));
if($cmd_down == ‘0’ && $users == ‘0’ || $users == ‘1’ || !$users)
include(“cmd/$cmd_down[file]”);
else if($alias_down == ‘1’ && $users == ‘1’)
include(“cmd/$cmd_down[file]”);
else if($cmd_down == ‘1’ && $users == ‘0’ || !$users)
die(me($not_logged_in, $from, $SEND));
}
if(!$cmd_down) {
if($staff_cmd < $alias_down)
die(me($a_small_staff, $from, $SEND));
if($alias_down == ‘0’ && $users == ‘0’ || $users == ‘1’ || !$users)
include(“cmd/$alias_down[file]”);
else if($alias_down == ‘1’ && $users == ‘1’)
include(“cmd/$alias_down[file]”);
else if($alias_down == ‘1’ && $users == ‘0’ || !$users)
die(me($not_logged_in, $from, $SEND));
}}
else {
if($users != ‘1’)
die(me($not_logged_in, $from, $SEND));
send_to_but(“<{$sender}>: {$message}”, $from, $SEND);
$last = time()+600;
mysql_query(“UPDATE chat_users SET last=’$last’ WHERE number=’$from'”);
add_top($message, $from);
$date = date(‘d.m.Y G:i’);
if($settingsc == ‘on’)
logs(“[$date] ({$sender}): {$message}”, “main.php”);
if($users == ‘1’) {
$M = new MessageBuilder();
$M->addText(“<{$sender}>: {$message}”, FORMAT_NONE, 139, 137, 137);
$M->setRecipients($from);
$SEND->push($M);
}
}
?>

[CrocoDillon]

Old thread… I’ve seen a question like this recently though. Anyway, you can decode base64 anywhere using online tools. It’s probably there because the template author thinks he is protecting his code like that.

[Author]

Posts