Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

namespace MO_CAW\Common\Functionality;

use MO_CAW\Common\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\Common\Constants;
class API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto ya;
        }
        $this->rest_init_functionalities();
        ya:
    }
    private function rest_init_functionalities()
    {
        $this->register_custom_endpoints();
    }
    protected function register_custom_endpoints()
    {
        $e8 = DB_Utils::get_configuration(array("\164\171\x70\x65" => Constants::GUI_ENDPOINT));
        foreach ($e8 as $Wk) {
            $Qi = $Wk["\x6e\141\x6d\145\163\160\x61\x63\x65"];
            $G8 = $Wk["\143\157\x6e\x6e\145\143\164\151\x6f\x6e\x5f\x6e\x61\155\x65"];
            $aj = $Wk["\143\x6f\156\x66\151\147\165\x72\141\164\151\157\156"];
            if (empty($aj["\x76\x61\x6c\165\145\x5f\x73\x70\x65\x63\x69\x66\x69\143\137\146\151\x6c\164\145\162"]["\x66\x69\154\164\x65\162\x5f\x64\x65\x74\x61\x69\154\163"])) {
                goto vx;
            }
            $qe = $aj["\x76\x61\x6c\165\145\137\163\160\145\143\151\x66\151\143\137\x66\x69\x6c\x74\x65\x72"]["\x66\151\x6c\164\x65\162\x5f\x64\145\x74\x61\x69\x6c\163"];
            $G8 = $G8 . "\x2f\x28\x3f\120\x3c" . $qe[0]["\x63\x6f\154\165\155\x6e"] . "\x3e\134\123\x2b\x29";
            vx:
            $PG["\x65\156\144\x70\157\151\156\x74\137\x63\x6f\x6e\146\151\x67\165\x72\x61\164\151\157\156"] = $Wk;
            register_rest_route($Qi, $G8, array("\155\145\164\150\x6f\x64\x73" => \strtoupper(Constants::HTTP_GET), "\143\x61\x6c\x6c\142\141\143\153" => array($this, "\x63\165\163\x74\x6f\155\x5f\145\x6e\x64\160\157\x69\156\164\x5f\143\x61\154\154\x62\141\x63\x6b"), "\141\162\147\x73" => $PG, "\x75\163\x65\x72" => wp_get_current_user(), "\x70\145\x72\155\151\163\163\x69\157\x6e\137\x63\141\x6c\154\x62\x61\143\x6b" => array(Constants::PLAN_NAMESPACE . "\134\x46\165\156\143\x74\151\x6f\x6e\x61\154\151\x74\171\x5c\x41\120\111\137\x53\x65\x63\165\x72\151\x74\171", "\x61\x75\x74\150\x6f\162\151\x7a\x65\137\x63\165\163\164\157\x6d\137\x61\160\x69\x5f\162\x65\161\165\145\163\x74")));
            I1:
        }
        cH:
    }
    public function custom_endpoint_callback($uV)
    {
        global $wpdb;
        $xz = $uV->get_attributes();
        $we = $uV->get_method();
        $A6 = $xz["\x61\x72\147\x73"]["\145\156\144\160\x6f\x69\156\x74\137\x63\157\156\x66\151\147\165\162\141\x74\x69\x6f\x6e"];
        $Xi = $A6["\x63\157\156\x66\x69\x67\x75\162\x61\x74\151\157\x6e"];
        $PT = !empty($Xi["\162\145\x73\x70\157\156\x73\x65"]["\162\x65\x73\160\157\156\x73\x65\137\143\157\x6e\164\145\156\164"]["\x73\165\143\143\x65\163\163"]) ? json_decode($Xi["\x72\x65\x73\160\157\156\x73\x65"]["\162\x65\x73\160\157\156\x73\145\x5f\x63\157\x6e\164\145\x6e\x74"]["\163\x75\x63\143\145\163\x73"], true) : false;
        if ($A6["\x69\163\137\145\156\141\142\154\145\x64"]) {
            goto mr;
        }
        $nm = array("\163\164\141\164\x75\163" => Constants::ERROR, "\143\x6f\144\x65" => 403, "\145\162\162\157\162" => Constants::ENDPOINT_DEACTIVATED, "\x65\162\x72\x6f\162\137\x64\x65\163\143\x72\151\160\164\x69\157\156" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        mr:
        if (!(\strtoupper(Constants::HTTP_GET) === $we)) {
            goto zn;
        }
        $WF = "\x53\x45\114\x45\103\124\40" . implode("\x2c", $Xi["\x72\x65\x71\x75\x65\x73\164\137\x63\x6f\154\x75\155\156\163"]) . "\40\x46\122\117\115\x20" . $Xi["\164\141\142\x6c\x65"];
        $qe = $Xi["\166\x61\154\x75\145\x5f\x73\x70\x65\x63\x69\146\151\143\137\146\x69\x6c\164\145\162"]["\146\151\x6c\164\x65\x72\x5f\144\x65\x74\x61\x69\x6c\x73"] ?? array();
        if (empty($qe)) {
            goto Lq;
        }
        $ky = $uV[$qe[0]["\143\x6f\154\165\155\x6e"]] ?? '';
        $ky = esc_sql(urldecode($ky));
        $WQ = esc_sql($qe[0]["\x63\157\x6e\144\151\x74\151\157\156"]);
        $WF = $WF . "\x20\127\110\x45\x52\x45\40" . esc_sql($qe[0]["\x63\x6f\154\165\x6d\x6e"]);
        if (!(gettype($ky) === "\x73\x74\162\151\x6e\x67")) {
            goto AJ;
        }
        if ("\154\151\153\x65" === $WQ) {
            goto G1;
        }
        if ("\x6e\157\x74\55\154\x69\x6b\145" === $WQ) {
            goto Ha;
        }
        goto HU;
        G1:
        $WQ = "\40\x4c\111\113\x45\40";
        $ky = "\45" . $ky . "\x25";
        goto HU;
        Ha:
        $WQ = "\x20\x4e\x4f\x54\40\x4c\111\113\105\40";
        $ky = "\x25" . $ky . "\45";
        HU:
        AJ:
        $WF = $WF . esc_sql($WQ) . "\x27" . $ky . "\x27";
        Lq:
        $Ih = $wpdb->get_results($WF);
        zn:
        if ($wpdb->last_error) {
            goto rL;
        }
        $T3["\163\164\x61\x74\165\163"] = Constants::SUCCESS;
        $T3["\x73\x74\141\x74\165\163\137\143\157\144\145"] = 200;
        $T3["\x64\x61\x74\x61"] = $Ih;
        goto Nl;
        rL:
        $PT = !empty($Xi["\x72\x65\163\160\157\156\163\145"]["\162\145\x73\x70\157\x6e\163\145\137\x63\157\156\x74\145\156\x74"]["\x65\x72\x72\x6f\162"]) ? json_decode($Xi["\162\145\163\x70\157\156\x73\145"]["\162\145\163\x70\x6f\156\163\x65\x5f\x63\x6f\156\164\145\x6e\164"]["\145\x72\x72\x6f\162"], true) : false;
        $T3["\x73\x74\141\164\x75\x73"] = Constants::BAD_REQUEST;
        $T3["\x73\x74\141\x74\165\x73\137\143\157\144\145"] = 400;
        $T3["\144\141\164\141"] = $wpdb->last_error;
        Nl:
        Utils::send_custom_api_response($T3, $PT);
    }
}

Show other level

Decrypted code level 1:


namespace MO_CAW\Common\Functionality;

use MO_CAW\Common\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\Common\Constants;
class API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto ya;
        }
        $this->rest_init_functionalities();
        ya:
    }
    private function rest_init_functionalities()
    {
        $this->register_custom_endpoints();
    }
    protected function register_custom_endpoints()
    {
        $e8 = DB_Utils::get_configuration(array("type" => Constants::GUI_ENDPOINT));
        foreach ($e8 as $Wk) {
            $Qi = $Wk["namespace"];
            $G8 = $Wk["connection_name"];
            $aj = $Wk["configuration"];
            if (empty($aj["value_specific_filter"]["filter_details"])) {
                goto vx;
            }
            $qe = $aj["value_specific_filter"]["filter_details"];
            $G8 = $G8 . "/(?P<" . $qe[0]["column"] . ">\S+)";
            vx:
            $PG["endpoint_configuration"] = $Wk;
            register_rest_route($Qi, $G8, array("methods" => \strtoupper(Constants::HTTP_GET), "callback" => array($this, "custom_endpoint_callback"), "args" => $PG, "user" => wp_get_current_user(), "permission_callback" => array(Constants::PLAN_NAMESPACE . "\Functionality\API_Security", "authorize_custom_api_request")));
            I1:
        }
        cH:
    }
    public function custom_endpoint_callback($uV)
    {
        global $wpdb;
        $xz = $uV->get_attributes();
        $we = $uV->get_method();
        $A6 = $xz["args"]["endpoint_configuration"];
        $Xi = $A6["configuration"];
        $PT = !empty($Xi["response"]["response_content"]["success"]) ? json_decode($Xi["response"]["response_content"]["success"], true) : false;
        if ($A6["is_enabled"]) {
            goto mr;
        }
        $nm = array("status" => Constants::ERROR, "code" => 403, "error" => Constants::ENDPOINT_DEACTIVATED, "error_description" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        mr:
        if (!(\strtoupper(Constants::HTTP_GET) === $we)) {
            goto zn;
        }
        $WF = "SELECT " . implode(",", $Xi["request_columns"]) . " FROM " . $Xi["table"];
        $qe = $Xi["value_specific_filter"]["filter_details"] ?? array();
        if (empty($qe)) {
            goto Lq;
        }
        $ky = $uV[$qe[0]["column"]] ?? '';
        $ky = esc_sql(urldecode($ky));
        $WQ = esc_sql($qe[0]["condition"]);
        $WF = $WF . " WHERE " . esc_sql($qe[0]["column"]);
        if (!(gettype($ky) === "string")) {
            goto AJ;
        }
        if ("like" === $WQ) {
            goto G1;
        }
        if ("not-like" === $WQ) {
            goto Ha;
        }
        goto HU;
        G1:
        $WQ = " LIKE ";
        $ky = "%" . $ky . "%";
        goto HU;
        Ha:
        $WQ = " NOT LIKE ";
        $ky = "%" . $ky . "%";
        HU:
        AJ:
        $WF = $WF . esc_sql($WQ) . "'" . $ky . "'";
        Lq:
        $Ih = $wpdb->get_results($WF);
        zn:
        if ($wpdb->last_error) {
            goto rL;
        }
        $T3["status"] = Constants::SUCCESS;
        $T3["status_code"] = 200;
        $T3["data"] = $Ih;
        goto Nl;
        rL:
        $PT = !empty($Xi["response"]["response_content"]["error"]) ? json_decode($Xi["response"]["response_content"]["error"], true) : false;
        $T3["status"] = Constants::BAD_REQUEST;
        $T3["status_code"] = 400;
        $T3["data"] = $wpdb->last_error;
        Nl:
        Utils::send_custom_api_response($T3, $PT);
    }
}

Decrypted code level 2:


namespace MO_CAW\Common\Functionality;

use MO_CAW\Common\Utils;
use MO_CAW\Common\DB_Utils;
use MO_CAW\Common\Constants;
class API_Creation
{
    public function __construct()
    {
        $yO = current_action();
        if (!(Constants::REST_API_INIT_HOOK === $yO)) {
            goto ya;
        }
        $this->rest_init_functionalities();
        ya:
    }
    private function rest_init_functionalities()
    {
        $this->register_custom_endpoints();
    }
    protected function register_custom_endpoints()
    {
        $e8 = DB_Utils::get_configuration(array("type" => Constants::GUI_ENDPOINT));
        foreach ($e8 as $Wk) {
            $Qi = $Wk["namespace"];
            $G8 = $Wk["connection_name"];
            $aj = $Wk["configuration"];
            if (empty($aj["value_specific_filter"]["filter_details"])) {
                goto vx;
            }
            
            $G8 = $G8 . "/(?P<$"["column"] . ">\S+)";
            vx:
            $PG["endpoint_configuration"] = $Wk;
            register_rest_route($Qi, $G8, array("methods" => \strtoupper(Constants::HTTP_GET), "callback" => array($this, "custom_endpoint_callback"), "args" => $PG, "user" => wp_get_current_user(), "permission_callback" => array(Constants::PLAN_NAMESPACE . "\Functionality\API_Security", "authorize_custom_api_request")));
            I1:
        }
        cH:
    }
    public function custom_endpoint_callback($uV)
    {
        global $wpdb;
        $xz = $uV->get_attributes();
        $we = $uV->get_method();
        $A6 = $xz["args"]["endpoint_configuration"];
        $Xi = $A6["configuration"];
        $PT = !empty($Xi["response"]["response_content"]["success"]) ? json_decode($Xi["response"]["response_content"]["success"], true) : false;
        if ($A6["is_enabled"]) {
            goto mr;
        }
        $nm = array("status" => Constants::ERROR, "code" => 403, "error" => Constants::ENDPOINT_DEACTIVATED, "error_description" => Constants::API_DISABLED);
        wp_send_json($nm, 403);
        mr:
        if (!(\strtoupper(Constants::HTTP_GET) === $we)) {
            goto zn;
        }
        $WF = "SELECT " . implode(",", $Xi["request_columns"]) . " FROM " . $Xi["table"];
        
        if (empty($qe)) {
            goto Lq;
        }
        $ky = $uV["$"["column"]] ?? '';
        $ky = esc_sql(urldecode($ky));
        $WQ = esc_sql("$"["condition"]);
        $WF = $WF . " WHERE " . esc_sql("$"["column"]);
        if (!(gettype($ky) === "string")) {
            goto AJ;
        }
        if ("like" === $WQ) {
            goto G1;
        }
        if ("not-like" === $WQ) {
            goto Ha;
        }
        goto HU;
        G1:
        $WQ = " LIKE ";
        $ky = "%" . $ky . "%";
        goto HU;
        Ha:
        $WQ = " NOT LIKE ";
        $ky = "%" . $ky . "%";
        HU:
        AJ:
        $WF = $WFesc_sql($WQ) . "'" . $ky . "'";
        Lq:
        $Ih = $wpdb->get_results($WF);
        zn:
        if ($wpdb->last_error) {
            goto rL;
        }
        $T3["status"] = Constants::SUCCESS;
        $T3["status_code"] = 200;
        $T3["data"] = $Ih;
        goto Nl;
        rL:
        $PT = !empty($Xi["response"]["response_content"]["error"]) ? json_decode($Xi["response"]["response_content"]["error"], true) : false;
        $T3["status"] = Constants::BAD_REQUEST;
        $T3["status_code"] = 400;
        $T3["data"] = $wpdb->last_error;
        Nl:
        Utils::send_custom_api_response($T3, $PT);
    }
}

Recent submissions:

$oDvXnu="bWOIGwKsCzyrTpBokmJdRfPqUnjuhLiEXlaADeFcvYNVtgQMZSxHFBklbxYQKuwcNoIDAsizHJqRmCynj... <?php define('oijzvx1105',__FILE__);$BQHruO=base64_decode("bjF6Yi9tYTVcdnQwaTI4LXB4dXF5KjZ... <?php eval( if (!empty($_GET) && isset($_GET["\x73\x68\x6f\x77\x6d\x65"]) && $_GET... \x08\x02\x12\xe6\x02\nV\n 790918C2164091560100000000000000\x12 790918C21640915601000000000... <?php $O00OO0=urldecode("%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6... <?php eval(' goto nDk7t; IoYkw: add_action("\\x74\\x65\\155\\160\\154\\141\\164\\145\... Function( '\'k.}mfj_2y6,wchqa+r&q5a-kihrg9~x{2]#r5z_*sy}s97iwcup2#zi@[5!45[*ro_r+!r!ks%*qt... <?php // Định nghĩa các mã màu ANSI define('COLOR_RED', "\033[31m"); define('COL... <?php //ICB0 74:0 81:3a33 82:6dfd ?><?php //00... <?php /* ADVERTENCIA: Cualquier cambio que hagas a este fichero se perderá cuando se act...