Hi there,
I may have come into trouble when i tried to use the code i saw on a tutorial
(http://www.phpeasystep.com/phptu/28.html).
I am just a newbie in PHP and exploring its functions.
I tried the example:
#######
Example
Before encode
<?php
echo "Hello World";
?>
After encoded
<?php $_F=__FILE__;$_X='Pz48P3BocA0KNWNoMiAiSDVsbDIgVzJybGQiOw0KPz4=';
eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLC
cxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GS
UxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>
#######
Not knowing the risk, I have run it and my antivirus prompt me a threat.
I dont know exactly what it have caused to my PC and Server.
Tried decoding it manually, piece by piece, because I am a newbie I am having a
hard time figuring out the code.
####
The
$_F=__FILE__; //as is
base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLC
cxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GS
UxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')
==> this resulted to this:
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
and the
$_X='Pz48P3BocA0KNWNoMiAiSDVsbDIgVzJybGQiOw0KPz4=';
==>decoding this with the statment: $_X=base64_decode($_X); ==> ?>
####
I dont know if i am doing it right, but it seems its not just a code that would
display a "Hello World" on the screen.
If this is a false code, hope we can do something about it.
Thank you in advance.
ian
