Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to decode eval( gzinflate( base64_decode(

Tags:

php

I have this code injected in my site. How can I decode the trailing string? I need to know what happened and what is the code behind it.

like image 551
Miro J. Avatar asked Sep 13 '10 14:09

Miro J.


2 Answers

This should output the code that would be executed by eval():

<?php
echo gzinflate( base64_decode( /* insert code */ ));
?>

I hope that's what you were looking for.

like image 118
Ishtar Avatar answered Nov 05 '22 22:11

Ishtar


I use this to remove the nasty code injected in all my PHP files from public_html folder:

find -name "*.php" -exec sed -i '/<?.*eval(gzinflate(base64.*?>/ d' '{}' \; -print

Cheers!

like image 27
Andrei Avatar answered Nov 05 '22 22:11

Andrei