running base64 code from unknown source

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

I may have come into trouble when i tried to use the code i saw on a tutorial (http://www.phpeasystep.com/phptu/28.html). 

I am just a newbie in PHP and exploring its functions.

I tried the example:
#######
Example
Before encode
<?php
echo "Hello World";
?>

After encoded
<?php $_F=__FILE__;$_X='Pz48P3BocA0KNWNoMiAiSDVsbDIgVzJybGQiOw0KPz4=';
eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLC
cxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GS
UxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

#######

Not knowing the risk, I have run it and my antivirus prompt me a threat.
I dont know exactly what it have caused to my PC and Server.

Tried decoding it manually, piece by piece, because I am a newbie I am having a hard time figuring out the code.
####
The
$_F=__FILE__; //as is

base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLC
cxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GS
UxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==')
==> this resulted to this:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
and the
$_X='Pz48P3BocA0KNWNoMiAiSDVsbDIgVzJybGQiOw0KPz4='; 
==>decoding this with the statment: $_X=base64_decode($_X); ==> ?>

####

I dont know if i am doing it right, but it seems its not just a code that would display a "Hello World" on the screen.

If this is a false code, hope we can do something about it.

Thank you in advance.

ian

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux