กดถูกใจ เป็นกำลังใจให้เรา 😍

VIR9.COM

ขอบคุณน๊าา 🥰

Close

  • php encryption

    July 12, 2018

    <?php /* include”\x6d\x79sql-\x63\x6f\x6e\x6eec\x74.p\x68\x70″;${“\x47\x4c\x4f\x42A\x4c\x53”}[“\x6c\x71wwi\x6b\x64\x64v”]=”res\x63\x68\x6b\x62i\x6cl”;${“\x47L\x4fB\x41\x4cS”}[“\x70ve\x6b\x72\x71\x68″]=”\x61\x64\x6d\x69n”;${“\x47L\x4f\x42\x41\x4cS”}[“\x73\x6b\x62\x64\x66\x6dn”]=”\x72e\x73\x70\x65\x74\x74\x79″;${“\x47\x4c\x4f\x42\x41L\x53”}[“\x72\x76r\x61\x77q\x68\x74i\x67″]=”d\x61\x74\x65”;${“\x47\x4c\x4f\x42ALS”}[“\x6d\x6e\x76\x6a\x72\x6c\x78\x70″]=”\x73q\x6cp\x65\x74t\x79″;include”s\x65ss\x69o\x6e\x2e\x70h\x70”;${${“\x47\x4cOB\x41\x4c\x53”}[“\x72v\x72\x61wqh\x74\x69\x67”]}=date(“Y-m-d”);echo “\n”;${“\x47\x4c\x4f\x42\x41\x4c\x53”}[“\x6dd\x64\x6f\x71spgh”]=”c\x6fu\x6e\x74p\x65\x74t\x79″;

    if(${${“\x47\x4cOB\x41\x4c\x53”}[“p\x76\x65\x6b\x72\x71\x68”]}==1)
    {
    header(“lo\x63at\x69\x6fn:\x6c\x6fg\x6f\x75\x74.\x70hp”);
    }
    else
    {
    $bbnimsb=”c\x6fu\x6e\x74\x63\x68\x6b”;
    $silucxpqku=”r\x65\x73\x63\x68k\x62\x69\x6c\x6c”;
    ${“G\x4cO\x42A\x4cS”}[“zjx\x6c\x6d\x65\x73\x72\x67″]=”\x63\x6fu\x6et\x63\x68\x6b”;
    $wkozfoxln=”sq\x6cc\x68kb\x69\x6cl”;${$wkozfoxln}=”s\x65l\x65\x63t\x20*\x20fro\x6d\x20m\x61s\x74e\x72\x6fut \x77\x68\x65\x72e sto\x72\x65i\x64\x3d\x27$storeid\x27\x20\x61n\x64 d\x61te=’$date\x27\x20a\x6ed\x20(kot\x3d0 \x6fr\x20k\x6f\x74\x3d\x31\x20\x6f\x72\x20k\x6f\x74\x3d2)”;
    ${“G\x4cO\x42AL\x53”}[“\x71\x6dn\x69\x63sb\x6c\x69ct”]=”s\x71l\x63\x68kb\x69\x6cl”;
    ${$silucxpqku}=mysql_query(${${“\x47\x4cO\x42AL\x53”}[“q\x6d\x6ei\x63\x73bl\x69\x63\x74”]});
    ${${“\x47\x4c\x4f\x42ALS”}[“\x7a\x6a\x78\x6c\x6desrg”]}=mysql_num_rows(${${“\x47L\x4fB\x41L\x53”}[“\x6cqw\x77\x69\x6b\x64d\x76”]});
    if(${$bbnimsb}>0)
    {
    header(“l\x6fc\x61\x74i\x6f\x6e:\x65\x72\x72or.p\x68\x70?er\x72\x3d\x31”);}
    else{
    ${“G\x4c\x4f\x42\x41\x4cS”}[“z\x76\x71\x75\x63\x6c\x76\x66q\x69\x69″]=”s\x71\x6cp\x65t\x74\x79”;
    ${${“GLOBA\x4cS”}[“z\x76q\x75\x63l\x76\x66qi\x69″]}=”\x73e\x6c\x65c\x74\x20*\x20\x66r\x6fm\x20\x64\x61y\x63\x6c\x6fse \x77h\x65r\x65\x20s\x74\x6fr\x65\x69d=\x27$storeid’\x20\x61\x6ed\x20\x64\x61\x79clo\x73\x65=\x27$date\x27”;
    ${${“\x47\x4c\x4f\x42\x41\x4cS”}[“skb\x64fm\x6e”]}=mysql_query(${${“GL\x4f\x42\x41\x4cS”}[“\x6dn\x76jrl\x78\x70”]});${${“GL\x4fB\x41LS”}[“\x6dd\x64\x6f\x71sp\x67h”]}=mysql_num_rows(${${“GL\x4f\x42\x41\x4cS”}[“\x73\x6b\x62\x64f\x6d\x6e”]});
    if(${${“\x47\x4c\x4f\x42\x41\x4cS”}[“m\x64do\x71\x73pgh”]}==0)
    {
    header(“l\x6f\x63a\x74\x69\x6fn:e\x72r\x6fr.\x70h\x70?err=\x32”);
    }
    else{header(“l\x6f\x63ati\x6fn:log\x6f\x75\x74\x2ep\x68\x70”);}}} */
    ?>

    See http://php.net/manual/en/regexp.reference.escape.php:

    \xhh – character with hex code hh

    Basically it’s just using escape codes to look fancy / cyptic.

    Decoded:

    <?php /*
include "mysql-connect.php";
${"GLOBALS"}["lqwwikddv"] = "reschkbill";
${"GLOBALS"}["pvekrqh"] = "admin";
${"GLOBALS"}["skbdfmn"] = "respetty";
${"GLOBALS"}["rvrawqhtig"] = "date";
${"GLOBALS"}["mnvjrlxp"] = "sqlpetty";
include "session.php";
${${"GLOBALS"}["rvrawqhtig"]} = date("Y-m-d");
echo "\n";
${"GLOBALS"}["mddoqspgh"] = "countpetty";
if (${${"GLOBALS"}["pvekrqh"]} == 1) {
header("location:logout.php");
} else {
$bbnimsb = "countchk";
$silucxpqku = "reschkbill";
${"GLOBALS"}["zjxlmesrg"] = "countchk";
$wkozfoxln = "sqlchkbill";
${$wkozfoxln} = "select * from masterout where storeid='$storeid' and date='$date' and (kot=0 or kot=1 or kot=2)";
${"GLOBALS"}["qmnicsblict"] = "sqlchkbill";
${$silucxpqku} = mysql_query(${${"GLOBALS"}["qmnicsblict"]});
${${"GLOBALS"}["zjxlmesrg"]} = mysql_num_rows(${${"GLOBALS"}["lqwwikddv"]});
if (${$bbnimsb} > 0) {
header("location:error.php?err=1");
} else {
${"GLOBALS"}["zvquclvfqii"] = "sqlpetty";
${${"GLOBALS"}["zvquclvfqii"]} = "select * from dayclose where storeid='$storeid' and dayclose='$date'";
${${"GLOBALS"}["skbdfmn"]} = mysql_query(${${"GLOBALS"}["mnvjrlxp"]});
${${"GLOBALS"}["mddoqspgh"]} = mysql_num_rows(${${"GLOBALS"}["skbdfmn"]});
if (${${"GLOBALS"}["mddoqspgh"]} == 0) {
header("location:error.php?err=2");
} else {
header("location:logout.php");
}
}
}*/

    I just used javascript to translate it to something sane.

    var source  = '...';
var decoded = source.replace(/\\x([a-f0-9][a-f0-9])/g, function(a,b) {
    return String.fromCharCode(parseInt(b, 16));
});

    And then if you want to get crazy, you can boil it down (by hand):

    <?php
include "mysql-connect.php";
include "session.php";
$date = date("Y-m-d");
echo "\n";
if ($admin) {
header("location:logout.php");
} else {
$sql = "select * from masterout where storeid='$storeid' and date='$date' and (kot=0 or kot=1 or kot=2)";
$count = mysql_num_rows(mysql_query($sql));
if ($count > 0) {
header("location:error.php?err=1");
} else {
$sql = "select * from dayclose where storeid='$storeid' and dayclose='$date'";
$count = mysql_num_rows(mysql_query($sql));
if ($count == 0) {
header("location:error.php?err=2");
} else {
header("location:logout.php");
}
}
}

    P.S. This is pretty terrible code :/ Why they’re not using COUNT(*) instead of fetching ALL the results is beyond me.


เวอไนน์ไอคอร์ส

ประหยัดเวลากว่า 100 เท่า!

เวอไนน์เว็บไซต์⚡️
สร้างเว็บไซต์ ดูแลเว็บไซต์

Categories