base64_decode , eval

解密前:adm.bak.php

1<?php
2// Copyright(C) 2013 www.simcms.net, All rights reserved.
3$OOO0O0O00=__FILE__;$OOO000000=urldecode('%74%68%36%73%62%65%68%71%6c%61%34%63%6f%5f%73%61%64%66%70%6e%72');$OO00O0000=648;$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$O0O0000O0='OOO0000O0';eval(($$O0O0000O0('JE9PME9PMDAwMD0kT09PMDAwMDAwezE3fS4kT09PMDAwMDAwezEyfS4kT09PMDAwMDAwezE4fS4kT09PMDAwMDAwezV9LiRPT08wMDAwMDB7MTl9O2lmKCEwKSRPMDAwTzBPMDA9JE9PME9PMDAwMCgkT09PME8wTzAwLCdyYicpOyRPTzBPTzAwME89JE9PTzAwMDAwMHsxN30uJE9PTzAwMDAwMHsyMH0uJE9PTzAwMDAwMHs1fS4kT09PMDAwMDAwezl9LiRPT08wMDAwMDB7MTZ9OyRPTzBPTzAwTzA9JE9PTzAwMDAwMHsxNH0uJE9PTzAwMDAwMHswfS4kT09PMDAwMDAwezIwfS4kT09PMDAwMDAwezB9LiRPT08wMDAwMDB7MjB9OyRPTzBPTzAwME8oJE8wMDBPME8wMCwxMTkwKTskT08wME8wME8wPSgkT09PMDAwME8wKCRPTzBPTzAwTzAoJE9PME9PMDAwTygkTzAwME8wTzAwLDM4MCksJ2ZUTThCWjlHN0pOYjRlMHp3MllVZEtsNXlvU2ptM3B0L0RWK1B2SUxuUXhIdWtXNmNBaTFhc3JoT1JGcUNFWGc9JywnQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLycpKSk7ZXZhbCgkT08wME8wME8wKTs=')));return;?&gt;
4JBEz48Tz48Tz48s13GJtmIKcj9Z+oY/L5sE9YdAZ5sCLbM7L7VOPUaEz4BCcU1fcbV7L7VcnJBEzU1fc48Tz4M/PUaCcUaCc4BCcNM2zU1TzU1fc4BCnJBCc48Tz4BCc4McPUaCc4BCc48fcNYcLov2e0BJS0dmhYPRVe9dcpLmilKKPYrcsplEUSIa1mGw62ZyHdGoJU9R2pBDsSsmryaZQ4lZ1mIDzdPoAwaKyo1aLbM3TwPeB2doGYBvNYaAeUPEwdKJUKZKlKsDolIZVyr2voI3nSlQHj9sWjhTAmLea35ohpGvF48Bi41wse+mO0Yu6JiPQNYPqoIeujhevNM2z48fcU1Tz48fQ0rKrylcnJBEz48Tz48Tz4MPq8waeSlR+jGKPoY/LyrEkjlEWbIvWyiRcSGfLNUueSlR+jGKPoYDJUPet2BvYbV3co5JkS5e1SlEWbIosjI4Wm9DcJiPq8lvWyrAso9dnYdR85a2JdVfWJrDajlcWoLKWyiRcSGfLNUueSlR+jGKPoYfnJrvWo9KObhTDordWm9DcJiPq8waPo9EkylvW78a/7IA6yrZuS9E13M7q8waPUBE8wdABUasTYdO/zYfP5seZdvoZdvuVYZ2ddZE7Used7vaq8wPeSlynmh2imh2iNM24UaeTUB2zUdZJUVcPo9EkylvWNUaE79oDjGevN5ueMlKOS5wn7WYEn0pSD0S0V0S3/XltLXlw+pYO+pSknXpDHWXC/Y7Q0csE8waPjlEP78a/S5e1o5wnJZEG2K2jJrs6oM33NYfgJZEG2K2jJrs6oM3378n/JrsDSlOL0csQoVfn7lv15rZPjlvW5rA6orvWNMPQ7M2kjrw/zYfLj9ELSlOL0csQoVfn7loQj9Kto5DQmh21NM3Do9sQjVCLbV2kjrw/bVmWm9DcJiPQ79KOS5wnJrKimIEi7GKijMmQ0csco5JkS5e1SlEW5renSi/Q0csQjIeu3l2vNM3Do9sQjVCLbV2kjrw/bVmWm9DcJiPq8w==

解密后:adm.php

 1<?php
 2/**
 3 * decrypted by mrasong
 4 * @mrasong 2013-12-23
 5 */
 6include('common.inc.php');
 7include(INC_DIR.'permission.func.php');
 8include(INC_DIR .'html.func.php');
 9include ('index/page.php');
10
11$domain = "localhost";
12
13$LOCALDOMAIN = $_SERVER["HTTP_HOST"];
14
15/* fuck the authorization
16if(strstr($LOCALDOMAIN,$domain)== false){
17	exit("你的授权域名不正确!");
18}*/
19
20$mod = isset($_GET['mod']) ?$_GET['mod'] : 'main';
21if (!is_admin_login()) $mod = 'login';
22if (!file_exists('admin/'.$mod .'.php')) exit('error url');
23permission_chk();
24include('admin/'.$mod .'.php');

附 PHP 文件:simcms.adm.php.zip