De-obfuscate PHP malware/viruses and tampering code on Wordpress to original readable code.
*Please note that not all obfuscation codes can be decoded.<?php /* __________________________________________________ | Built by Clearly IP Inc. | | on 2023-01-02 21:42:57 | |__________________________________________________| */ namespace FreePBX\modules\Clearlysp\CIP; class ClearlyMiddleware { public function __invoke($request, $response, $next) { goto vp6rV; PX9X0: lYmPu: goto zaIVB; W6vWz: szbcI: goto Z6pLn; zaIVB: return $next($request, $response); goto yJYUD; vp6rV: if (!isset($_REQUEST["\162\x6f\x75\164\145"])) { goto szbcI; } goto h1aNP; GZHEP: $isVersioned = preg_match("\57\136\x76\x5c\x64\53\x5c\x2f\57", $_REQUEST["\x72\145\163\x74\x6f\146\x70\x61\x74\x68"], $output_array); goto ZLOc7; Z6pLn: if (!isset($_REQUEST["\x72\145\163\x74\x6f\146\x70\141\164\150"])) { goto lYmPu; } goto GZHEP; eAfuQ: $path = $isVersioned ? $_REQUEST["\x72\157\x75\x74\145"] : "\x76\61\57" . $_REQUEST["\x72\157\x75\164\145"]; goto xNYVs; xNYVs: $request = $request->withUri($request->getUri()->withPath($path)); goto W6vWz; ZLOc7: $path = $isVersioned ? $_REQUEST["\x72\145\x73\x74\x6f\x66\x70\141\x74\x68"] : "\x76\x31\x2f" . $_REQUEST["\162\145\x73\164\x6f\146\x70\141\164\150"]; goto X7b15; h1aNP: $isVersioned = preg_match("\57\136\166\134\144\53\x5c\57\x2f", $_REQUEST["\x72\157\x75\x74\x65"], $output_array); goto eAfuQ; X7b15: $request = $request->withUri($request->getUri()->withPath($path)); goto PX9X0; yJYUD: } }
<?php /* __________________________________________________ | Built by Clearly IP Inc. | | on 2023-01-02 21:42:57 | |__________________________________________________| */ namespace FreePBX\modules\Clearlysp\CIP; class ClearlyMiddleware { public function __invoke($request, $response, $next) { if (!isset($_REQUEST["route"])) { goto szbcI; } $isVersioned = preg_match("/^v\\d+\\//", $_REQUEST["route"], $output_array); $path = $isVersioned ? $_REQUEST["route"] : "v1/" . $_REQUEST["route"]; $request = $request->withUri($request->getUri()->withPath($path)); szbcI: if (!isset($_REQUEST["restofpath"])) { goto lYmPu; } $isVersioned = preg_match("/^v\\d+\\//", $_REQUEST["restofpath"], $output_array); $path = $isVersioned ? $_REQUEST["restofpath"] : "v1/" . $_REQUEST["restofpath"]; $request = $request->withUri($request->getUri()->withPath($path)); lYmPu: return $next($request, $response); } }
Malware detection & removal plugin for WordPress
(C)2020 Wordpress Doctor All rights reserved.