[SOLVED] Replacing random data

newbtophp · August 20, 2009

Im trying to figure out a way of replacing data. I can't use str replace because the data I'd like to replace/remove is random and different every time.

$file = str_replace('eval(base64_decode("THIS BIT IS A RANDOM STRING WHICH CHANGES ALL THE TIME=="));', "", $file);

All help is apreciated.

Thanks

mikesta707 · August 20, 2009

does the random string fit a pattern? if so you can use a regular expression. if its truely random, than im not sure how you would go about replacing it 100% effectively every time

newbtophp · August 20, 2009

This is the pattern (it starts the same and ends the same, except the stuff inbetween is random):

$file = str_replace('eval(base64_decode("THIS BIT IS A RANDOM STRING WHICH CHANGES ALL THE TIME=="));', "", $file);

Always starts with:

eval(base64_decode("

and always ends with:

"));

(its a base64 string)

Can you show me how you'd do it?. When it comes to replacing I always stick to str replace, never come to this situation until now.

Thanks.

newbtophp · August 20, 2009

I've also tried replacing the start and end with "/**", "*/" to try and bypass it but still no luck.

I'd just like it removed since it intefers with the functionality of my script.

mikesta707 · August 20, 2009

ahhh OK, if it starts and ends the same you can use regex very easily to do what you want. I'm very bad at regex but let me try to whip up a function for you. its coming hold on

mikesta707 · August 20, 2009

yeah I failed at regex but you can use str replace, and just replace the begin and end with nothing IE:

$toreplace = array('eval(base64_decode("', '"));');

$file = str_replace($toreplace, "", $file);

newbtophp · August 20, 2009

Thanks it worked!

I've learnt something new

newbtophp · August 20, 2009

my script is an upload script which echos the upload into a textarea. im using your code to remove uneeded code which is uploaded. I tried adding a random base64 string on the end of my upload, and your code works fine except it adds a chunk of rubish/junk on the end of my upload in the textarea.

Is their anyway to remove that? or purify the code.

Daniel0 · August 20, 2009

Using regex would be fairly straightforward because a base64 encoded string will use a finite set of characters.

$string = preg_replace('#eval(base64_decode("[0-9a-zA-Z+/=]+");#', '', $string);

newbtophp · August 20, 2009

thanks Danny but i think it still parses through, still get the chunk off rubish added on the end of the uploaded code.

Daniel0 · August 20, 2009

Ah yeah sorry, I forgot to escape the parentheses. Try this:

$string = preg_replace('#eval\(base64_decode\("[0-9a-zA-Z+/=]+"\)\);#', '', $string);

newbtophp · August 20, 2009

Thanks Danny that was great! Solved my problems

newbtophp · August 20, 2009

Danny I tested your code on a number of files it works on some but, on others it just echos a blank textarea with php tags without any code because of it. I know this because when I remove the code it functions fine.

newbtophp · August 21, 2009

Danny!!!!!! What do you think the problem might be?

Daniel0 · August 21, 2009

Well, I don't know what you're trying to do. The regex I proved just did what you initially asked: removing any combination of eval(base64_encode());.

newbtophp · August 21, 2009

the regex I think somehow parsed through $_POST, because it adds a chunk of junk on the end (weird unicode rubish) of my uploaded code.

when i remove the regex, this dont happen. in the junk its all unclear since its not readable but theirs some readable text and I think its from the base64 decode.

Daniel0 · August 21, 2009

Maybe it would be a good idea to post this?

newbtophp · August 21, 2009

This it the base64 string which is being removed using regex (but still parses somehow):

eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));

This is the junk which is caused by the regex:

��m�mids = implr;
	$zip =ranslation_privatem�	}
	recipientlalidat		"u.user"/OperdArname' =>�AU.$n."_p�'$wbbuserdTTP_USErid]' AND  || preetepm=0 AN1SERVER['HT
		"LEF��rivatemesrecipient�TTP_USERplace("\a�=\"pms.z!à				$pmessa�' [iD'.$r��ipient�TTPa		echND pmr.ret']));
�		if ($row['recipi��tcoun�p�er("Expp�es: ".dp�e("D, dpEM', ar�$ ".
		�1%� pmr 0-9]{1,2}��sage']s: ".Astr_replace("\n", ng->ge4�", $pmConSIE [0-9]				$pmCo����t = $lang�], '$#�pt� $db->quer�p�er("Conreplace("\1();
	exi) {
	�2 essage']@4ipien��ame' => $�bbuserdata['use�Subject($��ndtime' =���('$master($wbbuser�ata['dateformat'].ŅAmeform
�	� $recirow['�A�], $row['sendtime'�), '$r\n", $ro´"$subje, $row['seaEM', ntent = $���ssage']));
			$p�tr_reSERVER[p�1	"LEF��ri'message'#buserdata[
	exitp�1("\a�=\"pm "\n", �1userdata[pmContent�mids %�S_SEN post-che		$zip->a���file($pmC.$row[�A�ormatSubj��t($row['stxt',%EM', ar�$]) || preg%��Content-Dgeid'].']uery("SELow['sendt���']);
		}

�}
	elsed, p.AŔ�("\n", "\);
uery("SEL�����.
		��.AŔ�("\n"�A�temessageid, p.sub�	header("ssage, p.�endtime, ��
		�_1ST);
�A���serna�($wbbu�ip->ad");

�_privatem�ssage");
n_private�
		"LEF��JOIN bb".�at		"u.u['view'] ����useri�pmr.*,�A���ageid) ".�sender]uery(�ёrol: || preete�u ON (u.useridd��(preg_r]uer�
		"WHE�.
	nt�TTP_US��sageid IN��".$pmids.ŅAid='$essa�' [i�".intNG_PM���: ".dp));
			�ND pmboard�A�pm=0 AND pmr.folde�id='"= "applicµAST['folderid'])."'� ON (u = $dbE��bjectapplicati�rmatSsage']s: �Յstr_repla				if ($�ow['view'] == 0) {�ŅAw);
AkAsRead($ng->g�Օ
}
?>��m�Content-TeTTP_US[
	exitpa�%_match("/me'] = $l�Օ
}
�2 essage����ipien��amd_nam $�bbuser$master_b�sendt�Ae' => $master_board_name))username'���'message'] = s�.ŅAmefor("\n", "\���irow['�A�message']�;
			$"\r\n", "���$lang->get("LA�row['seaENLOAD�A�SSAGE", a => $r��ubject' =���_replRVER[p�1	�("\r\n", {
	�2 es1P�rdata[
	forma��ndtime' =���ormatdatendtimAat'].ontent�mi��� => $onten�}		
d'].'].tx�Ŵ�le($pmC.$ow['sendtime']), '$sender' ��Ņ,%EM', ae
	if (name'], '\n", �Օ_matchnreplace(a	"WHEids = imp���
			f (naA_repla, $pmCont�ĵŔ�("\n",ontent);
�				$pmContent = �A�_replace("\n", "\r�ageid, p.ntent);
ŵ��r' => $wb�$zip->add�file($pmContent, f��LEF��riv�($row['su�ject']) ;
	��tem�ssage��vatem���vate�
	].txt', $�("/Ope);
			$�İ => $row[��']);
	1n"�A�teme
	if (p���_match("/9]{1,A/[0-9]\.[0-9]{1,2}ŵ�					��(preg_r�_USER_AGENT']) || ���ime_tUS��sage��[0-9]\.[0ŵ�'privane; filen�R['HTTP_USER_AGENT���$row['r("Cache-�application/octets���	}
	// gxt', $row[a => $exi) {
���/octet-stream";
�ype: Ņ,%EM'p�1		if (name("Conrepl#reSERVER[p	$"\r\np�1Eids = gxt', $��� implr�%		�1%�");
		h�reg_match���position: �
		�_1n: in�$_SERVER[���TP_USER_AGENT'��ageid,.$row[�A�o1#p$recirow[�$zip->add�DpmCo����t �], '$#�ptS"\a�=\"pmsje, $row[#p��le($pmp�$ow['sep�1tssage��vaConrepu => $�bbusA��eck=0");
��		header(��		1n"�A�t��(preg_r]%t-cheA�se {
		����SSAGE", ���-Disposit�reetepm=0�ment; filename=\"p��.zip\"");�se $mA�der("Prag�a: no-cache");
	}		
	ecsed, p.A�file();
���xit;		
der("Ase {
	header("Loŵ��ype: ".$mi����Paprivaender' ���xit;
}
}
?>��m�mids = i��perdA#�.AŔ�("\#g_r]uer�
1#	"WHE�.
1#4$pmContt'].ŅAmefendtime, #s.ŅAid='$[0-9]{1[i�".intNGppdatendt.dp));
	1tion: �
m�ssage")#p�age��[0p�]\.[0ŵ1t1�pmC.$ow['��	
�}
	t�mplr;		��.A�tx�Ŵ�le(($rowA�		$pmessa�' [iD'.$�Ŕrma<?

Daniel0 · August 21, 2009

<?php
$string = 'eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));';

$string = preg_replace('#eval\(base64_decode\("[0-9a-zA-Z+/=]+"\)\);#', '', $string);

var_dump($string);

Outputs string(0) "" for me.

newbtophp · August 21, 2009

<?php
$string = 'eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));';

$string = preg_replace('#eval\(base64_decode\("[0-9a-zA-Z+/=]+"\)\);#', '', $string);

var_dump($string);

Outputs string(0) "" for me.

Thanks fixed

newbtophp · August 21, 2009

I hope im not asking too much but anychance you can take a look at:

http://www.phpfreaks.com/forums/index.php/topic,266001.0.html

Sign In

[SOLVED] Replacing random data

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived

Important Information