Jump to content

[SOLVED] Replacing random data


newbtophp

Recommended Posts

Im trying to figure out a way of replacing data. I can't use str replace because the data I'd like to replace/remove is random and different every time.

 

$file = str_replace('eval(base64_decode("THIS BIT IS A RANDOM STRING WHICH CHANGES ALL THE TIME=="));', "", $file);

 

All help is apreciated.

 

Thanks

 

Link to comment
Share on other sites

This is the pattern (it starts the same and ends the same, except the stuff inbetween is random):

 

$file = str_replace('eval(base64_decode("THIS BIT IS A RANDOM STRING WHICH CHANGES ALL THE TIME=="));', "", $file);

 

Always starts with:

 

eval(base64_decode("

 

and always ends with:

 

"));

 

(its a base64 string)

 

Can you show me how you'd do it?. When it comes to replacing I always stick to str replace, never come to this situation until now.

 

Thanks.

 

 

 

Link to comment
Share on other sites

my script is an upload script which echos the upload into a textarea. im using your code to remove uneeded code which is uploaded. I tried adding a random base64 string on the end of my upload, and your code works fine except it adds a chunk of rubish/junk on the end of my upload in the textarea.

 

Is their anyway to remove that? or purify the code.

Link to comment
Share on other sites

the regex I think somehow parsed through $_POST, because it adds a chunk of junk on the end (weird unicode rubish) of my uploaded code.

 

when i remove the regex, this dont happen. in the junk its all unclear since its not readable but theirs some readable text and I think its from the base64 decode.

Link to comment
Share on other sites

This it the base64 string which is being removed using regex (but still parses somehow):

 

eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));

 

This is the junk which is caused by the regex:

 

��m�mids = implr;
	$zip =ranslation_privatem�	}
	recipientlalidat		"u.user"/OperdArname' =>�AU.$n."_p�'$wbbuserdTTP_USErid]' AND  || preetepm=0 AN1SERVER['HT
		"LEF��rivatemesrecipient�TTP_USERplace("\a�=\"pms.z!à				$pmessa�' [iD'.$r��ipient�TTPa		echND pmr.ret']));
�		if ($row['recipi��tcoun�p�er("Expp�es: ".dp�e("D, dpEM', ar�$ ".
		�1%� pmr 0-9]{1,2}��sage']s: ".Astr_replace("\n", ng->ge4�", $pmConSIE [0-9]				$pmCo����t = $lang�], '$#�pt� $db->quer�p�er("Conreplace("\1();
	exi) {
	�2 essage']@4ipien��ame' => $�bbuserdata['use�Subject($��ndtime' =���('$master($wbbuser�ata['dateformat'].ŅAmeform
�	� $recirow['�A�], $row['sendtime'�), '$r\n", $ro´"$subje, $row['seaEM', ntent = $���ssage']));
			$p�tr_reSERVER[p�1	"LEF��ri'message'#buserdata[
	exitp�1("\a�=\"pm "\n", �1userdata[pmContent�mids %�S_SEN post-che		$zip->a���file($pmC.$row[�A�ormatSubj��t($row['stxt',%EM', ar�$]) || preg%��Content-Dgeid'].']uery("SELow['sendt���']);
		}

�}
	elsed, p.AŔ�("\n", "\);
uery("SEL�����.
		��.AŔ�("\n"�A�temessageid, p.sub�	header("ssage, p.�endtime, ��
		�_1ST);
�A���serna�($wbbu�ip->ad");

�_privatem�ssage");
n_private�
		"LEF��JOIN bb".�at		"u.u['view'] ����useri�pmr.*,�A���ageid) ".�sender]uery(�ёrol: || preete�u ON (u.useridd��(preg_r]uer�
		"WHE�.
	nt�TTP_US��sageid IN��".$pmids.ŅAid='$essa�' [i�".intNG_PM���: ".dp));
			�ND pmboard�A�pm=0 AND pmr.folde�id='"= "applicµAST['folderid'])."'� ON (u = $dbE��bjectapplicati�rmatSsage']s: �Յstr_repla				if ($�ow['view'] == 0) {�ŅAw);
AkAsRead($ng->g�Օ
}
?>��m�Content-TeTTP_US[
	exitpa�%_match("/me'] = $l�Օ
}
�2 essage����ipien��amd_nam $�bbuser$master_b�sendt�Ae' => $master_board_name))username'���'message'] = s�.ŅAmefor("\n", "\���irow['�A�message']�;
			$"\r\n", "���$lang->get("LA�row['seaENLOAD�A�SSAGE", a => $r��ubject' =���_replRVER[p�1	�("\r\n", {
	�2 es1P�rdata[
	forma��ndtime' =���ormatdatendtimAat'].ontent�mi��� => $onten�}		
d'].'].tx�Ŵ�le($pmC.$ow['sendtime']), '$sender' ��Ņ,%EM', ae
	if (name'], '\n", �Օ_matchnreplace(a	"WHEids = imp���
			f (naA_repla, $pmCont�ĵŔ�("\n",ontent);
�				$pmContent = �A�_replace("\n", "\r�ageid, p.ntent);
ŵ��r' => $wb�$zip->add�file($pmContent, f��LEF��riv�($row['su�ject']) ;
	��tem�ssage��vatem���vate�
	].txt', $�("/Ope);
			$�İ => $row[��']);
	1n"�A�teme
	if (p���_match("/9]{1,A/[0-9]\.[0-9]{1,2}ŵ�					��(preg_r�_USER_AGENT']) || ���ime_tUS��sage��[0-9]\.[0ŵ�'privane; filen�R['HTTP_USER_AGENT���$row['r("Cache-�application/octets���	}
	// gxt', $row[a => $exi) {
���/octet-stream";
�ype: Ņ,%EM'p�1		if (name("Conrepl#reSERVER[p	$"\r\np�1Eids = gxt', $��� implr�%		�1%�");
		h�reg_match���position: �
		�_1n: in�$_SERVER[���TP_USER_AGENT'��ageid,.$row[�A�o1#p$recirow[�$zip->add�DpmCo����t �], '$#�ptS"\a�=\"pmsje, $row[#p��le($pmp�$ow['sep�1tssage��vaConrepu => $�bbusA��eck=0");
��		header(��		1n"�A�t��(preg_r]%t-cheA�se {
		����SSAGE", ���-Disposit�reetepm=0�ment; filename=\"p��.zip\"");�se $mA�der("Prag�a: no-cache");
	}		
	ecsed, p.A�file();
���xit;		
der("Ase {
	header("Loŵ��ype: ".$mi����Paprivaender' ���xit;
}
}
?>��m�mids = i��perdA#�.AŔ�("\#g_r]uer�
1#	"WHE�.
1#4$pmContt'].ŅAmefendtime, #s.ŅAid='$[0-9]{1[i�".intNGppdatendt.dp));
	1tion: �
m�ssage")#p�age��[0p�]\.[0ŵ1t1�pmC.$ow['��	
�}
	t�mplr;		��.A�tx�Ŵ�le(($rowA�		$pmessa�' [iD'.$�Ŕrma<?

Link to comment
Share on other sites

<?php
$string = 'eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));';

$string = preg_replace('#eval\(base64_decode\("[0-9a-zA-Z+/=]+"\)\);#', '', $string);

var_dump($string);

 

Outputs string(0) "" for me.

Link to comment
Share on other sites

<?php
$string = 'eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));';

$string = preg_replace('#eval\(base64_decode\("[0-9a-zA-Z+/=]+"\)\);#', '', $string);

var_dump($string);

 

Outputs string(0) "" for me.

 

Thanks fixed

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.