PHP Malware Analysis

Back to list

Tags


Deobfuscated code

<?php

libxml_disable_entity_loader(false);
$xmlfile = file_get_contents("php://input");
$dom = new DOMDocument();
$dom->loadXML($xmlfile, "LIBXML_N_EN_AD");
$creds = simplexml_import_dom($dom);
$user = $creds->user;
$pass = $creds->pass;
echo "You have logged in as user {$user}";
?> 


Original code

<?php 
    libxml_disable_entity_loader (false);
    $xmlfile = file_get_contents("php://input");
    $dom = new DOMDocument();
    $dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD);
    $creds = simplexml_import_dom($dom);
    $user = $creds->user;
    $pass = $creds->pass;
    echo "You have logged in as user $user";
?>