PHP Malware Analysis

Back to list

Filename: xxe.php

Tags

Files
  • file_get_contents

Deobfuscated code

<?php

libxml_disable_entity_loader(false);
$xmlfile = file_get_contents('php://input');
$dom = new DOMDocument();
$dom->loadXML($xmlfile, "LIBXML_N_EN_AD");
$o = simplexml_import_dom($dom);
$user = $o->username;
$pass = $o->password;
echo "username : {$user}";


Original code

<?php
libxml_disable_entity_loader (false);
$xmlfile = file_get_contents('php://input');
$dom = new DOMDocument();
$dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD);
$o = simplexml_import_dom($dom);
$user = $o->username;
$pass = $o->password;
echo "username : $user";
?>