Ben‘s web firm took on a new client, and they’re using a rather questionable shopping cart system. Like a lot of PHP web plugins, someone decided that they needed to “protect” their code by obfuscating it. Either that, they were obfuscating it out of shame, one or the other.
if(!function_exists(“cache_exists”)) {
eval(“fu” . “nction cach” . “e_exi” . “sts($Data) { echo base” . “64” . “_d” . “eco” . “de($” . “Data); }”);
}
It seems like they specifically chose an “obfuscation” method which makes it hard to CTRL+F through the code- a search for “cache_exists” won’t find the function definition. It’ll find the line right before the function definition, where the code is checking to see if the function already exists, but it won’t find the function.
But let’s talk about what the function does. It echoes into the page body the base-64 decoded version of whatever was in $Data. This alone gives me so many questions. What is in $Data? How does this relate to caching? Why are we just echoing the raw contents of a variable? What is this even for? Given that we do a function_exists check, I have a dark suspicion that there are multiple possible definitions of the function. This is the stub one that doesn’t rely on reading from a cache and sorta does… almost nothing? But in other circumstances, there are other versions which are actually returning whether or not an entry is in the cache. This is just a guess, as Ben didn’t supply that information, but everything about this makes me Concernedâ„¢.
ProGet’s got you covered with security and access controls on your NuGet feeds. Learn more.
Source: Read MoreÂ