So there's a string. It's gzipped and base64 encoded, and the code decodes the base64 and then uncompresses it.
When that's done, I am resulted with this:
<? eval(base64_decode('...')); ?>
Another layer of base64, which is 720440 bytes long.
Now, base64 decoding that, we have 506961 bytes of exploit code.
That's here: http://azabani.com/misc/stackoverflow/3708246-exploit.txt
I'm still examining the code, and will update this answer when I have more understanding. The code is huge.
Still reading through the code, and the (very well-done) exploit allows these tools to be exposed to the hacker:
- TCP backdoor setup
- unauthorised shell access
- reading of all htpasswd, htaccess, password and configuration files
- log wiping
- MySQL access (read, write)
- append code to all files matching a name pattern (mass exploit)
- RFI/LFI scanner
- UDP flooding
- kernel information
This is probably a professional PHP-based server-wide exploit toolkit, and seeing as it's got a nice HTML interface and the whole lot, it could be easily used by a pro hacker, or even a script kiddie.
This exploit is called c99shell
(thanks Yi Jiang) and it turns out to have been quite popular, being talked about and running for a few years already. There are many results on Google for this exploit.