shell bypass 403

UnknownSec Shell

: /home/interiorvi/domains/interiorvisions.co.th/public_html/2/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : index.php
<?

define('SITE', 'atworkidea');

$base = array(
    'time_start' => microtime(),
    'name' => $_SERVER['PHP_SELF'],
    'dir' => dirname(__FILE__) . '/',
);

//if(!file_exists($base['dir'] . 'data/config.php'))
//{
//	header('Location: install/install.php');
//	exit();
//}

require_once $base['dir'] . 'config.php';
require_once $base['dir'] . 'source/core.func.php';
require_once $base['dir'] . 'source/getdata.func.php';
require_once $base['dir'] . 'classes/class.PDOConnection.php';

$base['post'] = paddslashes($_POST);
$base['get'] = paddslashes($_GET);
$base['session'] = paddslashes($_SESSION);
$base['cookie'] = paddslashes($_COOKIE);
unset($_POST);
unset($_GET);
unset($_SESSION);
unset($_COOKIE);

$langset = $base['cookie']['lang'] ? $base['cookie']['lang'] : $config['lang'];

require_once $base['dir'] . 'lang/langset.php';
$langset = in_array($langset, array_keys($all_lang)) ? $langset : $base['cookie']['lang'];
require_once $base['dir'] . 'lang/' . $langset . '/all.lang.php';

$base['lang'] = $lang;
unset($lang);



//$base['lang']['mod_not_found'] = "เน„เธกเนˆเธžเธš Mod \\1";

$base['config'] = $config;
unset($config);

$conn = new PDOConnection();
$conn->connect($base['config']['db']['type'], $base['config']['db']['host'], $base['config']['db']['name'], $base['config']['db']['user'], $base['config']['db']['pass']);

if ($base['get']['mod'] == '')
    $base['get']['mod'] = 'index';

//if (!empty($_FILES))
//	$base['get']['mod'] = 'upload';
$page = array(
    'index',
    'company',
    'management',
    'team',
    'awards',
    'client',
    'contact',
    'joinus',
    'map',
    'googlemap',
    'publications',
    'viewinteriorproject',
    'viewinteriorgallery',
    'viewarchitectureproject',
    'viewgraphicproject',
    'viewgallery',
    'viewgraphic',
    'viewlist',
);
if (!in_array($base['get']['mod'], $page))
    error_report(str_replace('\\1', '<code>' . htmlspecialchars($base['get']['mod']) . '</code>', $base['lang']['mod_not_found']));


// fix hightlight
$base['highlight'] = $base['get']['mod'];
if($base['get']['mod']=="joinus"){
    $base['highlight'] = "join us";
}else if($base['get']['mod']=="viewinteriorproject" || $base['get']['cname']=="Interior"){
    $base['highlight'] = "interior";
}else if($base['get']['mod']=="viewarchitectureproject" || $base['get']['cname']=="Architecture"){
    $base['highlight'] = "architecture";
}else if($base['get']['mod']=="viewgraphicproject" || $base['get']['cname']=="Graphic"){
    $base['highlight'] = "graphic";
}else if($base['get']['mod']=="index"){
    $base['highlight'] = "home";
}


require_once $base['dir'] . 'source/' . $base['get']['mod'] . '.mod.php';
?>

© 2024 UnknownSec