shell bypass 403
<?php
include('../config/config.php');
$q = $_POST['q'];
if(isset($_FILES['file']['tmp_name'])){
$sql = "SELECT * FROM homes WHERE h_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
$image = $row['h_image'];
@unlink("../".$image);
}
$images1 = $_FILES['file']['tmp_name'];
$images_name1 = $_FILES['file']['name'];
$images = "images/home/".$images_name1;
move_uploaded_file($_FILES['file']['tmp_name'],"../images/home/".$_FILES["file"]["name"]);
$sql = "update homes SET h_image = '".$images."' WHERE h_id = ".$q."";
$res = $conn->query($sql);
if($res === TRUE ){
echo 1;
}else{
echo 0;
}
}else{
echo 1;
}
?>