shell bypass 403
<?php include('../config/config.php'); $q = $_POST['q']; $pro_name = $_POST['pro_name']; $sql = "SELECT * FROM projects WHERE p_id = ".$q." "; $res = $conn->query($sql); while($row = $res->fetch_assoc()){ $im_show = $row['p_im_show']; $check_path = substr($im_show,7,32); } if(isset($_FILES['file1']['tmp_name'])){ $sql1 = "SELECT * FROM project_details WHERE pd_no = 1 and p_pd_id = ".$q.""; $res1 = $conn->query($sql1); while($row1 = $res1->fetch_assoc()){ $test = substr($row1['im_pd_id'],0,6); if($test == "upload"){ $oldPicture = "../".$row1['im_pd_id']; if (file_exists($oldPicture)) { unlink($oldPicture); } } $images = $_FILES['file1']['tmp_name']; $images_name = $_FILES['file1']['name']; $upload_path = $check_path; $images1 = "upload/".$upload_path."/".md5($date_current.$_FILES['file1']['size'].rand(1,1000000).time()).$images_name; move_uploaded_file($_FILES['file1']['tmp_name'],"../".$images1); $sql = "UPDATE project_details SET im_pd_id = '".$images1."' WHERE pd_no = 1 and p_pd_id = ".$q.""; $res = $conn->query($sql); if($res == TRUE){ $check_1 = true; } } }else{ $check_1 = TRUE; } if(isset($_FILES['file2']['tmp_name'])){ $sql2 = "SELECT * FROM project_details WHERE pd_no = 2 and p_pd_id = ".$q.""; $res2 = $conn->query($sql2); while($row2 = $res2->fetch_assoc()){ $test = substr($row2['im_pd_id'],0,6); if($test == "upload"){ $oldPicture = "../".$row2['im_pd_id']; if (file_exists($oldPicture)) { unlink($oldPicture); } } $images = $_FILES['file2']['tmp_name']; $images_name = $_FILES['file2']['name']; $upload_path = $check_path; $images2 = "upload/".$upload_path."/".md5($date_current.$_FILES['file2']['size'].rand(1,1000000).time()).$images_name; move_uploaded_file($_FILES['file2']['tmp_name'],"../".$images2); $sql = "UPDATE project_details SET im_pd_id = '".$images2."' WHERE pd_no = 2 and p_pd_id = ".$q." "; $res = $conn->query($sql); if($res == TRUE){ $check_2 = true; } } }else{ $check_2 = TRUE; } if(isset($_FILES['file3']['tmp_name'])){ $sql3 = "SELECT * FROM project_details WHERE pd_no = 3 and p_pd_id = ".$q.""; $res3 = $conn->query($sql3); while($row3 = $res3->fetch_assoc()){ $test = substr($row3['im_pd_id'],0,6); if($test == "upload"){ $oldPicture = "../".$row3['im_pd_id']; if (file_exists($oldPicture)) { unlink($oldPicture); } } $images = $_FILES['file3']['tmp_name']; $images_name = $_FILES['file3']['name']; $upload_path = $check_path; $images3 = "upload/".$upload_path."/".md5($date_current.$_FILES['file3']['size'].rand(1,1000000).time()).$images_name; move_uploaded_file($_FILES['file3']['tmp_name'],"../".$images3); $sql = "UPDATE project_details SET im_pd_id = '".$images3."' WHERE pd_no = 3 and p_pd_id = ".$q." "; $res = $conn->query($sql); if($res == TRUE){ $check_3 = true; } } }else{ $check_3 = TRUE; } if(isset($_FILES['file4']['tmp_name'])){ $sql4 = "SELECT * FROM project_details WHERE pd_no = 4 and p_pd_id = ".$q.""; $res4 = $conn->query($sql4); while($row4 = $res4->fetch_assoc()){ $test = substr($row4['im_pd_id'],0,6); if($test == "upload"){ $oldPicture = "../".$row4['im_pd_id']; if (file_exists($oldPicture)) { unlink($oldPicture); } } $images = $_FILES['file4']['tmp_name']; $images_name = $_FILES['file4']['name']; $upload_path = $check_path; $images4 = "upload/".$upload_path."/".md5($date_current.$_FILES['file4']['size'].rand(1,1000000).time()).$images_name; move_uploaded_file($_FILES['file4']['tmp_name'],"../".$images4); $sql = "UPDATE project_details SET im_pd_id = '".$images4."' WHERE pd_no = 4 and p_pd_id = ".$q." "; $res = $conn->query($sql); if($res == TRUE){ $check_4 = true; } } }else{ $check_4 = TRUE; } if(isset($_FILES['file5']['tmp_name'])){ $sql5 = "SELECT * FROM project_details WHERE pd_no = 5 and p_pd_id = ".$q.""; $res5 = $conn->query($sql5); while($row5 = $res5->fetch_assoc()){ $test = substr($row5['im_pd_id'],0,6); if($test == "upload"){ $oldPicture = "../".$row5['im_pd_id']; if (file_exists($oldPicture)) { unlink($oldPicture); } } $images = $_FILES['file5']['tmp_name']; $images_name = $_FILES['file5']['name']; $upload_path = $check_path; $images5 = "upload/".$upload_path."/".md5($date_current.$_FILES['file5']['size'].rand(1,1000000).time()).$images_name; move_uploaded_file($_FILES['file5']['tmp_name'],"../".$images5); $sql = "UPDATE project_details SET im_pd_id = '".$images5."' WHERE pd_no = 5 and p_pd_id = ".$q." "; $res = $conn->query($sql); if($res == TRUE){ $check_5 = true; } } }else{ $check_5 = TRUE; } if(($check_1 === true) and ($check_2 === true) and ($check_3 === true) and ($check_4 === true) and ($check_5 === true)){ echo 1; }else{ echo 0; } ?>