shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
public_html
/
views
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
v_user_edit.php
<?php $Template = new Template; if ($_POST['submitBut'] == 'Edit'){ $Users = new Users; $row = $Users->get($_POST['userID'], '', ''); $userID = $_POST['userID']; $fName = $row['fName']; $lName = $row['lName']; $email = $row['email']; $username = $row['username']; $action = 'Edit'; } else if ($_POST['submitBut'] == 'Save'){ // return data from form $userID = $_POST['userID']; $fName = $_POST['fName']; $lName = $_POST['lName']; $email = $_POST['email']; $search_arr = array("'", " "); $replace_arr = array("", ""); $username = str_replace($search_arr, $replace_arr, strtolower($_POST['username'])); $action = $_POST['action']; $error_msg = ''; if ($_POST['pass1'] != ''){ // changing password if ($_POST['pass1'] != $_POST['pass2']){ $error_msg = "Passwords don't match"; } else if (strlen($_POST['pass1']) < 8 || strlen($_POST['pass1']) > 12){ $error_msg = "Password does not meet the length criteria"; } else if (!preg_match("#[0-9]+#", $_POST['pass1']) || !preg_match("#[a-z]+#", $_POST['pass1']) || !preg_match("#[A-Z]+#", $_POST['pass1']) || !preg_match("#\W+#", $_POST['pass1'])){ $error_msg = "Password does not contain all the required character types"; } } $Template->set_alert($error_msg, 'error'); } else { // initialize variables $userID = ''; $fName = ''; $lName = ''; $email = ''; $username = ''; $action = 'Add'; } echo $Template->get_alerts(); echo " <form action='' method='post'> <input type='hidden' name='userID' value='".$userID."'> <input type='hidden' name='action' value='".$action."'> <div class='col-12'> <div class='col75'> <H1>". $action . " User Account</H1> </div> <div class='col25 right'> <input type='submit' name='submitBut' value='Cancel' class='btn btn_cancel'> <input type='submit' name='submitBut' value='Save' class='btn btn_save'> </div> </div> <div class='edit_form_group'>"; if ($userID > 0){ echo " <div class='col-12 bot_line'> <div class='form_label'>ID#: </div> <div class='form_input'>".$_POST['userID']."</div> </div>"; } echo " <div class='col-12 bot_line'> <div class='form_label'>First name</div> <div class='form_input'> <input type='text' name='fName' value='".$fName."' size=12 maxlength=12> </div> </div> <div class='col-12 bot_line'> <div class='form_label'>Last name</div> <div class='form_input'> <input type='text' name='lName' value='".$lName."' size=12 maxlength=12> </div> </div> <div class='col-12 bot_line'> <div class='form_label'>Email address</div> <div class='form_input'> <input type='text' name='email' value='".$email."' size=50 maxlength=50> </div> </div>"; if ($userID > 0){ echo " <div class='col-12 bot_line'> <div class='form_label'>Username</div> <div class='form_input'> <input type='text' name='username' value='".$username."' size=12 maxlength=12> <span class='comment'>8 - 12 characters</span> </div> </div> <div class='col-12 bot_line'> <div class='form_full_width'>Password must be at least 8 characters. Must include at least one of each of the following: upper-case letter, lower-case letter, number, symbol </div> <div class='form_label'>Password</div> <div class='form_input'> <input type='password' name='pass1' size=12 maxlength=12 class='w30'> </div> <div class='form_label'>Retype Password</div> <div class='form_input'> <input type='password' name='pass2' size=12 maxlength=12 class='w30'> </div> </div> "; } else { echo " <div class='col-12 bot_line'> <div class='form_full_width'> A username will be automatically created and sent the the email address above. </div> </div> <input type='hidden' name='username' value=''> <input type='hidden' name='pass1' value=''>"; } echo " </div> </form>";
© 2026 UnknownSec