shell bypass 403
UnknownSec Shell
:
/
proc
/
self
/
root
/
proc
/
self
/
root
/
usr
/
local
/
lsws
/
admin
/
html
/
classes
/ [
drwxr-xr-x
]
upload
mass deface
mass delete
console
info server
name :
DPage.php
<?php class DPage { public $_type;//serv, vh, sl, admin public $_id; public $_name; public $_title; public $_helpLink; public $_tblIds; public $_includeScript; public function __construct($type, $id, $name, $title, $tblIds) { $this->_type = $type; $this->_id = $id; $this->_name = $name; $this->_title = $title; $this->_tblIds = $tblIds; $this->_helpLink = 'index.html'; } public function PrintHtml(&$confData, $disp) { $viewTags = 'vbsDdBCiI'; $editTags = 'eEaScn'; $isEdit = ( strpos($editTags, $disp->_act) !== false ); if ($disp->_act == 'd' || $disp->_act == 'i') { $this->printActionConfirm($disp); } if ($disp->_err != null) { echo GUIBase::message("", $disp->_err, "error"); } $tblDef = DTblDef::GetInstance(); if ($disp->_tid == null) { $tids = $this->_tblIds; } else { $tid = DUtil::getLastId($disp->_tid); $tids = array($tid); } $ref = DUtil::getLastId($disp->_ref); foreach ($tids as $ti) { $tbl = $tblDef->GetTblDef($ti); $isExtract = false; if ($disp->_act == 'a') { $d = []; } else if ($disp->_act == 'S' || $disp->_act == 'c' || $disp->_act == 'n') { //save failed or in change $isExtract = true; $d = &$confData; } else { $d = DUtil::locateData($confData, $tbl->_dataLoc, $disp->_ref); } if ($tbl->_holderIndex != null) { if ($disp->_act == 'e' || $disp->_act == 'E' || $disp->_act == 'a') { $disp->_info['holderIndex'] = is_array($d) ? array_keys($d) : null; $disp->_info['holderIndex_cur'] = $ref; } if (!$isExtract && $ref != null && substr($ti, -3) != 'TOP') { $d = &$d[$ref]; } } else { $disp->_info['holderIndex'] = null; } echo "<div>"; $tbl->PrintHtml($d, $ref, $disp, $isEdit); echo "</div>"; if ($isEdit == false && $tbl->_linkedTbls != null && isset($tbl->_linkedTbls['disp'])) { foreach ($tbl->_linkedTbls['disp'] as $lti) { $linkedtbl = $tblDef->GetTblDef($lti); $dlinked = DUtil::locateData($d, $linkedtbl->_dataLoc); echo "<div>"; $linkedtbl->PrintHtml($dlinked, $ref, $disp, false); echo "</div>"; } } } } private function printActionConfirm($disp) { $hasB = (strpos($disp->_tid, '`') !== false ); echo '<div class=message>'; if ($disp->_act == 'd') { $actString = $hasB ? 'DC' : 'Dc'; //should validate whether there is reference to this entry echo 'Are you sure you want to delete this entry?<br>' . '<span class="edit-link">' . $this->getActionLink($disp, $actString) . '</span>' . '<br>This will be permanently removed from the configuration file.'; } elseif ($disp->_act == 'i') { $actString = $hasB ? 'IC' : 'Ic'; echo 'Are you sure you want to instantiate this virtual host?<br>' . '<span class="edit-link">' . $this->getActionLink($disp, $actString) . '</span>' . '<br>This will create a dedicated configuration file for this virtual host.'; } echo "</div>"; } private function getActionLink($disp, $actions) { $buf = ''; $allActions = ['D' => 'Yes', 'c' => 'Cancel', 'C' => 'Cancel', 'I' => 'Yes']; $chars = preg_split('//', $actions, -1, PREG_SPLIT_NO_EMPTY); foreach ($chars as $act) { $query_param = [ 'm' => $disp->_mid, 'p' => $disp->_pid, ]; $t = ''; $r = ''; $buf .= ' '; $name = $allActions[$act]; if ($act == 'b' || $act == 'c') { $act = 'b'; } elseif (strpos('vEdDCBiI', $act) !== false) { if ($act == 'C') { $act = 'B'; } $t = $disp->_tid; $r = $disp->_ref; } if ($t) { $query_param['t'] = $t; } if ($r) { $query_param['r'] = $r; } $query_param['a'] = $act; $query_param['tk'] = $disp->_token; $buf .= '<a href="' . $disp->_ctrlUrl . http_build_query($query_param) . '">' . $name . '</a>'; } return $buf; } }
© 2025 UnknownSec