shell bypass 403

UnknownSec Shell

: /home/huskies/domains/huskiesbags.com/public_html/backoffice/ [ drwxr-xr-x ]
Uname: Linux sv2.orange-thailand.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Software: Apache/2
PHP version: 7.3.33 [ PHP INFO ] PHP os: Linux
Server Ip: 43.229.78.102
Your Ip: 18.219.181.165
User: huskies (1019) | Group: huskies (1021)
Safe Mode: OFF
Disable Function:
NONE
upload mass deface mass delete console

name : loging_check.php 
<?php
  session_start();
  require('connect_database.php');
  date_default_timezone_set('Asia/Bangkok');
  $FileType = date("Y-m-d"); // $FileType = date("Y-m-d H:i:s"); 2014-06-03 13:25:01

 $strSQL = "SELECT * FROM `tb_staff` 
 INNER JOIN `tb_status_staff` ON tb_staff.status = tb_status_staff.id_per 
 WHERE `tb_staff`.`usernam` = '".$_POST['username']."' 
 AND `tb_staff`.`password` = '".$_POST['password']."'";
 
 $objQuery = mysqli_query($myConn,$strSQL);
 $objResult = mysqli_fetch_array($objQuery);

 if(!$objResult){
  setcookie("staff_bk", '0', time()+604800);

   echo " <script>alert('Username and Password ไม่ถูกต้อง!');";
   echo " window.location='pages-signin.php'</script>";

   exit();
 }

 else
 {

    setcookie("id_bk", $objResult["id"], time()+604800);
    setcookie("status_bk", $objResult['id_per'], time()+604800);
    setcookie("usernam_bk", $objResult['usernam'], time()+604800);
    setcookie("password_bk", $objResult['password'], time()+604800);
    setcookie("name_bk", $objResult['name'], time()+604800);
    setcookie("picture_bk", $objResult['picture'], time()+604800);
    setcookie("staff_bk", '1', time()+604800);

   // session_write_close();
   header("location: index.php");
 }

//mysqli_close();

?>
© 2024 UnknownSec