shell bypass 403

UnknownSec Shell

: /home/huskies/domains/huskiesbags.com/public_html/backoffice/ [ drwxr-xr-x ]
Uname: Linux sv2.orange-thailand.com 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
Software: Apache/2
PHP version: 7.3.33 [ PHP INFO ] PHP os: Linux
Server Ip: 43.229.78.102
Your Ip: 18.188.195.81
User: huskies (1019) | Group: huskies (1021)
Safe Mode: OFF
Disable Function:
NONE
upload mass deface mass delete console

name : report_stack.php 
<?php
/**
 * PHPExcel
 *
 * Copyright (c) 2006 - 2015 PHPExcel
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 *
 * @category   PHPExcel
 * @package    PHPExcel
 * @copyright  Copyright (c) 2006 - 2015 PHPExcel (http://www.codeplex.com/PHPExcel)
 * @license    http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt	LGPL
 * @version    ##VERSION##, ##DATE##
 */

/** Error reporting */
error_reporting(E_ALL);
ini_set('display_errors', TRUE);
ini_set('display_startup_errors', TRUE);
date_default_timezone_set('Asia/Bangkok');
require('connect_database.php');


$dates = date("Y-m-d");

if (PHP_SAPI == 'cli')
	die('This example should only be run from a Web Browser');

/** Include PHPExcel */
require_once 'PHPExcel/Classes/PHPExcel.php';

// Create new PHPExcel object
$objPHPExcel = new PHPExcel();

// Set document properties
$objPHPExcel->getProperties()->setCreator("Maarten Balliauw")
							 ->setLastModifiedBy("Maarten Balliauw")
							 ->setTitle("Office 2007 XLSX Test Document")
							 ->setSubject("Office 2007 XLSX Test Document")
							 ->setDescription("Test document for Office 2007 XLSX, generated using PHP classes.")
							 ->setKeywords("office 2007 openxml php")
							 ->setCategory("Test result file");

$defaultStyle = $objPHPExcel->getDefaultStyle();
			$defaultStyle->getFont()
			->setName('Century Gothic')
			->setSize(12);

			$title = 'ReportStackProduct_Datas_' . date('Y-m-d H:i:s');
			$objPHPExcel->getProperties()->setCreator('Pitt Phunsanit')
					->setCategory('Exports Datas')
					->setDescription($title)
					->setKeywords('Exports Datas ' . date('Y-m-d'))
					->setSubject($title)
					->setTitle($title);
// Add some data
// Add header data
$objPHPExcel->setActiveSheetIndex(0)
            ->setCellValue('A1', '#')
            ->setCellValue('B1', 'วันที่ดำเนินการ')
            ->setCellValue('C1', 'ชื่อผู้แก้ไข')
            ->setCellValue('D1', 'ชื่อสินค้า')
            ->setCellValue('E1', 'สีสินค้า')
            ->setCellValue('F1', 'สถานะแก้ไข')
            ->setCellValue('G1', 'จำนวนการแก้ไข');

// Miscellaneous glyphs, UTF-8
$strSQL = "SELECT * FROM `log_stock_product` 
INNER JOIN tb_product ON log_stock_product.id_product = tb_product.id_product 
INNER JOIN tb_type_color ON log_stock_product.id_col = log_stock_product.id_col 
INNER JOIN tb_staff ON log_stock_product.id = tb_staff.id 
ORDER BY `log_stock_product`.`createdate` DESC";

$objQuery = mysqli_query($myConn,$strSQL);
$i = 2;
$no =1;
$status = '';
while($objResult = mysqli_fetch_array($objQuery))
{
	if ($objResult['status']=="change") { 
		$status = "เปลี่ยนแปลง";
	} elseif ($objResult['status']=="up") {
		$status = "เพิ่มสินค้า";
	} else {
		$status = "ลดสินค้า";
	}
	

	$objPHPExcel->setActiveSheetIndex(0)
		->setCellValue('A'.$i, $no)
		->setCellValue('B'.$i,  date("d-m-Y H:i:s", strtotime($objResult["createdate"])))
		->setCellValue('C'.$i, $objResult["name"])
		->setCellValue('D'.$i, $objResult["productcode"])
		->setCellValue('E'.$i, $objResult['name_color'])
		->setCellValue('F'.$i, $status)
		->setCellValue('G'.$i, $objResult['totalstack']);
	$no++;
	$i++;
}

// Rename worksheet
$objPHPExcel->getActiveSheet()->setTitle('Exports Edit Stack');

// Set active sheet index to the first sheet, so Excel opens this as the first sheet
$objPHPExcel->setActiveSheetIndex(0);
$objPHPExcel->getActiveSheet()->getColumnDimension('A')->setWidth(5); //กำนหดความกว้าง
$objPHPExcel->getActiveSheet()->getColumnDimension('B')->setWidth(25); //กำนหดความกว้าง
$objPHPExcel->getActiveSheet()->getColumnDimension('C')->setWidth(12); //กำนหดความกว้าง
$objPHPExcel->getActiveSheet()->getColumnDimension('D')->setWidth(17); //กำนหดความกว้าง
$objPHPExcel->getActiveSheet()->getColumnDimension('E')->setWidth(30); //กำนหดความกว้าง
$objPHPExcel->getActiveSheet()->getColumnDimension('F')->setWidth(10); //กำนหดความกว้าง
$objPHPExcel->getActiveSheet()->getColumnDimension('G')->setWidth(13); //กำนหดความกว้าง

// Redirect output to a client’s web browser (Excel5)
header('Content-Type: application/vnd.ms-excel');
header('Content-Disposition: attachment;filename="'.$title.'.xls"');
header('Cache-Control: max-age=0');
// If you're serving to IE 9, then the following may be needed
header('Cache-Control: max-age=1');

// If you're serving to IE over SSL, then the following may be needed
header ('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past
header ('Last-Modified: '.gmdate('D, d M Y H:i:s').' GMT'); // always modified
header ('Cache-Control: cache, must-revalidate'); // HTTP/1.1
header ('Pragma: public'); // HTTP/1.0

$objWriter = PHPExcel_IOFactory::createWriter($objPHPExcel, 'Excel5');
$objWriter->save('php://output');
exit;
© 2024 UnknownSec