shell bypass 403

Cubjrnet7 Shell

: /home/eklavya/backups/joomla3oldsite/administrator/components/com_migrateme4/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : controller.php
<?php

/* -------------------------------------------
Component: com_migrateMe4
Author: Barnaby Dixon
Email: [email protected]
Copywrite: Copywrite (C) 2013 Barnaby Dixon. All Rights Reserved.
License: http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
---------------------------------------------*/

defined('_JEXEC') or die( 'Restricted access' );
jimport('joomla.application.component.controller');
if(!class_exists('JControllerLegacy')) {
    class JControllerLegacy extends JController {
        function __construct() { 
            parent::__construct();
        }
    }
}
class MigrateMe4Controller extends JControllerLegacy {
    
	function __construct( $default = array()) {
        migrateMe4::_initParams();
        $log = JPATH_ADMINISTRATOR.'/components/com_migrateme4/log.txt';
        vbMLog::_init($log);
		parent::__construct( $default );
	}
    
    function __destruct() {
        vbMLog::_close();
    }
    
    function config() {
        JSession::checkToken() or jexit( 'Bad token. Please try again' );
        $this->setRedirect( 'index.php?option=com_migrateme4&view=config');
    }
    
    function backups() {
        JSession::checkToken() or jexit( 'Bad token. Please try again' );
        $this->setRedirect( 'index.php?option=com_migrateme4&view=backups');
    }
    
    function save() {
        JSession::checkToken() or jexit( 'Unable to save your settings - bad token. Please try again' );
        
        migrateMe4::_saveParams();
        $cache = JFactory::getCache('_system');
        $cache->clean();
        
        //REDIRECT
		$msg = "Your configuration has been saved";
        $this->setRedirect( 'index.php?option=com_migrateme4', $msg);
    }
            
    function cancel() {
        JSession::checkToken() or jexit( 'Bad token. Please try again' );
        $this->setRedirect( 'index.php?option=com_migrateme4');
    }
    
   	function upgrade() {	
        $action = (isset($_GET['action'])) ? htmlentities($_GET['action']) : 'init';
        $x = new stgAjaxUpgrade;
        $x->$action();
	}
   	function resumeUpgrade() {
   	    $resume = JPATH_ADMINISTRATOR.'/components/com_migrateme4/resume.txt';
        $action = 'init';
        if(file_exists($resume)) {
            $vars = file_get_contents($resume);
            $vars = json_decode($vars);
            if(!isset($vars->action) || strlen($vars->action)<2) die('Unable to resume automatically - please reload the page and try again');
            $action = $vars->action;
            $_POST['jdata'] = (array) $vars->jdata;
        }
        $x = new stgAjaxUpgrade;
        $x->$action();
	}
   	function sync() {	
        $action = (isset($_GET['action'])) ? htmlentities($_GET['action']) : 'init';
        $x = new stgAjaxSync;
        $x->$action();
	}
   	function restore() {	
        $action = (isset($_GET['action'])) ? htmlentities($_GET['action']) : 'init';
        $x = new stgAjaxRestore;
        $x->$action();
	}
   	function remove() {	
        $action = (isset($_GET['action'])) ? htmlentities($_GET['action']) : 'init';
        $x = new stgAjaxRemove;
        $x->$action();
	}
   	function rmBackup() {	
        $action = (isset($_GET['action'])) ? htmlentities($_GET['action']) : 'init';
        $x = new stgAjaxRmBackup;
        $x->$action();
	}

	function display ($cachable = false, $urlparams = false) {
        $input = JFactory::getApplication()->input;
        $view = $input->get('view');
        
        if($view === "config") $input->set('view', 'config');
        elseif($view === "backups") $input->set('view', 'backups');
        else $input->set('view', 'default');
        
		parent::display();
	}
    
   	function checkAjax() {
        $x = new stgAjaxCheck;
	}
}

© 2025 Cubjrnet7