shell bypass 403

Cubjrnet7 Shell

: /home/eklavya/backups/joomla3oldsite/apps/email2csv/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : welcome.php
<html>
<body>

<?php
//echo $_POST["fname"];
$post_string = explode ($_POST["sep"], $_POST["fname"]);
if($_POST["pref"]==1)
{
	$a=count($post_string);

	$file = fopen("mail.csv","w");

	fwrite($file,"EMAIL" . "," . "NAME". "\n");
	//echo "EMAIL" . "," . "NAME";
	//echo "<br>";
	for($x=0;$x<$a;$x++)
	{
		$trimmed=trim($post_string[$x]," ");
		$trimmed = str_replace(array('\'', '"',">"),'', $trimmed);
		$trimmed=trim($trimmed," ");
		$post_name = explode ('<', $trimmed);
		$string=trim($post_name[0]," ");
		if(count($post_name)==2)
			$post_name[1]=trim($post_name[1]," ");
	//	echo $string[0].$string[1]."<br>";
		$cc=count($post_name);
		//echo $cc;
		if(count($post_name)==2 && strcasecmp($post_name[0],$post_name[1])!=0)
		{
			//echo $post_name[0]."~~~~".$post_name[1];
			if(ord($string[0])>=97 && ord($string[0])<=122)
				$string[0]=strtoupper($string[0]);
			$string_c=strlen($string);
			for($z=0;$z<$string_c;$z++)
			{
				if(ord($string[$z])==32 )
				{
					if(ord($string[$z+1])>=97 && ord($string[$z+1])<=122)
					{
						$string[$z+1]=strtoupper($string[$z+1]);
					}
				}
			}
			$post_name[0]=$string;
		}

		if(count($post_name)==2 && strcasecmp($post_name[0],$post_name[1])!=0)
		{
			//echo $post_name[1] . "=====>" . $post_name[0];
			fwrite($file,$post_name[1].",".$post_name[0]."\n");
		}
		elseif(count($post_name)!=2)
		{
			//echo $post_name[0].",";
			fwrite($file,$post_name[0].","."\n");
		}
		else
		{
			//echo $post_name[1].",";
			fwrite($file,$post_name[1].","."\n");
		}

		//echo  "------------"."<br>"; 
	}
	fclose($file);
}
if($_POST["pref"]==0)
{
	$a=count($post_string);
	$file = fopen("mail.csv","w");

	fwrite($file,"NAME" . "," . "EMAIL". "\n");
	//echo "EMAIL" . "," . "NAME";
	//echo "<br>";
	for($x=0;$x<$a;$x++)
	{
		$trimmed=trim($post_string[$x]," ");
		$trimmed = str_replace(array('\'', '"',">"),'', $trimmed);
		$trimmed=trim($trimmed," ");
		$post_name = explode ('<', $trimmed);
		$string=trim($post_name[0]," ");
		if(count($post_name)==2)
			$post_name[1]=trim($post_name[1]," ");
	//	echo $string[0].$string[1]."<br>";
		$cc=count($post_name);
		//echo $cc;
		if(count($post_name)==2 && strcasecmp($post_name[0],$post_name[1])!=0)
		{
			//echo $post_name[0]."~~~~".$post_name[1];
			if(ord($string[0])>=97 && ord($string[0])<=122)
				$string[0]=strtoupper($string[0]);
			$string_c=strlen($string);
			for($z=0;$z<$string_c;$z++)
			{
				if(ord($string[$z])==32 )
				{
					if(ord($string[$z+1])>=97 && ord($string[$z+1])<=122)
					{
						$string[$z+1]=strtoupper($string[$z+1]);
					}
				}
			}
			$post_name[0]=$string;
		}

		if(count($post_name)==2 && strcasecmp($post_name[0],$post_name[1])!=0)
		{
			//echo $post_name[1] . "=====>" . $post_name[0];
			fwrite($file,$post_name[0].",".$post_name[1]."\n");
		}
		elseif(count($post_name)!=2)
		{
			//echo $post_name[0].",";
			fwrite($file,",".$post_name[0]."\n");
		}
		else
		{
			//echo $post_name[1].",";
			fwrite($file,",".$post_name[1]."\n");
		}

		//echo  "------------"."<br>"; 
	}
	fclose($file);
}

?>
<form method="get" action="mail.csv">
<button type="submit">Download!</button>
</form>

</body>
</html>

© 2025 Cubjrnet7