shell bypass 403

Cubjrnet7 Shell

: /home/eklavya/www/libraries/vendor/joomla/application/src/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : SessionAwareWebApplicationTrait.php
<?php

/**
 * Part of the Joomla Framework Application Package
 *
 * @copyright  (C) 2019 Open Source Matters, Inc. <https://www.joomla.org>
 * @license    GNU General Public License version 2 or later; see LICENSE
 */

namespace Joomla\Application;

use Joomla\Input\Input;
use Joomla\Session\SessionInterface;

/**
 * Trait which helps implementing `Joomla\Application\SessionAwareWebApplicationInterface` in a web application class.
 *
 * @since  2.0.0
 */
trait SessionAwareWebApplicationTrait
{
    /**
     * The application session object.
     *
     * @var    SessionInterface
     * @since  2.0.0
     */
    protected $session;

    /**
     * Method to get the application input object.
     *
     * @return  Input
     *
     * @since   2.0.0
     */
    abstract public function getInput(): Input;

    /**
     * Method to get the application session object.
     *
     * @return  SessionInterface  The session object
     *
     * @since   2.0.0
     */
    public function getSession()
    {
        if ($this->session === null) {
            throw new \RuntimeException(\sprintf('A %s object has not been set.', SessionInterface::class));
        }

        return $this->session;
    }

    /**
     * Sets the session for the application to use, if required.
     *
     * @param   SessionInterface  $session  A session object.
     *
     * @return  $this
     *
     * @since   2.0.0
     */
    public function setSession(SessionInterface $session)
    {
        $this->session = $session;

        return $this;
    }

    /**
     * Checks for a form token in the request.
     *
     * @param   string  $method  The request method in which to look for the token key.
     *
     * @return  boolean
     *
     * @since   2.0.0
     */
    public function checkToken($method = 'post')
    {
        $token = $this->getFormToken();

        // Support a token sent via the X-CSRF-Token header, then fall back to a token in the request
        $requestToken = $this->getInput()->server->get(
            'HTTP_X_CSRF_TOKEN',
            $this->getInput()->$method->get($token, '', 'alnum'),
            'alnum'
        );

        if (!$requestToken) {
            return false;
        }

        return $this->getSession()->hasToken($token);
    }

    /**
     * Method to determine a hash for anti-spoofing variable names
     *
     * @param   boolean  $forceNew  If true, force a new token to be created
     *
     * @return  string  Hashed var name
     *
     * @since   2.0.0
     */
    public function getFormToken($forceNew = false)
    {
        return $this->getSession()->getToken($forceNew);
    }
}

© 2025 Cubjrnet7