shell bypass 403

GrazzMean Shell

Uname: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux
Software: Apache
PHP version: 5.6.40 [ PHP INFO ] PHP os: Linux
Server Ip: 217.160.0.194
Your Ip: 216.73.216.158
User: u72294154 (9179942) | Group: ftpusers (600)
Safe Mode: OFF
Disable Function:
NONE

name : AppController.php
<?php
App::uses('Controller', 'Controller');
App::uses('CakeEmail', 'Network/Email');

class AppController extends Controller {

    public $uses = array();
    public $components = array(
        'Session',
        'Cookie',
        'Auth' => array(
            'authenticate' => array(
                'Form' => array(
                    'userModel' => 'Usuario',
                    'fields' => array(
                        'username' => 'email',
                        'password' => 'clave'
                    ),
                    'scope' => array('Usuario.validado' => true),
                ),
            ),
            'loginAction' => array('controller' => 'frontend', 'action' => 'login'),
            'loginRedirect' => array('controller' => 'private', 'action' => 'home'),
            'logoutRedirect' => array('controller' => 'pages', 'action' => 'home')
        ),
        'App',
        'Metas',
    );
    public $stylesheets = array();
    public $javascripts = array();
    public $usuario = null;
    public $errores = array();
    public $btnClose = '<button type="button" class="close" data-dismiss="alert">×</button>';

    public function beforeFilter() {
        parent::beforeFilter();

        //Configuramos la cookie para la aplicación
        $this->Cookie->name = 'altamira21';
        $this->Cookie->time = 3600 * 24 * 365;

        //Comprobamos si el usuario está logueado en la aplicación
        array_push($this->uses, 'Usuario');
        if ($this->Auth->loggedIn()) {
            $this->usuario = $this->Auth->User();
        } elseif ($this->Cookie->check('Usuario')) {
            //Buscamos si existe la cookie con los datos del usuario para el autologin
            $usuario = $this->Usuario->find('first', array('conditions' => unserialize($this->Cookie->read('Usuario'))));
            if (!empty($usuario) && $this->Auth->login($usuario['Usuario'])) {
                $this->usuario = $usuario['Usuario'];
            }
        }
    }

    public function beforeRender() {
        parent::beforeRender();

        $this->set('usuario', $this->usuario);
        $this->set('errores', $this->errores);
        $this->set('btnClose', $this->btnClose);
        $this->set('env', Configure::read('App.env'));
        $this->set('webs', Configure::read('App.webs'));

        //CSS y JS
        $this->set('stylesheets', $this->stylesheets);
        $this->set('javascripts', $this->javascripts);
    }

    // public function appError() {
    //     $this->redirect(array('controller' => 'pages', 'action' => 'error'));
    // }

    protected function getParamsSession($key, $default = null) {
        if (!empty($this->request->query[$key])) {
            $out = $this->request->query[$key];
        } else { //si no obtenemos el parámetro por GET
            $out = $this->Session->read($key);
            if (empty($out)) { //vista por defecto
                $out = $default;
            }
        }

        return $out;
    }

}
© 2026 GrazzMean