shell bypass 403

GrazzMean Shell

: /home/homesquasz/devprod/ChefDepartement/ [ drwx---r-x ]
Uname: Linux webm016.cluster127.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Software: Apache
PHP version: 7.4.33 [ PHP INFO ] PHP os: Linux
Server Ip: 54.36.31.145
Your Ip: 216.73.216.182
User: homesquasz (91404) | Group: users (100)
Safe Mode: OFF
Disable Function:
_dyuweyrj4,_dyuweyrj4r,dl
upload mass deface mass delete console

name : authentification.html 
<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Authentification</title>

  <!-- Google Font: Source Sans Pro -->
  <link rel="stylesheet"
    href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback">
  <!-- Font Awesome -->
  <link rel="stylesheet" href="plugins/fontawesome-free/css/all.min.css">
  <!-- icheck bootstrap -->
  <link rel="stylesheet" href="plugins/icheck-bootstrap/icheck-bootstrap.min.css">
  <!-- Theme style -->
  <link rel="stylesheet" href="dist/css/adminlte.min.css">
  <script>
    if (localStorage.getItem("nomPrenomChefDept")) {
      location.replace("index.html");
    }
  </script>
</head>

<body class="hold-transition login-page">
  <div class="login-box">
    <div class="login-logo">
      <div class="login100-form-title">
        <img src="bg-03.jpg" width="320px">
      </div>
    </div>
    <!-- /.login-logo -->
    <div class="card">
      <div class="card-body login-card-body">
        <p class="login-box-msg">Connectez-Vous</p>

        <form onsubmit="return false">
          <div class="input-group mb-2">
            <input type="text" class="form-control" placeholder="Login" id="inputLogin">
            <div class="input-group-append">
              <div class="input-group-text">
                <span class="fas fa-user-alt"></span>
              </div>
            </div>
          </div>
          <span id="errorLogin"></span>

          <div class="input-group mb-2">
            <input type="password" class="form-control" placeholder="Mot de Passe" id="inputPassword">
            <div class="input-group-append">
              <div class="input-group-text">
                <span class="fas fa-lock"></span>
              </div>
            </div>
          </div>
          <span id="errorPassword"></span>

          <div class="row" style="top: 15px;">
            <div class="col-3"></div>
            <!-- /.col -->
            <div class="col-5">
              <button type="submit" class="btn btn-primary btn-block" onclick="verifierExistanceCommercial()">Se
                Connecter</button>
            </div>
            <!-- /.col -->
          </div>
          <span id="errorSignIn" style="margin-left:60px;"></span>
        </form>
      </div>
      <!-- /.login-card-body -->
    </div>
  </div>
  <!-- /.login-box -->

  <!-- jQuery -->
  <script src="plugins/jquery/jquery.min.js"></script>
  <!-- Bootstrap 4 -->
  <script src="plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
  <!-- AdminLTE App -->
  <script src="dist/js/adminlte.min.js"></script>


  <script>
    function validationChamp() {

      var test = true;
      let inputLogin = document.getElementById('inputLogin');
      let inputPassword = document.getElementById("inputPassword");

      if (inputLogin.value.trim() == "") {
        var myError = document.getElementById('errorLogin');
        myError.innerHTML = "Veuillez donner un Login";
        myError.style.color = 'red';
        test = false;
      } else {
        var myError = document.getElementById('errorLogin');
        myError.innerHTML = "";

      }

      if (inputPassword.value.trim() == "") {
        var myError = document.getElementById('errorPassword');
        myError.innerHTML = "Veuillez donner un Password";
        myError.style.color = 'red';
        test = false;
      } else {
        var myError = document.getElementById('errorPassword');
        myError.innerHTML = "";

      }

      return test;

    }
  </script>

  <script>

    function verifierExistanceCommercial() {
      var test = validationChamp();
      if (test == true) {
        let inputLogin = document.getElementById('inputLogin');
        let inputPassword = document.getElementById("inputPassword");
        var myError = document.getElementById('errorSignIn');
        var verif = false;
        // Create a request variable and assign a new XMLHttpRequest object to it.
        var request = new XMLHttpRequest()
        // Open a new connection, using the GET request on the URL endpoint
        request.open('GET', 'http://127.0.0.1:3000/commercials', true)
        request.onload = function () {
          // Begin accessing JSON data here
          var data = JSON.parse(this.response)

          data.forEach(i => {
            if (i.login == inputLogin.value && i.password == inputPassword.value && i.idDepartement == "GypsoBat" && i.fonction == "Chef Departement") {
              verif = true;
              localStorage.setItem("nomPrenomChefDept", i.nomPrenom);
              localStorage.setItem("idCommercial", i._id);
              localStorage.setItem("idDepartement", i.idDepartement);
              //alert("herree" + verif);
              location.replace("index.html");
            }
          })
          //alert("vv" + verif);
          if (verif == false) {
            myError.innerHTML = "Login ou Password Incorrect";
            myError.style.color = 'red';
          } else {
            myError.innerHTML = "";
          }
        }

        request.send()


      }

    }
  </script>

</body>

</html>
© 2026 GrazzMean