%PDF- %PDF- 403WebShell
403Webshell
Server IP : 37.220.80.31  /  Your IP : 3.145.91.196
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux 3051455-guretool.twc1.net 5.15.0-107-generic #117-Ubuntu SMP Fri Apr 26 12:26:49 UTC 2024 x86_64
User : www-root ( 1010)
PHP Version : 7.4.33
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/www-root/data/www/dev.artlot24.ru/bitrix/modules/security/install/otp/ws/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/www-root/data/www/dev.artlot24.ru/bitrix/modules/security/install/otp/ws/index.php
<?
header('Access-Control-Allow-Origin: *');
if($_SERVER["REQUEST_METHOD"]=="OPTIONS")
{
	header('Access-Control-Allow-Methods: POST, OPTIONS');
	header('Access-Control-Max-Age: 60');
	//header('Access-Control-Allow-Headers: *');
	header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept');
	die('');
}

define("NOT_CHECK_PERMISSIONS", true);
define("ADMIN_SECTION",false);

require_once($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php");


if(($_POST['action']!='register' && $_POST['action']!='unregister') || $_POST['secret']=="")
{
	CHTTP::SetStatus("403 Forbidden");
	die();
}

if($USER->Login($_POST['login'], $_POST['password']) !== true)
{
	if($APPLICATION->NeedCAPTHAForLogin($_POST['login']))
	{
		$CAPTCHA_CODE = $APPLICATION->CaptchaGetCode();
		echo "{'captchaCode': '".$CAPTCHA_CODE."'};";
	}

	CHTTP::SetStatus("401 Unauthorized");
	die();
}


if(!CModule::IncludeModule("security"))
{
	CHTTP::SetStatus("403 Forbidden");
	$USER->Logout();
	die();
}

if(!\Bitrix\Security\Mfa\Otp::isOtpEnabled())
{
	CHTTP::SetStatus("403 Forbidden");
	$USER->Logout();
	die();
}

if($_POST['action']!='register')
	$_POST['secret']="";

$isUpdated = CSecurityUser::update(array(
	"USER_ID" => $USER->GetID(),
	"SECRET" => $_POST['secret'],
	"ACTIVE" => "Y",
	"TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP // Bitrix.OTP use HOTP
));

if(!$isUpdated)
{
	//print_r($APPLICATION->GetException());
	CHTTP::SetStatus("403 Forbidden");
	$USER->Logout();
	die();
}

$USER->Logout();
?>

Youez - 2016 - github.com/yon3zu
LinuXploit