shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : view-delivery-location.php
 
			<?php $this->load->view('admin/sidebar.php');?>
		</div>
		<div class="content-right">
			<?php $this->load->view('admin/header.php');?>
			<div class="main-content">
				<div class="dash-block">
					<h5 class="border-bottom pb-3">View Delivery Location <a href="<?=base_url('admin/add_delivery_location')?>"><button type="button" class="btn btn-success btn-sm m-2">Add Delivery Location</button></a></h5>

					<div class="form-element mt-2">
						<table class="table table-bordered" id="example">
						<thead>	
							<tr>
								<th>SNo </th>
								<th>Pincode</th>
								<th>City</th>
								<th>Charges</th>
								<th>Action</th>
							</tr>
						</thead>
						<tbody>	
							<?php 
							if(isset($location_res) && $location_res==true):
								$sno = 1;
								foreach($location_res as $row){?>
								<tr>
									<td><?=$sno++?></td>
									<td><?=$row->pincode?></td>
									<td><?=$row->city_name?></td>
									<td><?=$row->charge?></td>
									<td><a href="<?=base_url('admin/add_delivery_location/'.base64_encode($row->id))?>"><button type="button" class="btn btn-primary btn-sm">Edit</button></a>
										<a href="<?=base_url('admin/delete_delivery_location/'.base64_encode($row->id))?>" onclick="return confirm('Are you sure?')"><button type="button" class="btn btn-danger btn-sm">Trash</button></td></td>
							<?php	
								}
							endif;
							?>
						</tbody>	
						</table>
					</div>
				</div>
			</div>
			<?php include'footer.php';?>
		</div>
	</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/bootstrap.min.js')?>"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/select2.min.js')?>"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/custom.js')?>"></script>
<script src="<?=base_url('admin_assets/js/css3-animate-it.js')?>"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.19/js/dataTables.bootstrap4.min.js"></script>
<script type="text/javascript">
	$(document).ready(function () {
	  	$('#example').DataTable();
	});
</script>
<script type="text/javascript">
$(".membership_status").change(function() {
	var con = confirm("Are you sure you want to delete..");
	var isChecked=$(this).prop("checked");
	var user_id=$(this).attr("id");
	if(con==true){
		if(isChecked==true){
		$.ajax({
			url:"<?=base_url('admin/membership_status_changer')?>",
			method:"post",
			data:{"user_id_for_status":user_id,"status":1},
			success: function(res){//for response
				alert("True");
				location.reload();
				}
			});
		}else{
			alert("User Already Purchase Membership");
			return false;
		}
	}	
});

$(".save_btn").click(function() {
	var con = confirm("Are you sure ");
	var user_id=$(this).attr("id");
	var package = $(this).closest("tr").find('select#package').val();
	if(con==true){
		$.ajax({
			url:"<?=base_url('admin/package_status_changer')?>",
			method:"post",
			data:{"user_id_for_package":user_id,"package":package},
			success: function(res){//for response
				if(res==1){
					alert("Sucess! Package Done");
					location.reload();
				}
				
			}
		});
	}else{
		alert("Internal Problmem");
		return false;
	}
	
});
</script>
</body>
</html>

© 2026 GrazzMean