shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : add_sub_category.php
<?php $this->load->view('admin/sidebar.php');?>
		</div>
		<div class="content-right">
			<?php $this->load->view('admin/header.php');
                        $sub_cat_name="";
                        $btnname="Add";
                        $method="admin/insert_sub_category";
                        if($this->uri->segment('5')){
                $this->db->where('id',base64_decode($this->uri->segment('5')));  
            $query=$this->db->get('tb_sub_category');
          $sub_cat_name= $query->row()->name;
				 
                            $btnname="Update";
                        $method="admin/update_sub_category/".base64_decode($this->uri->segment('5')); 
                        }
                        ?>
			<div class="main-content">
				<div class="dash-block">
                                    <form method="post" action="<?=base_url($method)?>" enctype= 'multipart/form-data'>
						<div class="row">
							<div class="col-md-12">
								<div class="form-group row">
								    <label for="inputPassword" class="col-sm-4 col-form-label">Sub Category Name </label>
								    <div class="col-sm-8">
								      <input type="text" class="form-control" id="inputPassword" placeholder="Enter Sub Category" name="sub_cat_name" value="<?=$sub_cat_name?>">
								      <input type="hidden" class="form-control" name="category_id" value="<?=base64_decode($this->uri->segment('3'))?>">
								      <input type="hidden" class="form-control" name="main_category_id" value="<?=$this->uri->segment('4')?>">
								    </div>
								</div>
								 
							</div>
							<div class="col-md-8 offset-md-2">
								<button class="btn btn-submit"><?=$btnname?></button>
							</div>
						</div>
						</form>

					<div class="form-element mt-2">
						<table class="table table-bordered" id="example">
						<thead>
							<tr>
								<th>SNo </th>
								<th>Sub Category</th>
								<th>Category</th>
								<th>Status</th>
								<th>Action</th>
							</tr>
						</thead>
						<tbody>	
							<?php 
          $this->db->where('category_id',base64_decode($this->uri->segment('3')));  
            $this->db->order_by('id','desc');
            $query=$this->db->get('tb_sub_category');
            if($query->num_rows()>0){
							
								$sno = 1;
								foreach($query->result() as $row){?>
								<tr>
									<td><?=$sno++?></td>
									<td><?=ucwords($row->name)?></td>
									<td><?=ucwords(base64_decode($this->uri->segment('4')))?></td>
									<td>
									<?php
									if($row->status==0){?>
										 <div class="onoffswitch">
											<input type="checkbox" name="onoffswitch" class="onoffswitch-checkbox main_cat_status" id="<?=$row->id?>">
											<label class="onoffswitch-label" for="<?=$row->id?>">
											<span class="onoffswitch-inner"></span>
											<span class="onoffswitch-switch"></span>
											</label>	
										</div>
										<?php
									} else {?> 
								 		<div class="onoffswitch">
											<input type="checkbox" name="onoffswitch" class="onoffswitch-checkbox main_cat_status" id="<?=$row->id?>" checked>
											<label class="onoffswitch-label check" for="<?=$row->id?>">
											<span class="onoffswitch-inner"></span>
											<span class="onoffswitch-switch"></span>
											</label>	
										</div>
								 	<?php 	
									 } ?>
								</td>
									<td>
                                                                            <a href="<?=base_url('admin/add_sub_category/'.$this->uri->segment('3').'/'.$this->uri->segment('4').'/'.base64_encode($row->id))?>"  class="btn btn-primary btn-sm"> Edit</a>  
										<a href="<?=base_url('admin/delete_sub_category/'.base64_encode($row->id))?>" class="btn btn-danger btn-sm">Trash</a>
                                                                        </td>
								</tr>	
							<?php	
								}
            }
							?>
						</tbody>	
						</table>
					</div>
				</div>
			</div>
			<?php $this->load->view('admin/footer');?>
		</div>
	</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/bootstrap.min.js')?>"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/select2.min.js')?>"></script>
<script type="text/javascript" src="<?=base_url('admin_assets/js/custom.js')?>"></script>
<script src="<?=base_url('admin_assets/js/css3-animate-it.js')?>"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.19/js/dataTables.bootstrap4.min.js"></script>
<script type="text/javascript">
	$(document).ready(function () {
	  	$('#example').DataTable();
	});
</script>
<script type="text/javascript">
$(".main_cat_status").change(function() {
	var isChecked=$(this).prop("checked");
	var main_cat_id=$(this).attr("id");
	if(isChecked){
	$.ajax({
		url:"<?=base_url('admin/sub_category_status_changer')?>",
		method:"post",
		data:{"c_id_for_status":main_cat_id,"status":1},
		success: function(res){//for response
			alert("True");
			}
		});
	}else{
		$.ajax({
		url:"<?=base_url('admin/sub_category_status_changer')?>",
		method:"post",
		data:{"c_id_for_status":main_cat_id,"status":0},
		success: function(res){//for response
			alert("True");
			}
		});
	}	
});
</script>
</body>
</html>

© 2026 GrazzMean