shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : bank_details.php
<?php
//function autoload
        spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        
         if(isset($_POST['mobile']) && isset($_POST['pin']) && isset($_POST['token']))
            {
                     $mobile = $_POST['mobile'];
                     $secretKey = $_POST['pin'];
                     $deviceToken = $_POST['token'];
                     $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
                            if($p_id)
                            {
                                $check = $sqlfun->query("SELECT * FROM (select acc_num,ifsc,holder_name,bank_name,city,pincode,gpay,phonepay,paytm as p_paytm,winwallet from player where p_id = '$p_id') as p JOIN message;");
                                $row = $check->fetch(PDO::FETCH_OBJ);
                            
                                echo json_encode(array("res"=>"success","msg"=>"data found","data"=>$row),JSON_PRETTY_PRINT);
                            }
                            else
                            {
                                 echo json_encode(array("res"=>"failure","msg"=>"not valid","data"=>new stdClass()));   
                            }
            }
            else
            {
                   echo json_encode(array("res"=>"failure","msg"=>"param not found","data"=>new stdClass()));    
            }
© 2026 GrazzMean