shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : game_bid.php
<?php
//function autoload
        spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();

         date_default_timezone_set('Asia/Kolkata');
         $open_time = date("H:i:s");
         $cur_date = date("Y-m-d");
         
         if(isset($_POST['mobile']) && isset($_POST['game_id']) && isset($_POST['token']) && isset($_POST['pin']))
         {
             $mobile = $_POST['mobile'];
             $game_id = $_POST['game_id'];
             $deviceToken = $_POST['token'];
             $secretKey = $_POST['pin'];
             
             $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
                    if($p_id)
                    {
                     //game
                     $check_game =  $sqlfun->query("select * from game where g_id = '$game_id'");
                     $row_game = $check_game->fetch(PDO::FETCH_OBJ);
                     $open_timestamp = $row_game->open_timestamp;
                     $close_timestamp = $row_game->close_timestamp;
                     $open = date("Y-m-d H:i:s",$open_timestamp);
                     $close = date("Y-m-d H:i:s",$close_timestamp);
                    // echo "select * from manage_game_id where play_datetime between '$open' AND '$close' && user_id = '$p_id' && game_id = '$game_id'";
                     $check_bid = $sqlfun->query("select * from manage_game_id where play_datetime between '$open' AND '$close' && user_id = '$p_id' && game_id = '$game_id'");
                     if($check_bid->rowCount() > 0){
                          while($row_bid = $check_bid->fetch(PDO::FETCH_OBJ)){
                                $array[] = $row_bid;
                          }
                        echo json_encode(array("res"=>"success","msg"=>"data found","data"=>$array));
                     }
                     else
                     {
                        echo json_encode(array("res"=>"failure","msg"=>"data not found","data"=>array())); 
                     }
                    }
                    else
                    {
                        echo json_encode(array("res"=>"failure","msg"=>"invalid cred","data"=>array())); 
                    }
         }
         else
         {
             echo json_encode(array("res"=>"failure","msg"=>"param not found","data"=>array())); 
         }
         
         ?>
© 2026 GrazzMean