shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : withdrawkiapi.php
<?php
//function autoload
        spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        
            date_default_timezone_set("Asia/Kolkata");
            
            if(isset($_POST['name']) && isset($_POST['bank']) && isset($_POST['mobile']) && isset($_POST['amount']) && isset($_POST['acc_no']) && isset($_POST['ifsc']) && isset($_POST['holder_name']) && isset($_POST['selected_methode']))
                {
                    //$date = $_POST['date'];
                    //$p_id = $_POST['p_id'];
                    $name = $_POST['name'];
                    $bank = $_POST['bank'];
                    $mobile = $_POST['mobile'];
                    $amount = $_POST['amount'];
                    $deviceToken = $_POST['token'];
                    $secretKey = $_POST['pin'];
                    $selected_methode = $_POST['selected_methode'];
                  $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mobile);
                            if($p_id)
                            {  
                    $datas = array(
                        "date" =>date("Y-m-d"),
                        "player_id" =>$p_id,
                        "p_name" =>$name,
                        "bank" =>$bank,
                        "p_account"=>$selected_methode,
                        "amount" =>$amount,
                        "acc_no" =>$_POST['acc_no'],
                        "ifsc"=>$_POST['ifsc'],
                        "holder_name"=>$_POST['holder_name'],
                        "status" =>"Pending"
                        );
                    
                        if($sqlfun->ins_data("withdrawal",$datas))
                            {
                                $row_Lo = $sqlfun->last_id();
                                $get_p_wallet_cnd1 = "p_id = '$p_id'";
                                $get_p_wallet_check1 = $sqlfun->fetchdata("player",$get_p_wallet_cnd1);
                                $row_get_p_wallet1 = $get_p_wallet_check1->fetch(PDO::FETCH_OBJ);
                                $p_wallet1 = $row_get_p_wallet1->wallet;
                                $p_winwallet1 = $row_get_p_wallet1->winwallet;
                                $new_wallet1 = ceil($p_wallet1 - $amount);
                                $new_winwallet1 = ceil($p_winwallet1 - $amount);
                                 $update_player_wallet_amount1 = array("wallet"=>$new_wallet1,"winwallet"=>$new_winwallet1);
                                 
                                 
                                    if($sqlfun->updated("player",$update_player_wallet_amount1,$get_p_wallet_cnd1))
                                        {
                                            $ins_app_wallet_history = array("date"=>date("Y-m-d"),"row_id"=>$row_Lo,"type"=>"Withdrawal","user_id"=>$p_id,"amount"=>$amount,"history_datetime"=>date("Y-m-d H:i:s"),"left_balance"=>$new_wallet1);
                                            if($sqlfun->ins_data("wallet_history",$ins_app_wallet_history))
                                            {
                                                $data = array("res"=>"success","msg" =>"request has been submitted successfully","data"=>$update_player_wallet_amount1); 
                                            }
                                        }
                                
                            }
                            else
                            {
                                $data = array("res"=>"failure","msg" =>"Something went wrong","data"=>new stdClass()); 
                            }
                        }
                        else
                        {
                            $data = array("res"=>"failure","msg" =>"Invalid cred","data"=>new stdClass()); 
                        }
                            echo json_encode($data);
                }

        ?>
© 2026 GrazzMean