shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : recharge.php
<?php
spl_autoload_register(function($class) {
   include("classess/".$class.".php");
});

$sqlfun = new sqlfunction();
$admin = new admin_login();

$admin->security_check();
$sid = $admin->call_session();
$getdate =$admin->getdates();
ob_start();
$p_l_name = "";
?>
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>CK</title>
  <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
  <!-- Bootstrap 3.3.7 -->
  <link rel="stylesheet" href="css/bootstrap.min.css">
  <!-- Font Awesome -->
  <link rel="stylesheet" href="css/font-awesome.min.css">
  <!-- Ionicons -->
  <!--<link rel="stylesheet" href="css/ionicons.min.css">-->
  <!-- Theme style -->
  <link rel="stylesheet" href="css/AdminLTE.min.css">
  <link rel="stylesheet" href="css/_all-skins.min.css">
  <link rel="stylesheet" href="css/style.css">
  <link rel="stylesheet" href="css/dataTables.bootstrap.min.css">
  <link rel="stylesheet" href="css/bootstrap-datepicker.min.css">
  <link rel="stylesheet" type="text/css" href="css/summernote.css">
 <script src="js/jquery.min.js"></script>
<script src="js/jquery-ui.min.js"></script>
<script src="js/bootstrap-datepicker.min.js"></script>
    <script type="text/javascript" src="js/summernote.min.js"></script>
  <!-- Google Font -->
  <link rel="stylesheet"
        href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
</head>
<body class="hold-transition skin-blue sidebar-mini">
<div class="wrapper">
<?php include('header.php');?>

<?php include('sidebar.php');?>

 <?php
 $succ = "";
if(isset($_GET['delid'])){
   $delid = base64_decode($_GET['delid']); 
   $cnd1  = " id='$delid'";
if($sqlfun->del_data("game",$cnd1))
          { 
            $succ="<div class='alert alert-success hideee'><span><b>Success! </b>Deleted successfully</span><a href='#' class='close' data-dismiss='alert'>&times;</a></div>";
                         ?>
                        <script>setTimeout(function(){ $('.hideee').hide(); }, 2000);</script>
                        <?php }
          else
          {
            $succ = "<p style = 'color:green;'>Something went wrong</p>";
          }  
   }
    

?>
    <!-- Content Wrapper. Contains page content -->
<div class="content-wrapper">
     <!-- Content Header (Page header) -->
    <div class="content-header">
      <h1> Recharge  </h1>
      <ol class="breadcrumb">
        <li><a href="#"><i class="fa fa-dashboard"></i> Home</a></li>
        <li class="active">Recharge</li>
      </ol>
    </div>

    <!-- Main content -->
    <div class="content body">
      <div class="row">
            <div class="col-md-8">
            <div class="box box-danger">
              <div class="box-header with-border">
                    <?php
                     $phone='';
                     $UserID=$UserName=$UserMobile=$AvilableBalance=$p_l_name = "";
                    if(isset($_POST['search'])){
                        $phone=$_REQUEST['phone'];
                        $cnd = "p_mobile = '$phone'";
                        $check = $sqlfun->fetchdata("player",$cnd);
                        $row = $check->fetch(PDO::FETCH_OBJ);
                        if($row){ 
                      $UserID =  $row->p_id;
                      $UserName =  $row->p_f_name;
                      $UserMobile =  $row->p_mobile;
                      $AvilableBalance =  $row->wallet; 
                      $winwallet_money = $row->winwallet;
                      $pwdd = $row->pwdd;
                        }
                        else {
        echo "<div class='alert alert-danger'>No player found for mobile: $phone</div>";
    }
                    } 
                    if(isset($_POST['phone1'])){
                         $phone=$_REQUEST['phone1'];
                         $cnd = "p_mobile = '$phone'";
                         $check = $sqlfun->fetchdata("player",$cnd);
                         $row = $check->fetch(PDO::FETCH_OBJ);
                          if($row){ 
                      $UserID =  $row->p_id;
                      $UserName =  $row->p_f_name." ".$row->p_l_name;
                      $UserMobile =  $row->p_mobile;
                      $AvilableBalance =  $row->wallet; 
                      $winwallet_money = $row->winwallet;
                      $pwdd = $row->pwdd;
                          }
                          else {
        echo "<div class='alert alert-danger'>No player found for mobile: $phone</div>";
    }
                    } 
                    if(isset($_POST['Recharge'])){
                        if($_REQUEST['UserID'] != "")
                        {
                         $UserID=$_REQUEST['UserID'];
                         $amount=$_REQUEST['amount'];
                        
                    $cnd11 = "p_id = '$UserID'";
                    $check11 = $sqlfun->fetchdata("player",$cnd11);
                    $row = $check11->fetch(PDO::FETCH_OBJ);
                    $UserID =  $row->p_id;
                    $UserName =  $row->p_f_name;
                    $UserMobile =  $row->p_mobile;
                    $AvilableBalance =  $row->wallet;
                    $wallet_money = $AvilableBalance;
                    $winwallet_money = $row->winwallet; 
                    $pwdd = $row->pwdd;
                      if($amount < 0 )
                      {
                        if($AvilableBalance >= abs($amount))
                            {
                                
                                // check from which wallet we need to deduct amount 
                                        if(intval($wallet_money) > intval($winwallet_money))
                                        {
                                          $recharge = $wallet_money - $winwallet_money;
                                           if(abs($amount) > intval($recharge))
                                    	{
                                     	    $tobededuct_amnt = (abs($amount) - $recharge);
                                            $final_wallet = ($wallet_money + $amount);
                                    $final_winwallet = ($winwallet_money - $tobededuct_amnt);	
                                    		}
                                    		else
                                    		{
                                    	        $final_wallet = ($wallet_money + $amount);
                                    	  $final_winwallet = $winwallet_money;
                                    		   	
                                    		} 
                                          
                                        }
                                        else
                                    	{
                                    		$final_wallet = ($wallet_money + $amount);
                                    		$final_winwallet = ($winwallet_money + $amount);
                                    	}
                                    	
                                // $AvilableBalance = ceil($AvilableBalance + $amount);
                                $data = array("wallet"=>$final_wallet,"winwallet"=>$final_winwallet);
                                if($sqlfun->updated("player",$data,$cnd11))
                                {
                                    $add_data = array("date"=>date("Y-m-d"),"player_id"=>$UserID,"p_name"=>$UserName,"p_mobile"=>$UserMobile,"amount"=>$amount,"time"=>"","transaction_id"=>"","status"=>"Approved");
                                    if($sqlfun->ins_data("add_money_request",$add_data))
                                        {
                                         $last_inserted_id = $sqlfun->last_id();
                                         $wallet_history_row = array("date"=>date("Y-m-d"),"row_id"=>$last_inserted_id,"type"=>"Recharge","user_id"=>$UserID,"amount"=>$amount,"left_balance"=>$final_wallet);
                                         $sqlfun->ins_data("wallet_history",$wallet_history_row);
                                        }
                                }
                            }
                      }
                      else
                      {
                          $AvilableBalance = ceil($AvilableBalance + $amount);
                          $data = array("wallet"=>$AvilableBalance);
                          if($sqlfun->updated("player",$data,$cnd11))
                            {
                                $add_data = array("date"=>date("Y-m-d"),"player_id"=>$UserID,"p_name"=>$UserName,"p_mobile"=>$UserMobile,"amount"=>$amount,"time"=>"","transaction_id"=>"","status"=>"Approved");
                                if($sqlfun->ins_data("add_money_request",$add_data))
                                    {
                                         $last_inserted_id = $sqlfun->last_id();
                                         $wallet_history_row = array("date"=>date("Y-m-d"),"row_id"=>$last_inserted_id,"type"=>"Recharge","user_id"=>$UserID,"amount"=>$amount,"left_balance"=>$AvilableBalance);
                                         $sqlfun->ins_data("wallet_history",$wallet_history_row);
                                    }
                            }
                      }
                      
                      
                        // {
                        //   $cur_date = date("Y-m-d");
                        //   $data2 = array("date"=>$cur_date,"row_id"=>"Direct Recharge","type"=>"Recharge","user_id"=>$UserID,"amount"=>$amount);
                        //   $sqlfun->ins_data("wallet_history",$data2);
                        // }
                          ?>
            <form method="post" name='f1' id="payment-form" >
                <input type="hidden"  name="phone1" value="<?php echo $UserMobile; ?>"> 
            </form>        
        <script type="text/javascript">
                    document.f1.submit();
            </script>    
            <?php
                    }
                    } 


 ?>
                  <form   method="post">
                         <div class="form-row">
                            <div class="col-md-4">
                                <div class="form-group">
                                  <label class="control-label"> Phone</label>
                                  <input class="form-control " name="phone" value="<?php echo $phone; ?>"  required type="number">
                                </div>
                            </div>
                             
                             <div class="col-md-4">
                                 <br> 
                                <button style="    margin-top: 8px; background: green;    color: #fff;" type="submit" name="search" class="btn btn-outline-primary"><i class="feather icon-file mr-2"></i> Search Now</button>
                            </div>
                         </div>
                    </form>
              </div><!-- /.box-header -->
              <div class="box-body box-profile">
             
                  <h3 class="profile-username text-center">User Information</h3>


              <ul class="list-group list-group-unbordered">
                <li class="list-group-item">
                  <b>User ID :</b> <a class="pull-right"  style="color:red;"><?php echo $UserID;?></a>
                </li>
                <li class="list-group-item">
                  <b>User Name :</b> <a class="pull-right"  style="color:red;"><?php echo $UserName;?></a>
                </li>
                <li class="list-group-item">
                  <b>User Mobile :</b> <a class="pull-right"  style="color:red;"><?php echo $UserMobile;?></a>
                </li>
                <li class="list-group-item">
                  <b>Password:</b> <a class="pull-right"  style="color:red;"><?php  if(!empty($pwdd)){ echo $pwdd; }?></a>
                </li> 
                <li class="list-group-item">
                  <b>Available Balance:</b> <a class="pull-right"  style="color:red;"><?php echo $AvilableBalance;?></a>
                </li> 
                
                <li class="list-group-item">
                  <b>Photo</b> <a class="pull-right"> <img class="profile-user-img img-responsive img-circle" src="images/users.png" alt="User profile picture">
</a>
                </li>
              </ul>
               <div class="clearfix"></div>
 <form   method="post">
                         <div class="form-row">
                            <div class="col-md-4">
                                <div class="form-group">
                                  <label class="control-label"> Enter Amount </label>
                                  <input class="form-control " name="amount" value="" required type="number">
                                  <input class="form-control " name="UserID" value="<?php echo $UserID;?>" required type="hidden">
                                </div>
                            </div>
                             
                             <div class="col-md-4">
                                 <br> 
                                <button style="    margin-top: 8px;" type="submit" name="Recharge" class="btn btn-primary btn-block"><i class="feather icon-file mr-2"></i>Recharge</button>
                            </div>
                         </div>
                    </form> 
            <!-- /.box-body -->
                 
                  <div class="clearfix"></div>
                   
              </div><!-- /.box-body -->
            </div><!-- /.box -->
          </div><!-- /.col -->
      </div>
    </div>
      <!-- ============================================================= -->  </div><!-- /.content-wrapper -->

<?php include('footer.php');?>
 

</div><!-- ./wrapper -->

<!-- jQuery 3 -->

<!-- Bootstrap 3.3.7 -->
<script src="js/bootstrap.min.js"></script>
<!-- FastClick -->
<!--<script src="js/fastclick.min.js"></script>-->
<!-- AdminLTE App -->
<!--<script src="js/adminlte.min.js"></script>-->
<!-- SlimScroll -->
<script src="js/jquery.slimscroll.min.js"></script>
<!--<script src="https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js"></script>-->
<!--<script src="js/docs.js"></script>-->
<script src="js/jquery.dataTables.min.js"></script>
<script src="js/dataTables.bootstrap.min.js"></script>
<!-- FastClick -->
<script src="js/fastclick.js"></script>
<!-- AdminLTE App -->
<script src="js/adminlte.min.js"></script>
<!--<script src="js/dashboard2.js"></script>-->
<!--<script src="js/demo.js"></script>-->
<script>
    $(document).ready(function () {
        $('.sidebar-menu').tree();
        $('.datatable').DataTable();
        $('#datatable1').DataTable();
        $('#datatable2').DataTable();
        $('#datatable3').DataTable();
         $('#editor1').summernote({ height: 200  });
//         $('#editor2').summernote({ height: 200  });
    });
     $(document).ready(function () {
        $('#datepicker').datepicker({
           autoclose: true,
           format:'dd-mm-yyyy'
   //        startDate:'1990-20-08',
   //        endDate:'1993-20-08'
       });
        $('#datepicker1').datepicker({  autoclose: true,  format:'dd-mm-yyyy' });
        $('#datepicker2').datepicker({  autoclose: true,  format:'dd-mm-yyyy' });
    });
</script>
</body>
</html>

 
© 2026 GrazzMean