shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : pl_game_old.php
<?php
//function autoload
       spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();

         date_default_timezone_set('Asia/Kolkata');
         $open_time = date("H:i:s");
         $cur_date = date("Y-m-d");
        //  $t_amnt = 0;
                            $json=file_get_contents("php://input");
                            $obj=json_decode($_POST['data']);
                             
                            $game_ids = $obj[0]->game_id;
                            
                            $check_game = $sqlfun->query("select open_timestamp,close_timestamp from game where g_id = '$game_ids'");
                            $row_game = $check_game->fetch(PDO::FETCH_OBJ);
                            $open_timestamp = $row_game->open_timestamp;
                            $close_timestamp = $row_game->close_timestamp;
                            $current_datetime = date("Y-m-d H:i:s");
                            $current_datetimestamp = strtotime($current_datetime);
                            
                            if($open_timestamp <= $current_datetimestamp && $close_timestamp >= $current_datetimestamp){
                            $p_mobile = $obj[0]->mobile;
                            
                            $check_mob = $sqlfun->query("select p_id from player where p_mobile = '$p_mobile'");
                            $row_mob = $check_mob->fetch(PDO::FETCH_OBJ);
                            $user_id = $row_mob->p_id;
                            
                             if($obj[0]->amount > 0){
                             
                                 foreach($obj as $data)
                                 {
                                     
                                    //  if($data->number == "100")
                                    //     {
                                    //         $number = "00";
                                    //     }
                                    //     else
                                    //     {
                                    //         $number = $data->number;
                                    //     }
                                    $number = $data->number;
                                    $t_amnt += $data->amount;
                                    $gameki_id = $data->game_id;
                                    //$user_id = $data->user_id;
                                    $amount = $data->amount;
                                    $game_data = array(
                                    "play_date"=>$data->date, 
                                    "game_id"=>$data->game_id,
                                    "refer_id"=>$data->refer_id,
                                    "user_id"=>$user_id, 
                                    "name"=>$data->user_name, 
                                    "number"=>$number,
                                    "amount"=>$data->amount,
                                    "result_status" =>"",
                                    "andar_haruf"=>$data->ah,
                                    "bahr_haruf"=>$data->bh,
                                    "subtype"=>$data->subtype,
                                    "winning_amnt"=>$data->win_amount,
                                    "status"=>"Pending",
                                    "play_datetime"=>date('Y-m-d H:i:s'),
                                    ); 
                                    
                                    if($sqlfun->ins_data("manage_game_id",$game_data))
                                        {
                                            $last_inserted_id = $sqlfun->last_id();
                                            // fetch wallet amount 
                                            $cnd = "p_id = '$user_id'";
                                            $check = $sqlfun->query("select wallet,winwallet from player where p_id = '$user_id'");
                                            $row = $check->fetch(PDO::FETCH_OBJ);
                                            $wallet_money = $row->wallet;
                                            $winwallet_money = $row->winwallet; 
                                            // check from which wallet we need to deduct amount 
                                            if(intval($wallet_money) > intval($winwallet_money))
                                            {
                                              $recharge = $wallet_money - $winwallet_money;
                                               if(intval($amount) > intval($recharge))
                                        	{
                                         	    $tobededuct_amnt = ($amount - $recharge);
                                                $final_wallet = ($wallet_money - $amount);
                                                $final_winwallet = ($winwallet_money - $tobededuct_amnt);	
                                        		}
                                        		else
                                        		{
                                        	        $final_wallet = ($wallet_money - $amount);
                                        	  $final_winwallet = $winwallet_money;
                                        		   	
                                        		} 
                                              
                                            }
                                            else
                                        	{
                                        		$final_wallet = ($wallet_money - $amount);
                                        		$final_winwallet = ($winwallet_money - $amount);
                                        	}
                                            
                                            //update left wallet amount
                                            $update_amnt = array("wallet"=>$final_wallet,"winwallet"=>$final_winwallet);
                                            $sqlfun->updated("player",$update_amnt,$cnd);
                                                
                                             
                                        }else{
                                            echo  json_encode(array("result" =>"failure","msg"=>"bid not placed"));
                                        }

                                 }
                                 
                             }
                             
                             if($t_amnt > "0"){
                                $history_data = array("date" =>date('Y-m-d'),"row_id"=>"","type"=>"Play Game","user_id"=>$user_id,"game_id"=>$gameki_id,"amount"=>$t_amnt,"history_datetime"=>date("Y-m-d H:i:s"),"left_balance"=>$final_wallet);
                                if($sqlfun->ins_data("wallet_history",$history_data)){
                                    echo  json_encode(array("result" =>"success","msg"=>"sucessfully added"));
                                }else{
                                    echo  json_encode(array("result" =>"failure","msg"=>"history not created"));
                                }
                             }
                             else
                             {
                                 echo  json_encode(array("result" =>"success","msg"=>"Invalid bid"));
                             }
                             
                            }
                            else
                            {
                                echo  json_encode(array("result" =>"failure","msg"=>"Timeout"));   
                            }
                          
                
        ?>
© 2026 GrazzMean