shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : process.php
<?php
spl_autoload_register(function($class) {
   include("classess/".$class.".php");
});

$sqlfun = new sqlfunction();
$admin = new admin_login();

$admin->security_check();

$cur_date = date('Y-m-d');
//approve recharge request
    if(isset($_POST['row_id']) && isset($_POST['status']) && isset($_POST['amount']) && isset($_POST['player_id']))
    {
        $row_id = $_POST['row_id'];
        $status = $_POST['status'];
        $amount = $_POST['amount'];
        $jojo_amount = $amount;
        $player_id = $_POST['player_id'];
        $app_cnd = "r_id = '$row_id'";
        //fetch data row
        $check_add_money = $sqlfun->query("select * from add_money_request where r_id = '$row_id'");
        $row_add_money = $check_add_money->fetch(PDO::FETCH_OBJ);
        $bonus = $row_add_money->bonus;
        if($bonus != NULL)
        {
            $amount = $bonus + $amount;
        }
        
        $update_app_status = array("status"=>"Approved");
        if($sqlfun->updated("add_money_request",$update_app_status,$app_cnd))
            {   
                //get wallet money of player
                $get_p_wallet_cnd = "p_id = '$player_id'";
                $get_p_wallet_check = $sqlfun->fetchdata("player",$get_p_wallet_cnd);
                $row_get_p_wallet = $get_p_wallet_check->fetch(PDO::FETCH_OBJ);
                $p_wallet = $row_get_p_wallet->wallet;
                $new_wallet = ceil($p_wallet + $amount);
                //update player_wallet
                $update_player_wallet_amount = array("wallet"=>$new_wallet);
                if($sqlfun->updated("player",$update_player_wallet_amount,$get_p_wallet_cnd))
                    {
                        $ins_app_wallet_history = array("date"=>$cur_date,"row_id"=>$row_id,"type"=>"Recharge","user_id"=>$player_id,"amount"=>$jojo_amount);
                        if($bonus != NULL)
                        {
                            $ins_app_wallet_history['bonus']= $bonus;
                        }
                        
                        $ins_app_wallet_history['left_balance']= $new_wallet;
                        if($sqlfun->ins_data("wallet_history",$ins_app_wallet_history))
                        {
                            echo "1";
                        }
                    }
                
            }
    }
    

    //reject reccharge request
       if(isset($_POST['row_idi']) && isset($_POST['statuss']) && isset($_POST['amounti']) && isset($_POST['player_idi']))
       {
            $row_idi = $_POST['row_idi'];
            $statuss = $_POST['statuss'];
            $amounti = $_POST['amounti'];
            $player_idi = $_POST['player_idi'];
            $rej_cnd = "r_id = '$row_idi'"; 
            if($statuss == "Pending")
                {
                    $update_rej_status = array("status"=>"Rejected");
                    if($sqlfun->updated("add_money_request",$update_rej_status,$rej_cnd))
                        {
                            echo "1";
                        }
                }
                else if($statuss == "Approved")
                {
                    //update reject status
                    $update_rej_status = array("status"=>"Rejected"); 
                    if($sqlfun->updated("add_money_request",$update_rej_status,$rej_cnd))
                        {
                            //delete add_money_wallet_history_of_this_row_id
                            $rej_del_cnd = "r_id = '$row_idi'";
                            $check_bonus = $sqlfun->fetchdata("add_money_request",$rej_del_cnd);
                            // {
                                $row_bonus = $check_bonus->fetch(PDO::FETCH_OBJ);
                                $bonus = $row_bonus->bonus;
                                if($bonus != NULL)
                                {
                                  $amounti  = $bonus + $amounti;
                                }
                                //get wallet money of player
                                $get_p_wallet_cnd1 = "p_id = '$player_idi'";
                                $get_p_wallet_check1 = $sqlfun->fetchdata("player",$get_p_wallet_cnd1);
                                $row_get_p_wallet1 = $get_p_wallet_check1->fetch(PDO::FETCH_OBJ);
                                $p_wallet1 = $row_get_p_wallet1->wallet;
                                $new_wallet1 = ceil($p_wallet1 - $amounti);
                                 //update player_wallet
                                    $update_player_wallet_amount1 = array("wallet"=>$new_wallet1);
                                    if($sqlfun->updated("player",$update_player_wallet_amount1,$get_p_wallet_cnd1))
                                        {
                                            
                                            $ins_app_wallet_historyd = array("date"=>$cur_date,"row_id"=>$row_idi,"type"=>"Reject Recharge","user_id"=>$player_idi,"amount"=>$amounti,"left_balance"=>$new_wallet1);
                                            if($sqlfun->ins_data("wallet_history",$ins_app_wallet_historyd))
                                            {
                                                echo "1";
                                            }
                                            
                                            
                                                // echo "1";
                                        }
                            // }
                        }
                }
            
       }
       
       
        if(isset($_POST['del_row_id']) && isset($_POST['del_amount']) && isset($_POST['del_player_id']))
       {
           $del_row_id = $_POST['del_row_id'];
           $del_amount = $_POST['del_amount'];
           $del_player_id = $_POST['del_player_id'];
           $cnd6867 = "id = '$del_row_id'";
           if($sqlfun->del_data("manage_game_id",$cnd6867))
           {
                $cndus = "p_id = '$del_player_id'";
                $checkus = $sqlfun->fetchdata("player",$cndus);
                $rowus = $checkus->fetch(PDO::FETCH_OBJ);
                $wallet = $rowus->wallet;
                //$winwallet = $rowus->winwallet;
                $final_wallet = $wallet + $del_amount;
                // $finalwin_wallet = $winwallet - $winning_amnt;
                $update_user_wallet = array("wallet"=>$final_wallet);
               if($sqlfun->updated("player",$update_user_wallet,$cndus))
               {
                   
               }
           }
       }
?>
© 2026 GrazzMean