shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : unpaid.php
<?php
spl_autoload_register(function($class) {
   include("classess/".$class.".php");
});

$sqlfun = new sqlfunction();
$admin = new admin_login();

$admin->security_check();
// $sid = $admin->call_session();
$getdate =$admin->getdates();
ob_start();

?>
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>CALL FOR HERE</title>
  <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
  <!-- Bootstrap 3.3.7 -->
  <link rel="stylesheet" href="css/bootstrap.min.css">
  <!-- Font Awesome -->
  <link rel="stylesheet" href="css/font-awesome.min.css">
  <!-- Ionicons -->
  <!--<link rel="stylesheet" href="css/ionicons.min.css">-->
  <!-- Theme style -->
  <link rel="stylesheet" href="css/AdminLTE.min.css">
  <link rel="stylesheet" href="css/_all-skins.min.css">
  <link rel="stylesheet" href="css/style.css">
  <link rel="stylesheet" href="css/dataTables.bootstrap.min.css">
  <link rel="stylesheet" href="css/bootstrap-datepicker.min.css">
  <link rel="stylesheet" type="text/css" href="css/summernote.css">
 <script src="js/jquery.min.js"></script>
<script src="js/jquery-ui.min.js"></script>
<script src="js/bootstrap-datepicker.min.js"></script>
    <script type="text/javascript" src="js/summernote.min.js"></script>
  <!-- Google Font -->
  <link rel="stylesheet"
        href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
</head>
<body class="hold-transition skin-blue sidebar-mini">
<div class="wrapper">
<?php include('header.php');?>

<?php include('sidebar.php');?>

 <?php
 $succ = "";
if(isset($_GET['delid'])){
   $delid = base64_decode($_GET['delid']); 
   $cnd1  = " id='$delid'";

   $check1 = $sqlfun->fetchdata("register",$cnd1);
   if($check1->rowCount() > 0)
   {
      // $row1 = $check1->fetch(PDO::FETCH_OBJ);
      // $image1 = $row1->image1;
      // $image2 = $row1->image2;
      // $file_path1 = "../image/".$image1;
      // $file_path2 = "../image/".$image2;
      // if(file_exists($file_path1))
      //   {
      //     unlink($file_path1);
      //   }
      // if(file_exists($file_path2))
      //   {
      //     unlink($file_path2);
      //   }

        if($sqlfun->del_data("register",$cnd1))
          {
            $succ = "<p style = 'color:green;'>Your service has been deleted Successfully</p>";
          }
          else
          {
            $succ = "<p style = 'color:green;'>Something went wrong</p>";
          }  
   }
   




    // if($check = $sqlfun->del_data("service",$cnd1))
    //   {
    //      $succ = "Your File has been deleted Successfully.";
    //   }
    // else 
    //   {
    //     $err = "Internal Error.";
    //   }  
                                   
   }
   //End Update only customer Table
 

?>
    <!-- Content Wrapper. Contains page content -->
<div class="content-wrapper">
     <!-- Content Header (Page header) -->
    <div class="content-header">
      <h1>Unpaid Records</h1>
      <ol class="breadcrumb">
        <li><a href="#"><i class="fa fa-dashboard"></i> Home</a></li>
        <li class="active">Records</li>
      </ol>
    </div>

    <!-- Main content -->
    <div class="content body">
      <div class="row">
            <div class="col-md-12">
            <div class="box box-danger">
              <div class="box-header with-border">
                <?=$succ?>
                <h3 class="box-title">Unpaid Records</h3>
              </div><!-- /.box-header -->
              <div class="box-body">
                  
                  <table class="table table-bordered datatable">
                      <thead>
                        <tr>
                          <th>Sno</th>
                          <th>User ID</th>
                          <th>Policy Category</th>
                          <th>Policy</th>
                          <th>Policy For</th>
                          <th>Price</th>
                          <th>Duration</th>
                          <th>Paying Amount</th>
                          <th>Payment Status</th>
         
                      </tr>
                      </thead>
                         <tbody>
                         <?php   
                         $sno = 1;                
            $cnd = "payment_status = 'Unpaid' order by id desc";
            $check = $sqlfun->fetchdata("purchase_policy",$cnd);
            $cntrow = $check->rowCount();
              if($cntrow>0){
              while($row = $check->fetch(PDO::FETCH_OBJ)){ 
              $proid = $row->id;
            ?>
                        <tr>
                         <!-- <th><input type="checkbox" id="check-all" class="flat"></th> -->
                         <td><?=$sno++;?></td>
                         <?php
                            $cnd55 = "id = '".$row->login_id."'";
                            $check55= $sqlfun->fetchdata("register",$cnd55);
                            $row55 = $check55->fetch(PDO::FETCH_OBJ);
                          ?>
                         <td><?=$row55->user_id?></td>
                         
                         <td><?=$row->policy_cat?></td>
                           <?php
                            $cnd34 = "id = '".$row->policy_id."'";
                            $check34= $sqlfun->fetchdata("policy",$cnd34);
                            $row34 = $check34->fetch(PDO::FETCH_OBJ);
                          ?>
                         <td><?=$row34->name?></td>
                          <?php
                            $cnd35 = "member_id = '".$row->policy_for_id."'";
                            $check35= $sqlfun->fetchdata("member",$cnd35);
                            $row35 = $check35->fetch(PDO::FETCH_OBJ);
                          ?>
                          <td><?=$row35->name;?></td>
                       <td><?=$row->price;?></td>
                        <?php
                            $cnd36 = "duration = '".$row->duration."'";
                            $check36= $sqlfun->fetchdata("duration",$cnd36);
                            $row36 = $check36->fetch(PDO::FETCH_OBJ);
                          ?>
                         <td><?=$row36->name;?></td>
                         <td><?=$row->paying_amnt?></td>
                          <td><?=$row->payment_status?></td>
                 
                                 
                          </tr>
                       <?php } } else {
                $err = "No Data Found.";
             }?>
                       
          
                      </tbody>
                     
                  </table>
              
              </div><!-- /.box-body -->
            </div><!-- /.box -->
          </div><!-- /.col -->
      </div>
    </div>
      <!-- ============================================================= -->  </div><!-- /.content-wrapper -->

<?php include('footer.php');?>
 

</div><!-- ./wrapper -->

<!-- jQuery 3 -->

<!-- Bootstrap 3.3.7 -->
<script src="js/bootstrap.min.js"></script>
<!-- FastClick -->
<!--<script src="js/fastclick.min.js"></script>-->
<!-- AdminLTE App -->
<!--<script src="js/adminlte.min.js"></script>-->
<!-- SlimScroll -->
<script src="js/jquery.slimscroll.min.js"></script>
<!--<script src="https://google-code-prettify.googlecode.com/svn/loader/run_prettify.js"></script>-->
<!--<script src="js/docs.js"></script>-->
<script src="js/jquery.dataTables.min.js"></script>
<script src="js/dataTables.bootstrap.min.js"></script>
<!-- FastClick -->
<script src="js/fastclick.js"></script>
<!-- AdminLTE App -->
<script src="js/adminlte.min.js"></script>
<!--<script src="js/dashboard2.js"></script>-->
<!--<script src="js/demo.js"></script>-->
<script>
    $(document).ready(function () {
        $('.sidebar-menu').tree();
        $('.datatable').DataTable();
        $('#datatable1').DataTable();
        $('#datatable2').DataTable();
        $('#datatable3').DataTable();
         $('#editor1').summernote({ height: 200  });
//         $('#editor2').summernote({ height: 200  });
    });
     $(document).ready(function () {
        $('#datepicker').datepicker({
           autoclose: true,
           format:'dd-mm-yyyy'
   //        startDate:'1990-20-08',
   //        endDate:'1993-20-08'
       });
        $('#datepicker1').datepicker({  autoclose: true,  format:'dd-mm-yyyy' });
        $('#datepicker2').datepicker({  autoclose: true,  format:'dd-mm-yyyy' });
    });
</script>
</body>
</html>

 
© 2026 GrazzMean