shell bypass 403

GrazzMean Shell

: /home/gutlooks/public_html/myphonepe/ [ drwxr-xr-x ]
Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : callback.php
<?php
    //  function __autoload($class)
    //     {
    //         include("../zebra_cross/admin_login/classess/".$class.".php");
    //     }
        
        spl_autoload_register(function($class) {
    include("../zebra_cross/admin_login/classess/".$class.".php");
});

        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        date_default_timezone_set("Asia/kolkata");
        
        
        if($_SERVER['REQUEST_METHOD'] == 'POST') 
         {
                 $json = file_get_contents('php://input');
                  $datta = array("gateway"=>"razorpay","result"=>$json,"method"=>$_SERVER['REQUEST_METHOD']);
    $sqlfun->ins_data("cashfree_status",$datta);
                 $response = json_decode($json, true);
                 $value = $response['response'];
                 $json_format = base64_decode($value);
                 $ab = json_decode($json_format);
                 $t_id =  $ab->data->merchantTransactionId;
                  if($ab->code == 'PAYMENT_SUCCESS') {
                    //////
                            $parts = explode("S", $t_id);
                            // Extract the original values
                            $transaction_id = $parts[0]; // This is the Unix timestamp
                            $contactWithoutCode = $parts[1];       // This is the product ID or other identifier
                            $amount = $parts[2]/100;     // This is the amount
                            /////////////////////////////
                                    $check1 = $sqlfun->query("select * from player where p_mobile = '$contactWithoutCode'");
if($check1->rowCount() > 0){
$rows =$check1->fetch(PDO::FETCH_OBJ);
$p_id = $rows->p_id;
$p_f_name = $rows->p_f_name;
                            $checkss = $sqlfun->query("select * from add_money_request where transaction_id = '$transaction_id'");

    if($checkss->rowCount() == 0)
    {
    
        $data = [
                    'transaction_id' => $transaction_id,
                    'amount' => $amount,
                    'name' => $p_f_name,
                    'mobile' => $contactWithoutCode,
                    'p_id' => $p_id
                ];
                
                // URL to hit
                $url = "https://gutlooks.com/payu/ad_m.php"; // Replace with your target URL
                
                // Initialize cURL session
                $ch = curl_init();
                
                // Configure cURL options
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_POST, true); // Use POST method
                curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); // Attach data
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
                curl_setopt($ch, CURLOPT_HTTPHEADER, [
                    'Content-Type: application/x-www-form-urlencoded' // Specify content type
                ]);
                
                // Execute cURL request
                $response = curl_exec($ch);
    }
                            
                                // $check_message = $sqlfun->query("select bonus_minimum_amnt,bonus_setting,bonus_percentage,intent_setting from message");
                                // $row_message = $check_message->fetch(PDO::FETCH_OBJ);
                                // $bonus_setting = $row_message->bonus_setting;
                                // $bonus_percentage = $row_message->bonus_percentage;
                                // $intent_setting = $row_message->intent_setting;
                                // $bonus_minimum_amnt = $row_message->bonus_minimum_amnt;
                                // $check_ppp = $sqlfun->query("select p_f_name,p_mobile from player");
                                // $row_ppp = $check_ppp->fetch(PDO::FETCH_OBJ);
                                // $p_f_name = $row_ppp->p_f_name;
                                // $p_p_mobile = $row_ppp->p_mobile;
                                
                                //          $datas = array(
                                //             "date" =>date("Y-m-d"),
                                //             "player_id" =>$p_id,
                                //             "p_name" =>$p_f_name,
                                //             "p_mobile" =>$p_p_mobile,
                                //             "amount" =>$amount,
                                //             "time" =>date("H:i"),
                                //             "transaction_id" =>$transaction_id,
                                //             //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                //             "status" =>"Approved",
                                //             );
                                            
                                        
                                            
                                //             if($bonus_minimum_amnt <= $amount){
                                //                 if($bonus_setting == "yes"){
                                //                     $bonus_amount = ceil($amount * $bonus_percentage/100);
                                //                     $datas['bonus'] = $bonus_amount;
                                                    
                                //                 }
                                //             }
                                            
                                            
                                            
                                //             if($sqlfun->ins_data("add_money_request",$datas))
                                //                 {
                                //                     $add_last_id = $sqlfun->last_id();
                                //                     //fetch wallet
                                //                     $checkk_player = $sqlfun->query("select * from player where p_id = '$p_id'");
                                //                     $roww_player = $checkk_player->fetch(PDO::FETCH_OBJ);
                                //                     $wallet= $roww_player->wallet;
                                //                       if($bonus_setting == "yes"){
                                //                             $final_wallet = $bonus_amount + $amount + $wallet; 
                                //                       }
                                //                       else
                                //                       {
                                //                           $final_wallet = $amount + $wallet;
                                //                       }
                                //                     //
                                                    
                                //                     $cnd_p_up = $checkk_player = $sqlfun->query("update player set wallet = '$final_wallet' where p_id = '$p_id'");
                                                    
                                //                     $wallet_data = array(
                                //                             "date" =>date("Y-m-d"),
                                //                             "row_id"=>$add_last_id,
                                //                             "type"=>"Recharge",
                                //                             "user_id"=>$p_id,
                                //                             "amount"=>$amount,
                                //                             "left_balance"=>$final_wallet,
                                //                         );
                                                        
                                //                           if($bonus_setting == "yes"){
                                //                              $wallet_data['bonus'] = $bonus_amount; 
                                //                           }
                                //                     $sqlfun->ins_data("wallet_history",$wallet_data);
                                                    
                                //                     //$data = array("res"=>"success","msg" =>"request has been submitted successfully"); 
                                //                 }
                                                  
                                    
                            
                            /////////////////////////////
                            
                 
                   }
                 
                  
                  }        
              
        }
        
        ?>
© 2026 GrazzMean