shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : Ccavenue.php
<?php 
defined('BASEPATH') OR exit('No direct script access allowed');
class CCavenue extends CI_Controller{
     public $CI = NULL;
    //phonepe
    public function __construct()
    {
        parent::__construct();
        $this->load->model("Curd");
        $this->load->library('cart');
        $this->load->database();
        $this->load->helper('array');
        $this->CI = & get_instance(); 
    }
    function index(){
    }
//     public function pay(){
        
//     $data['main_cat'] = $this->Curd->fetch_where_order("tb_main_category",array("*"),array("status"=>1),"ASC");
//      //print_r($_POST);die;
//      $amount = $this->input->post('amount');
//       $order_id = $this->input->post('txnid');
//       $mobile = $this->input->post('mobile');
//       $apikey= "ab0b1ce5-bd3f-490a-bfc1-35a36e42e10a";
//      // Step 1: Create the JSON payload with a custom parameter
//     $payload = array(
//     "merchantId" => "M22D5LIYNKQMF",//Live mID - M22D5LIYNKQMF,
//     "merchantTransactionId" => $order_id,
//     "merchantUserId" => rand(),
//     "amount" =>  $amount*100,
//     "redirectUrl" => 'https://www.gutlooks.com/phonepe/redirect',
//     "redirectMode" => "POST",
//     "callbackUrl" => 'https://www.gutlooks.com/phonepe/callback',
//     "mobileNumber" => $mobile,
//     "paymentInstrument" => array(
//     "type" => "PAY_PAGE"
//     ),
//     // "customParam" => "hy" // Add your custom parameter here
// );

// // Step 2: Convert the JSON payload to Base64
// $jsonPayload = json_encode($payload);
//  $base64Payload = base64_encode($jsonPayload);
 
 
//  //
//  $salt_index = 1; //key index 1
// $payload1 = $base64Payload . "/pg/v1/pay" . $apikey;
// $sha256 = hash("sha256", $payload1);
// $final_x_header = $sha256 . '###' . $salt_index;
//  //

// // Step 3: Construct the final request payload
// $request = json_encode(array(
//     "request" => $base64Payload
// ));


// // MID: PHONEPETESTUAT
// // saltKey: 56c43115-7eda-40ce-a6e1-43339fbbf07c,
// // saltIndex: 1
// // https://api-preprod.phonepe.com/apis/pg-sandbox/pg/v1/pay
// // mgk-rjuf-ghx



// $curl = curl_init();
// curl_setopt_array($curl, [
//     CURLOPT_URL => "https://api.phonepe.com/apis/hermes/pg/v1/pay",  //prod host url
//     CURLOPT_RETURNTRANSFER => true,
//     CURLOPT_ENCODING => "",
//     CURLOPT_MAXREDIRS => 10,
//     CURLOPT_TIMEOUT => 30,
//     CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
//     CURLOPT_CUSTOMREQUEST => "POST",
//     CURLOPT_POSTFIELDS => $request,
//     CURLOPT_HTTPHEADER => [
//         "Content-Type: application/json",
//         "X-VERIFY: " . $final_x_header,
//         "accept: application/json"
//     ],
// ]);

//  $response = curl_exec($curl);
// $err = curl_error($curl);

// curl_close($curl);

// if ($err) {
//     echo "cURL Error #:" . $err;
// } else {
//     $res = json_decode($response);

//     if (isset($res->success) && $res->success == '1') {
//         $paymentCode = $res->code;
//         $paymentMsg = $res->message;
//         $payUrl = $res->data->instrumentResponse->redirectInfo->url;
//     }

//     	header("Location:$payUrl");
    
//      }
//     }
   
    public function ccavRequestHandler(){
        
         $this->load->view('ccavRequestHandler');
       
    }
    
    public function callback()
    {
        
        //$order_id = $this->input->post('txnid');            
         if($_SERVER['REQUEST_METHOD'] == 'POST') 
         {
                 $json = file_get_contents('php://input');
                 $response = json_decode($json, true);
                 $value = $response['response'];
                 $json_format = base64_decode($value);
                 $ab = json_decode($json_format);
                 $transaction_id = $response['data']['merchantTransactionId'];
                  if($ab['code'] == 'PAYMENT_SUCCESS') {
                    //////
                 $data = array('pay_status'=>'Paid','pay_transaction_id'=>$response['data']['transactionId'],'pay_logs'=>$value);
                 
                //  $this->db->where('order_no', $transaction_id); 
                //  $this->db->update('tb_order',$data);
                   }
                  else
                  {
                        $data = array('pay_status'=>'Failed','pay_transaction_id'=>$response['data']['transactionId'],'pay_logs'=>$value);
                         //$transaction_id = $response['data']['merchantTransactionId'];
                        
                  }
                   $this->db->where('order_no', $transaction_id); 
                         $this->db->update('tb_order',$data);
                 
              
        }
    }
}
?>
© 2026 GrazzMean