shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : Phonepe.php
<?php 
defined('BASEPATH') OR exit('No direct script access allowed');
class Phonepe extends CI_Controller{
     public $CI = NULL;
    //phonepe
    public function __construct()
    {
        parent::__construct();
        $this->load->model("Curd");
        $this->load->library('cart');
        $this->load->database();
        $this->load->helper('array');
        $this->CI = & get_instance(); 
    }
    function index(){
    }
    public function pay(){
        
    $data['main_cat'] = $this->Curd->fetch_where_order("tb_main_category",array("*"),array("status"=>1),"ASC");
     //print_r($_POST);die;
     $amount = $this->input->post('amount');
      $order_id = $this->input->post('txnid');
      $mobile = $this->input->post('mobile');
      $apikey= "ab0b1ce5-bd3f-490a-bfc1-35a36e42e10a";
     // Step 1: Create the JSON payload with a custom parameter
    $payload = array(
    "merchantId" => "M22D5LIYNKQMF",//Live mID - M22D5LIYNKQMF,
    "merchantTransactionId" => $order_id,
    "merchantUserId" => rand(),
    "amount" =>  $amount*100,
    "redirectUrl" => 'https://www.gutlooks.com/phonepe/redirect',
    "redirectMode" => "POST",
    "callbackUrl" => 'https://www.gutlooks.com/phonepe/callback',
    "mobileNumber" => $mobile,
    "paymentInstrument" => array(
    "type" => "PAY_PAGE"
    ),
    // "customParam" => "hy" // Add your custom parameter here
);

// Step 2: Convert the JSON payload to Base64
$jsonPayload = json_encode($payload);
 $base64Payload = base64_encode($jsonPayload);
 
 
 //
 $salt_index = 1; //key index 1
$payload1 = $base64Payload . "/pg/v1/pay" . $apikey;
$sha256 = hash("sha256", $payload1);
$final_x_header = $sha256 . '###' . $salt_index;
 //

// Step 3: Construct the final request payload
$request = json_encode(array(
    "request" => $base64Payload
));


// MID: PHONEPETESTUAT
// saltKey: 56c43115-7eda-40ce-a6e1-43339fbbf07c,
// saltIndex: 1
// https://api-preprod.phonepe.com/apis/pg-sandbox/pg/v1/pay
// mgk-rjuf-ghx



$curl = curl_init();
curl_setopt_array($curl, [
    CURLOPT_URL => "https://api.phonepe.com/apis/hermes/pg/v1/pay",  //prod host url
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_POSTFIELDS => $request,
    CURLOPT_HTTPHEADER => [
        "Content-Type: application/json",
        "X-VERIFY: " . $final_x_header,
        "accept: application/json"
        
    ],
]);

 $response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
    echo "cURL Error #:" . $err;
} else {
    $res = json_decode($response);

    if (isset($res->success) && $res->success == '1') {
        $paymentCode = $res->code;
        $paymentMsg = $res->message;
        $payUrl = $res->data->instrumentResponse->redirectInfo->url;
    }

    	header("Location:$payUrl");
    	
    
    
     }
    }
   
       public function redirect(){
        
         $data['code'] = $_POST['code'];
         $data['merchantId'] = $_POST['merchantOrderId'];
        if($data['code']=="PAYMENT_ERROR"){
           $this->load->view('home/payment_error', $data); 
        }
        else{
             $this->load->view('home/thank-you');
        }
       
    }
    
    public function callback()
    {
        
        //$order_id = $this->input->post('txnid');            
         if($_SERVER['REQUEST_METHOD'] == 'POST') 
         {
                 $json = file_get_contents('php://input');
                 $response = json_decode($json, true);
                 $value = $response['response'];
                 $json_format = base64_decode($value);
                 $ab = json_decode($json_format);
                 $transaction_id = $response['data']['merchantTransactionId'];
                  if($ab['code'] == 'PAYMENT_SUCCESS') {
                    //////
                 $data = array('pay_status'=>'Paid','pay_transaction_id'=>$response['data']['transactionId'],'pay_logs'=>$value);
                 
                //  $this->db->where('order_no', $transaction_id); 
                //  $this->db->update('tb_order',$data);
                   }
                  else
                  {
                        $data = array('pay_status'=>'Failed','pay_transaction_id'=>$response['data']['transactionId'],'pay_logs'=>$value);
                         //$transaction_id = $response['data']['merchantTransactionId'];
                        
                  }
                   $this->db->where('order_no', $transaction_id); 
                         $this->db->update('tb_order',$data);
                 
              
        }
    }
}
?>
© 2026 GrazzMean