shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : Razorpay.php
<?php 
defined('BASEPATH') OR exit('No direct script access allowed');
class Razorpay extends CI_Controller{
     public $CI = NULL;
    //razorpay
    public function __construct()
    {
        parent::__construct();
        $this->load->model("Curd");
        $this->load->library('cart');
        $this->load->database();
        $this->load->helper('array');
        $this->CI = & get_instance(); 
    }
    function index(){
    }
    public function pay(){
         $data['main_cat'] = $this->Curd->fetch_where_order("tb_main_category",array("*"),array("status"=>1),"ASC");
         //print_r($data['main_cat']);die;
    	$this->load->view('razorpay/razorpay_page',$data);
    }
    function payment(){
        // print_r($_POST);die;
        $pay_logs = json_encode($_POST);
        $order_id =$_POST['shopping_order_id'];
        $pay_transaction_id =$_POST['razorpay_order_id'];
        $data = array('pay_status'=>'Paid','pay_transaction_id'=>$pay_transaction_id,'pay_logs'=>$pay_logs);
        
        $this->db->where('pay_transaction_id', $pay_transaction_id); 
        $this->db->update('tb_order',$data);
        // echo $this->db->last_query();
        // $query = $this->db->get();
         redirect('home/thankyou1');
    }
}

?>
© 2026 GrazzMean