shell bypass 403

GrazzMean Shell

: /home/gutlooks/www/payu/ [ drwxr-xr-x ]
Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : zoba_response.php
<?php
    
    // function __autoload($class)
    // {
    //     include("../zebra_cross/admin_login/classess/".$class.".php");
    // }
    
    spl_autoload_register(function($class) {
   include("../zebra_cross/admin_login/classess/".$class.".php");
});
        
    $sqlfun = new sqlfunction();
    $admin = new admin_login();
    date_default_timezone_set("Asia/kolkata");
    $rawData = file_get_contents("php://input");

    //$order_id =  $_REQUEST['order_id'];
    $datta = array("gateway"=>"payumoney","result"=>$rawData,"method"=>$_SERVER['REQUEST_METHOD']);
    $sqlfun->ins_data("cashfree_status",$datta);
    
    // $trnid = $_POST['txnid'];
    
    $trnid = $_POST['txnid'];
    $status = $_POST['status'];
    $amount = $_POST['amount'];
    $firstname = $_POST['firstname'];
    $phone = $_POST['phone'];
    $check1 = $sqlfun->query("select * from player where p_mobile = '$phone'");
    $rows =$check1->fetch(PDO::FETCH_OBJ);
    $p_id = $rows->p_id;
    
    $sql = "SELECT * FROM (SELECT *,SUBSTRING_INDEX(SUBSTRING_INDEX(transaction_id, '\"txnid\":\"', -1), '\"', 1) AS tra_id
    FROM add_money_request WHERE transaction_id LIKE '%\"txnid\"%') as tr_tb WHERE tr_tb.tra_id = '$trnid'";
    $check = $sqlfun->query($sql);
    if($check->rowCount() == 0)
    {
        if($status == "success"){
                            $data = [
                    'transaction_id' => $trnid,
                    'amount' => $amount,
                    'name' => $firstname,
                    'mobile' => $phone,
                    'p_id' => $p_id
                ];
                
                // URL to hit
                $url = "https://gutlooks.com/payu/ad_m.php"; // Replace with your target URL
                
                // Initialize cURL session
                $ch = curl_init();
                
                // Configure cURL options
                curl_setopt($ch, CURLOPT_URL, $url);
                curl_setopt($ch, CURLOPT_POST, true); // Use POST method
                curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); // Attach data
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
                curl_setopt($ch, CURLOPT_HTTPHEADER, [
                    'Content-Type: application/x-www-form-urlencoded' // Specify content type
                ]);
                
                // Execute cURL request
                $response = curl_exec($ch);
        
        }
            
        }
        else
        {
            $c_row = $check->fetch(PDO::FETCH_OBJ);
            $ad_status = $c_row->status;
            $row_ki_id = $c_row->r_id;
            if($ad_status == "Pending" && $status = "success")
            {
                
                //  if(isset($_POST['row_id']) && isset($_POST['status']) && isset($_POST['amount']) && isset($_POST['player_id']))
                //   row_id $row_ki_id
                //   status Pending
                //   amount $amount
                //   player_id  $p_id
                 ///hit for approve request which is in pending status 
                 // URL to hit
                 
                 
                 $dataaa = [
                    'amount' => $amount,
                    'player_id' => $p_id,
                    'status' => 'Pending',
                    'row_id' => $row_ki_id
                ];
                
                $urla = "https://gutlooks.com/zebra_cross/admin_login/process.php"; // Replace with your target URL
                
                // Initialize cURL session
                $ch = curl_init();
                
                // Configure cURL options
                curl_setopt($ch, CURLOPT_URL, $urla);
                curl_setopt($ch, CURLOPT_POST, true); // Use POST method
                curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($dataaa)); // Attach data
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
                curl_setopt($ch, CURLOPT_HTTPHEADER, [
                    'Content-Type: application/x-www-form-urlencoded' // Specify content type
                ]);
                
                // Execute cURL request
                $response = curl_exec($ch);
                  
                  
                  
                  
                  
                  
                 
            }
        }
    
?>
© 2026 GrazzMean