shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : handle_gateway.php
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
</head>
<div id="error-container"></div>
<?php
     spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        
    // $status;
//     if(isset($_GET['order_id'])){
//     $order_id =  $_GET['order_id'];
    
//     $ch = curl_init();

// curl_setopt($ch, CURLOPT_URL, 'https://api.cashfree.com/pg/orders/'.$order_id);
// curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');


// $headers = array();
// $headers[] = 'X-Client-Secret: cfsk_ma_prod_9c6b360cd80259b118097cf3bd796e94_1747c468';
// $headers[] = 'X-Client-Id: 72011254354ed7d1ea0209f811211027';
// $headers[] = 'Accept: application/json';
// $headers[] = 'X-Api-Version: 2023-08-01';
// curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

// $result = curl_exec($ch);
// // if (curl_errno($ch)) {
// //     echo 'Error:' . curl_error($ch);
// // }
// curl_close($ch);

// $decode_json = json_decode($result);
// // print_r($decode_json); die;
// //$order_id = $decode_json['order_id'];
// //$customer_phone = $decode_json['customer_details']['customer_phone'];
// //$customer_name = $decode_json['customer_details']['customer_name'];
// //$order_amount = intval($decode_json['order_amount']);
// //$contactWithoutCode = preg_replace("/^\+91/", "", $customer_phone);

// $order_id = $decode_json->order_id;
// $customer_phone = $decode_json->customer_details->customer_phone;
// $customer_name = $decode_json->customer_details->customer_name;
// $order_amount = intval($decode_json->order_amount);
// $contactWithoutCode = preg_replace("/^\+91/", "", $customer_phone);



// $datta = array("gateway"=>"cashfree","result"=>$result);
// $sqlfun->ins_data("cashfree_status",$datta);
// $order_status = $decode_json->order_status; 
// if($order_status == "PAID"){
//         $check1 = $sqlfun->query("select * from player where p_mobile = '$contactWithoutCode'");
// if($check1->rowCount() > 0){
// $rows =$check1->fetch(PDO::FETCH_OBJ);
// $p_id = $rows->p_id;
// $p_f_name = $rows->p_f_name;

    
//     $checkss = $sqlfun->query("select * from add_money_request where transaction_id = '$order_id'");

//     if($checkss->rowCount() == 0)
//     {
    
//         $data = [
//                     'transaction_id' => $order_id,
//                     'amount' => $order_amount,
//                     'name' => $p_f_name,
//                     'mobile' => $contactWithoutCode,
//                     'p_id' => $p_id
//                 ];
                
//                 // URL to hit
//                 $url = "https://gutlooks.com/payu/ad_m.php"; // Replace with your target URL
                
//                 // Initialize cURL session
//                 $ch = curl_init();
                
//                 // Configure cURL options
//                 curl_setopt($ch, CURLOPT_URL, $url);
//                 curl_setopt($ch, CURLOPT_POST, true); // Use POST method
//                 curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); // Attach data
//                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
//                 curl_setopt($ch, CURLOPT_HTTPHEADER, [
//                     'Content-Type: application/x-www-form-urlencoded' // Specify content type
//                 ]);
                
//                 // Execute cURL request
//                 $response = curl_exec($ch);
//     }
    
// }
    
//      $status = "Success";
// }
// else{
//     $status = $order_status;
// }
// //"Success/Failure/Aborted"
// // echo "<script> 
// // try{
// //     HTMLOUT.processHTML(" .$status. ");
// // }catch(error){
// //     console.error('An error occurred:',error);
// //     const errorContainer = document.getElementById('error-container');
// //     errorContainer.textContent = `An error occurred: ${error.message}`;
// // }
// // </script>";
// /////
$status = "Success";
echo "<script>
try {
    // Safely encode the PHP variable into JavaScript
    let status = " . json_encode($status) . ";
    
    // Call the JavaScript function with the variable
    HTMLOUT.processHTML(status);
} catch (error) {
    console.error('An error occurred:', error);
    const errorContainer = document.getElementById('error-container');
    
    if (errorContainer) {
        errorContainer.textContent = 'An error occurred: ' + error.message;
    } else {
        alert('An error occurred: ' + error.message);
    }
}
</script>";

/////


?>
© 2026 GrazzMean