shell bypass 403

Cubjrnet7 Shell

: /home/eklavya/www/pdfs/ekl_13_10_2023/order/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : checkoutV13Sept19.php
<?php 
session_start();
date_default_timezone_set ('Asia/Kolkata');
include("global.inc.php");
include("connection.inc.php");
require("libfuncs.php3");

$path = $_GET['path'];

$order_id = isset($_GET['o'])?trim($_GET['o']):'';
orderDetails($order_id, $status, $name, $CustEmail, $CustMsgCC, $order_data, $cust_data, $cust_shipping_data, $link, $custArray, $ShippingDtlArray);

$Merchant_Id = "11164" ;//This id(also User Id)  available at "Generate Working Key" of "Settings & Options" 
$Amount = $ShippingDtlArray['order_total'] ;//your script should substitute the amount in the quotes provided here
$Order_Id = $order_id ;//your script should substitute the order description in the quotes provided here
$Redirect_Url = "http://www.eklavya.in/order/pp.php" ;//your redirect URL where your customer will be redirected after authorisation from CCAvenue

$WorkingKey = "FCA4316B177F4EA994C3F6C0BEFC53A2";//put in the 32 bit alphanumeric key in the quotes provided here.Please note that get this key ,login to your CCAvenue merchant account and visit the "Generate Working Key" section at the "Settings & Options" page. 
$Checksum = getCheckSum($Merchant_Id,$Amount,$Order_Id ,$Redirect_Url,$WorkingKey);
	
$billing_cust_name = $custArray['CustName'].' '.$custArray['CustLastName'];
//Prepare the Address string
$address = $custArray['CustAddr'].' ';
$address .= (($custArray['CustStreet'] != "") ? ', '.$custArray['CustStreet'] : '');
$address .= (($custArray['CustTaluka'] != "") ? ', '.$custArray['CustTaluka'] : '');

$billing_cust_address = $address;
$billing_city = $custArray['CustDist'];
$billing_zip = $custArray['CustPin'];
$billing_cust_state = $custArray['CustState'];
$billing_cust_country = "India";
$billing_cust_tel = $custArray['CustPhone'];//$custArray['CustMobile'].', '.$custArray['CustPhone'];
$billing_cust_email = $custArray['CustEmail'];

//Prepare the Address string
$shipping_address = $ShippingDtlArray['OrderShiptoAddr1'].' ';
$shipping_address .= (($ShippingDtlArray['OrderShiptoAddr2'] != "") ? ', '.$ShippingDtlArray['OrderShiptoAddr2'] : '');
$shipping_address .= (($ShippingDtlArray['OrderShiptoAddr3'] != "") ? ', '.$ShippingDtlArray['OrderShiptoAddr3'] : '');

$delivery_cust_name = $ShippingDtlArray['OrderShiptoName'].' '.$ShippingDtlArray['OrderShiptoSurname'];
$delivery_cust_address = $shipping_address;
$delivery_city = $ShippingDtlArray['OrderShiptoCity'];
$delivery_zip = $ShippingDtlArray['OrderShiptoPincode'];
$delivery_cust_state = $ShippingDtlArray['OrderShiptoState'];
$delivery_cust_country = 'India';
$delivery_cust_tel = $ShippingDtlArray['OrderShiptoPhone'];//$ShippingDtlArray['OrderShiptoMobile'].', '.$ShippingDtlArray['OrderShiptoPhone'];
$delivery_cust_notes = '';
$Merchant_Param = '';

if(!isset($path))
	$pageTitle = "Eklavya Publications Order Details";
else
	$pageTitle = "Chakmak Subscriber details";
pageHeaderOne($pageTitle);
if(!isset($path))
{
	adminPageHeaderTwo();
	adminPageHeaderThree();
}
else
{
	pageHeaderTwoChakmak();
	pageHeaderThreeChakmak();
}
 ?>
<script type="text/javascript">
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-36950695-1']);
  _gaq.push(['_trackPageview']);
  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();
</script>
<div id="content_box" align="center" style="width:980px;">
<h2 style="margin-bottom:0;">
	<?php if(!isset($path)) { ?>
	Order Details
	<?php } else {?>
	Subscription Details 
	<?php } ?>
</h2>
<?php 
if(strlen($order_id) == 0)
{
 	echo '<p style="font-weight:bold;text-align:center;">Wrong parameters.</p>';									 
}else
{
	echo $order_data;
 	echo $cust_data;
	if(!isset($path))
		echo $cust_shipping_data;
?>
	<fieldset style="padding:1em;margin:auto;text-align:justify;margin-top:1em;width:500px;">
	<legend>Note</legend>
	When you click the button below, you will be taken to a different website which is a SECURE payment gateway.
	After choosing a suitable payment option and successfully making the payment, you will come back to Eklavya website.

	</fieldset><br />

	<form action="ccavRequestHandler.php" method="post" >
  <input type="hidden" name="Checksum" value="<?php echo $Checksum; ?>">
       <input type="hidden" name="tid" id="tid" readonly />
        <input type="hidden" name="merchant_id" value="11164"/>
        <input type="hidden" name="order_id" value="<?php echo $Order_Id ?>"/>
        <input type="hidden" name="amount" value="<?php echo $Amount; ?>">
        <input type="hidden" name="currency" value="INR"/>
        <input type="hidden" name="redirect_url" value="http://www.eklavya.in/order/pp.php"/>
        <input type="hidden" name="cancel_url" value="http://www.eklavya.in/order/pp.php"/>
        <input type="hidden" name="language" value="EN"/></td>
        <input type="hidden" name="billing_name" value="<?php echo $billing_cust_name; ?>"> 
        <input type="hidden" name="billing_address" value="<?php echo $billing_cust_address; ?>"> 
        <input type="hidden" name="billing_country" value="<?php echo $billing_cust_country; ?>"> 
        <input type="hidden" name="billing_tel" value="<?php echo $billing_cust_tel; ?>"> 
        <input type="hidden" name="billing_email" value="<?php echo $billing_cust_email; ?>"> 
        <input type="hidden" name="billing_zip" value="<?php echo $billing_zip; ?>"> 
        <input type="hidden" name="billing_state" value="<?php echo $billing_cust_state; ?>"> 
        <input type="hidden" name="billing_city" value="<?php echo $billing_city; ?>"> 

        <input type="hidden" name="delivery_name" value="<?php echo $delivery_cust_name; ?>"> 
        <input type="hidden" name="delivery_address" value="<?php echo $delivery_cust_address; ?>"> 
        <input type="hidden" name="delivery_tel" value="<?php echo $delivery_cust_tel; ?>"> 
        <input type="hidden" name="merchant_param1" value="<?php echo $path; ?>" >
        <input type="hidden" name="delivery_zip" value="<?php echo $delivery_zip; ?>"> 
        <input type="hidden" name="delivery_state" value="<?php echo $delivery_cust_state; ?>"> 
        <input type="hidden" name="delivery_city" value="<?php echo $delivery_city; ?>"> 

<input type="submit" value="Make Payment">

</form>
<?php
}
?><br />

<br />
<?php  ?>
</div>

<?php
	if(isset($path))
		pageFooterChakmak();
?>

© 2025 Cubjrnet7