Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Apache
: 172.26.7.228 | : 18.221.244.75
Cant Read [ /etc/named.conf ]
5.6.40-24+ubuntu18.04.1+deb.sury.org+1
www-data
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
var /
www /
results /
sikkim_test /
hdfc /
[ HOME SHELL ]
Name
Size
Permission
Action
Crypto.php
1.99
KB
-rwxr-xr-x
ccavRequestHandler.php
3.89
KB
-rwxr-xr-x
ccavRequestHandler.php~
978
B
-rwxr-xr-x
ccavResponseHandler.php
8.56
KB
-rwxr-xr-x
ccavResponseHandler.php~
1.41
KB
-rwxr-xr-x
dataFrom.htm
19.25
KB
-rwxr-xr-x
dataFrom.htm~
19.01
KB
-rwxr-xr-x
from.html
644
B
-rwxr-xr-x
jquery-1.7.2.min.js
92.62
KB
-rwxr-xr-x
json.js
3.27
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : ccavRequestHandler.php
<html> <head> <title> Custom Form Kit </title> </head> <body> <center> <?php include('Crypto.php')?> <?php error_reporting(0); $merchant_data=''; //$working_key='4C951A28AAA39C9F123E3897FC1C699E';//Shared by CCAVENUES //$access_code='AVHI84GC05BH58IHHB';//Shared by CCAVENUES $appno = $_GET['productinfo']; $funivcode = $_GET['funivcode']; $bank = 'hdfc'; $servername = "97.74.228.93"; $username = "logisys3_logu"; $password = "Logisys@2106"; /*$servername = "localhost"; $username = "root"; $password = "";*/ $dbname = "logisys3_comexam"; $conn = new mysqli($servername, $username, $password, $dbname); $get_data = "select * from dbname"; $result1=$conn->query($get_data); if (mysqli_num_rows($result1) > 0) { // output data of each row $dbnames = array(); while($row = mysqli_fetch_assoc($result1)) { $dbnames[$row['FUNIVCODE']] = $row['FDBNAME']; } } mysqli_close($conn); $servername = "97.74.228.93"; $username = "logisys3_logu"; $password = "Logisys@2106"; /*$servername = "localhost"; $username = "root"; $password = "";*/ $dbname = $dbnames[$funivcode]; $conn = new mysqli($servername, $username, $password, $dbname); //IFNULL(cs.ftotalfee,0) $get_data = "select * from masbank where fenttype = 'res' and fbank = '{$bank}'"; $result=$conn->query($get_data); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { // var_dump($row); $working_key = $row['fmid']; $access_code = $row['fkey']; $website = $row['fwebsite']; $returnurl = $row['freturnurl']; } } $get_data = "select cs.fregno as fregno, IFNULL(cs.FTOTAL,0) as ftotalfee, control.funivname,pdf_logo_path, '999999999' as fmobileno ,'99999' as fname,'999999@gmail.com' as femail from control, res_stud cs inner join college c on cs.fcollcode = c.fcollcode where appno = '{$appno}'"; $result=$conn->query($get_data); if (mysqli_num_rows($result) > 0) { // output data of each row while($row = mysqli_fetch_assoc($result)) { // var_dump($row); $fregno = $row['fregno']; $ftotalfee = $row['ftotalfee']; $fname = $row['fname']; $fmobileno = $row['fmobileno']; $femail = $row['femail']; $funivname = $row['funivname']; $logo = $row['pdf_logo_path']; } } $_POST['merchant_id'] = $website; $number = rand(10000000,99999999); $orderid = "HDFC".$number; $_POST['order_id'] = $orderid; $_POST['currency'] = 'INR'; $_POST['amount'] = $ftotalfee; $query = "update res_stud set forderid = '{$number}', fpaymenttype = '{$bank}' where appno = '{$appno}'"; $res_update = $conn->query($query); $protocol = stripos($_SERVER['SERVER_PROTOCOL'],'https') === true ? 'https://' : 'http://'; $_POST['redirect_url'] = $protocol.$returnurl; $_POST['cancel_url'] = $protocol.$returnurl; $_POST['language'] = 'EN'; $_POST['billing_name'] = $fname; $_POST['billing_tel'] = $fmobileno; $_POST['billing_email'] = $femail; // merchant_param1 $_POST['merchant_param1'] = $funivcode; $_POST['merchant_param2'] = $fregno; $_POST['merchant_param3'] = $appno; foreach($_POST as $key => $value){ $merchant_data .= $key.'='.urlencode($value).'&'; } // var_dump($merchant_data); $encrypted_data=encrypt($merchant_data,$working_key); // Method for encrypting the data. // var_dump($encrypted_data); //https://test.ccavenue.com/transaction/transaction.do?command=initiateTransaction //https://secure.ccavenue.com/transaction/transaction.do?command=initiateTransaction ?> <form method="post" name="redirect" action="https://test.ccavenue.com/transaction/transaction.do?command=initiateTransaction"> <?php echo "<input type=hidden name=encRequest value=$encrypted_data>"; echo "<input type=hidden name=access_code value=$access_code>"; ?> </form> </center> <script language='javascript'>document.redirect.submit();</script> </body> </html>
Close