Wow, today found one more vulnerability in payment gateway php. It's LFI bug , i wont disclose code because its very even for a noob to upload shell via this bug-vulnerability and i wont disclose this bug to author ,as he is careless and unprofessional php developer .