shell bypass 403

GrazzMean-Shell Shell

: /home/allssztx/needapair.com/routes/email/ [ drwxr-xr-x ]
Uname: Linux business55.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
Software: LiteSpeed
PHP version: 8.1.31 [ PHP INFO ] PHP os: Linux
Server Ip: 162.213.251.212
Your Ip: 52.15.85.225
User: allssztx (535) | Group: allssztx (533)
Safe Mode: OFF
Disable Function:
NONE
upload mass deface mass delete console

name : emailhandler.js 
const express = require('express')
const router = express.Router();
const sendMail = require('./sendMail');
var jwt = require('jsonwebtoken');
const JWT_SECRET = 'B!llHe$$';
const User = require('../../schema/User')

router.post('/sendverificationemail', async (req, res) => {
    try {
        const email = req.body.email
        // const user = req.user
        // const url = req.query.url
        const verificationToken = jwt.sign({ email }, JWT_SECRET, { expiresIn: '1d' });
        const to = email
        const subject = 're: Verify your email address'
        const html = `<table role="presentation"
    style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px; font-family: Arial, Helvetica, sans-serif; background-color: rgb(239, 239, 239);">
    <tbody>
        <tr>
            <td align="center" style="padding: 1rem 2rem; vertical-align: top; width: 100%;">
                <table role="presentation"
                    style="max-width: 600px; border-collapse: collapse; border: 0px; border-spacing: 0px; text-align: left;">
                    <tbody>
                        <tr>
                            <td style="padding: 40px 0px 0px;">
                                <div style="padding: 20px; background-color: rgb(255, 255, 255);">
                                    <div style="color: rgb(0, 0, 0); text-align: left;">
                                        <img src="https://needapair.com/images/dashboard-logo.png"
                                            alt="Company" style="width: 60px;">
                                        <h1 style="margin: 1rem 0">Final step!</h1>
                                        <p style="padding-bottom: 16px">Follow this link to verify your email address.</p>
                                        <a href="${req.protocol}://${req.hostname}/api/email/verification?token=${verificationToken}" style="padding: 12px 24px; border-radius: 4px; color: #FFF; background: #2B52F5;display: inline-block;margin: 0.5rem 0;">Verify Now</a>
                                        <p style="padding-bottom: 16px">If you didn’t ask to verify this address, you can ignore this email.</p>
                                        <p style="padding-bottom: 16px">Thank you,<br>- needapair.com</p>
                                    </div>
                                </div>
                            </td>
                        </tr>
                    </tbody>
                </table>
            </td>
        </tr>
    </tbody>
</table>`
        // const html = `<table role="presentation"
        //     style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px; font-family: Arial, Helvetica, sans-serif; background-color: rgb(239, 239, 239);">
        //     <tbody>
        //         <tr>
        //             <td align="center" style="padding: 1rem 2rem; vertical-align: top; width: 100%;">
        //                 <table role="presentation"
        //                     style="max-width: 600px; border-collapse: collapse; border: 0px; border-spacing: 0px; text-align: left;">
        //                     <tbody>
        //                         <tr>
        //                             <td style="padding: 40px 0px 0px;">
        //                                 <div style="text-align: left;">
        //                                     <div style="padding-bottom: 20px;"><img src="<%= baseUrl %>https://i.ibb.co/Qbnj4mz/logo.png" alt="Company" style="width: 56px;"></div>
        //                                 </div>
        //                                 <div style="padding: 20px; background-color: rgb(255, 255, 255);">
        //                                     <div style="color: rgb(0, 0, 0); text-align: left;">
        //                                         <h1 style="margin: 1rem 0">Final step...</h1>
        //                                         <p style="padding-bottom: 16px">Follow this link to verify your email address.
        //                                         </p>
        //                                         <p style="padding-bottom: 16px">
        //                                         <a href="${req.protocol}://${req.hostname}/api/email/verification?token=${verificationToken}"
        //                                         style="padding: 12px 24px; border-radius: 4px; color: #FFF; background: #2B52F5;display: inline-block;margin: 0.5rem 0;">Confirm now</a></p>
        //                                         <p style="padding-bottom: 16px">If you didn’t ask to verify this address, you
        //                                             can ignore this email.</p>
        //                                         <p style="padding-bottom: 16px">Thanks,<br> Bill Hess</p>
        //                                     </div>
        //                                 </div>
        //                                 <div style="padding-top: 20px; color: rgb(153, 153, 153); text-align: center;">
        //                                     <p style="padding-bottom: 16px">Bill Hess</p>
        //                                 </div>
        //                             </td>
        //                         </tr>
        //                     </tbody>
        //                 </table>
        //             </td>
        //         </tr>
        //     </tbody>
        // </table>`
        

        // Send the email
        sendMail(to, subject, html, "noreply").then((success) => {
            if (success) {
                return res.status(200).redirect('/email-verification?message=Email Send to ' + to)
            }
            else {
                console.log('error from mailsend')
                return res.status(200).redirect('/email-verification?error=Something went wrong...')
            }
        })
    }
    catch (err) {
        console.log(err)
        return res.status(200).redirect('/email-verification?error=Something went wrong...')
    }
})

router.post('/contact', async (req, res) => {
    try {
        const { firstName, lastName, email, username, message } = req.body
        // return console.log(req.body)
        console.log('hello from contact')
        const emailTable = `<table style="width: 100%; max-width: 500px">
            <thead>
                <tr>
                    <th style="padding: 5px 15px">Field</th>
                    <th style="padding: 5px 15px">Value</th>
                </tr>
            </thead>
            <tbody>
                <tr><td style="padding: 5px 15px">First Name</td><td style="padding: 5px 15px">${firstName}</td></tr>
                <tr><td style="padding: 5px 15px">Last Name</td><td style="padding: 5px 15px">${lastName}</td></tr>
                <tr><td style="padding: 5px 15px">Email</td><td style="padding: 5px 15px">${email}</td></tr>
                <tr><td style="padding: 5px 15px">Username</td><td style="padding: 5px 15px">${username}</td></tr>
                <tr><td style="padding: 5px 15px">message</td><td style="padding: 5px 15px">${message}</td></tr>
            </tbody>
        </table>`
        // Send the email
        sendMail('info@needapair.com', 'Contact Form (Bill Hess)', emailTable,"info").then((success) => {
            if (success) {
                return res.status(200).redirect('/?message=Contact Form Submitted...')
            }
            else {
                console.log('error from mailsend')
                return res.status(200).redirect('/contact?error=Something went wrong...')
            }
        })
    }
    catch (err) {
        console.log(err)
        return res.status(200).redirect('/contact?error=Something went wrong...')
    }
})


router.get('/verification', async (req, res) => {
    const verificationToken = req.query.token;

    // Step 4: Verify the token using the JWT library
    try {
        const decoded = jwt.verify(verificationToken, JWT_SECRET);
        const formEmail = decoded.email;
        const user = await User.findOne({ email:formEmail })
        if (!user) {
            return res.redirect('/login?error="User not Found"')
        }
        user.verified = true
        await user.save()
        const { _id, firstName, lastName, email, ageverified, agreement, city, state, zip, verified } = user
        const data = {
            id: _id, firstName, lastName, email, ageverified, agreement, city, state, zip, verified
        }
        const authtoken = jwt.sign(data, JWT_SECRET);
        return res.status(200).cookie('authtoken', authtoken).redirect('/send-now?message="Email Verified Successfully..."')
    } catch (err) {
        console.log(err)
        return res.status(200).redirect('/email-verification?error=Invalid or Expired Token...')
    }
});


module.exports = router
© 2025 GrazzMean-Shell