shell bypass 403

GrazzMean Shell

: /home/h/o/m/homesquasz/devprod/Backend/app/controllers/ [ drwx---r-x ]
Uname: Linux webm016.cluster127.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Software: Apache
PHP version: 7.4.33 [ PHP INFO ] PHP os: Linux
Server Ip: 54.36.31.145
Your Ip: 216.73.216.182
User: homesquasz (91404) | Group: users (100)
Safe Mode: OFF
Disable Function:
_dyuweyrj4,_dyuweyrj4r,dl
upload mass deface mass delete console

name : user.controller.js 
const User = require('../models/user.model.js');

// Create and Save a new admin
exports.create = (req, res) => {
    // Validate request
    if (!req.body.cin) {
        return res.status(400).send({
            message: "user content can not be empty"
        });
    }

    // Create a admin
    const user = new User({
        fname: req.body.fname,
        lname: req.body.lname,
        adress: req.body.adress,
        cin: req.body.cin || "Untitled User",
        email: req.body.email,
        password: req.body.password,


    });

    // Save admin in the database
    user.save()
        .then(data => {
            res.send(data);
        }).catch(err => {
            res.status(500).send({
                message: err.message || "Some error occurred while creating the user."
            });
        });
};

// Retrieve and return all admin from the database.
exports.findAll = (req, res) => {
    User.find()
        .then(users => {
            res.send(users);
        }).catch(err => {
            res.status(500).send({
                message: err.message || "Some error occurred while retrieving users."
            });
        });
};

// Find a single admin with a adminId
exports.findOne = (req, res) => {
    User.findById(req.params.userId)
        .then(user => {
            if (!user) {
                return res.status(404).send({
                    message: "user not found with id " + req.params.userId
                });
            }
            res.send(user);
        }).catch(err => {
            if (err.kind === 'ObjectId') {
                return res.status(404).send({
                    message: "user not found with id " + req.params.userId
                });
            }
            return res.status(500).send({
                message: "Error retrieving user with id " + req.params.cin
            });
        });
};

// Update a admin identified by the adminId in the request
exports.update = (req, res) => {
    // Validate Request
    if (!req.body.email) {
        return res.status(400).send({
            message: "user content can not be empty"
        });
    }

    // Find admin and update it with the request body
    User.findByIdAndUpdate(req.params.userId, {
        fname: req.body.fname,
        lname: req.body.lname,
        adress: req.body.adress,
        cin: req.body.cin || "Untitled User",
        email: req.body.email,
        password: req.body.password,
    }, { new: true })
        .then(user => {
            if (!user) {
                return res.status(404).send({
                    message: "user not found with id " + req.params.userId
                });
            }
            res.send(user);
        }).catch(err => {
            if (err.kind === 'ObjectId') {
                return res.status(404).send({
                    message: "user not found with id " + req.params.userId
                });
            }
            return res.status(500).send({
                message: "Error updating user with id " + req.params.userId
            });
        });
};

// Delete a admin with the specified adminId in the request
exports.delete = (req, res) => {
    User.findByIdAndRemove(req.params.userId)
        .then(user => {
            if (!user) {
                return res.status(404).send({
                    message: "user not found with id " + req.params.userId
                });
            }
            res.send({ message: "user deleted successfully!" });
        }).catch(err => {
            if (err.kind === 'ObjectId' || err.name === 'NotFound') {
                return res.status(404).send({
                    message: "user not found with id " + req.params.userId
                });
            }
            return res.status(500).send({
                message: "Could not delete user with id " + req.params.userId
            });
        });
};
© 2026 GrazzMean