A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
0d43a7fe09
2 new exploits Kaspersky 17.0.0 - Local CA root is Incorrectly Protected XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.7.4 - Cross-Site Scripting phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting ASPPortal 3.1.1 - (downloadid) SQL Injection ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection ASPPortal 4.0.0 - (default1.asp) SQL Injection ASPPortal 4.0.0 - 'default1.asp' SQL Injection ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection) ASPTicker 1.0 - Authentication Bypass Active Photo Gallery - 'default.asp catid' SQL Injection Active Photo Gallery - 'catid' Parameter SQL Injection Active Trade 2 - 'default.asp catid' SQL Injection Active Trade 2 - 'catid' Parameter SQL Injection Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection SailPlanner 0.3a - (Authentication Bypass) SQL Injection Bluo CMS 1.2 - (index.php id) Blind SQL Injection SailPlanner 0.3a - Authentication Bypass Bluo CMS 1.2 - Blind SQL Injection ReVou Twitter Clone - (Authentication Bypass) SQL Injection Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection Active Force Matrix 2 - (Authentication Bypass) SQL Injection ASPReferral 5.3 - 'AccountID' Blind SQL Injection ActiveVotes 2.2 - (Authentication Bypass) SQL Injection Active Test 2.1 - (Authentication Bypass) SQL Injection Active Websurvey 9.1 - (Authentication Bypass) SQL Injection Active Membership 2 - (Authentication Bypass) SQL Injection eWebquiz 8 - (Authentication Bypass) SQL Injection Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection Active Web Mail 4 - (Authentication Bypass) SQL Injection Active Trade 2 - (Authentication Bypass) SQL Injection Active Price Comparison 4 - (Authentication Bypass) SQL Injection PHP TV Portal 2.0 - (index.php mid) SQL Injection ReVou Twitter Clone - Authentication Bypass Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection Active Force Matrix 2 - Authentication Bypass ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection ActiveVotes 2.2 - Authentication Bypass Active Test 2.1 - Authentication Bypass Active Websurvey 9.1 - Authentication Bypass Active Membership 2 - Authentication Bypass eWebquiz 8 - Authentication Bypass Active NewsLetter 4.3 - Authentication Bypass Active Web Mail 4 - Authentication Bypass Active Trade 2 - Authentication Bypass Active Price Comparison 4 - Authentication Bypass PHP TV Portal 2.0 - 'mid' Parameter SQL Injection Active Price Comparison 4 - 'ProductID' Blind SQL Injection Active Bids 3.5 - 'itemID' Blind SQL Injection Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection Lito Lite CMS - 'cate.php cid' SQL Injection Active Test 2.1 - 'QuizID' Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection Active Time Billing 3.2 - (Authentication Bypass) SQL Injection Active Web Helpdesk 2 - Authentication Bypass Lito Lite CMS - 'cid' Parameter SQL Injection Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection Active Photo Gallery 6.2 - Authentication Bypass Active Time Billing 3.2 - Authentication Bypass Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure Quick Tree View .NET 3.1 - Database Disclosure z1exchange 1.0 - (edit.php site) SQL Injection z1exchange 1.0 - 'site' Parameter SQL Injection E.Z. Poll 2 - (Authentication Bypass) SQL Injection ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure bcoos 1.0.13 - (viewcat.php cid) SQL Injection PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure E.Z. Poll 2 - Authentication Bypass ASPPortal 3.2.5 - Database Disclosure bcoos 1.0.13 - 'viewcat.php' SQL Injection PacPoll 4.0 - Database Disclosure SunByte e-Flower - 'id' SQL Injection Rapid Classified 3.1 - (cldb.mdb) Database Disclosure Codefixer MailingListPro (MailingList.mdb) - Database Disclosure Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection SunByte e-Flower - 'id' Parameter SQL Injection Rapid Classified 3.1 - Database Disclosure Codefixer MailingListPro - Database Disclosure Gallery MX 2.0.0 - Blind SQL Injection Check New 4.52 - 'findoffice.php search' SQL Injection Joomla! Component com_jmovies 1.1 - 'id' SQL Injection Check New 4.52 - SQL Injection Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection Rae Media Contact MS - (Authentication Bypass) SQL Injection Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion Rae Media Contact MS - Authentication Bypass Multi SEO phpBB 1.1.0 - Remote File Inclusion ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion Easy News Content Management - 'News.mdb' Database Disclosure Easy News Content Management - Database Disclosure My Simple Forum 3.0 - (index.php action) Local File Inclusion Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution My Simple Forum 3.0 - Local File Inclusion Joomla! Component mydyngallery 1.4.2 - SQL Injection Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution RankEm - 'rankup.asp siteID' SQL Injection RankEm - (Authentication Bypass) SQL Injection RankEm - 'siteID' Parameter SQL Injection Rankem - Authentication Bypass Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities Cold BBS - 'cforum.mdb' Remote Database Disclosure Tizag Countdown Creator .v.3 - Insecure Upload Merlix Teamworx Server - File Disclosure/Bypass Cold BBS - Remote Database Disclosure Tizag Countdown Creator 3 - Insecure Upload ASP PORTAL - Multiple SQL Injections ASPTicker 1.0 - (news.mdb) Remote Database Disclosure ASP Portal - Multiple SQL Injections ASPTicker 1.0 - Remote Database Disclosure ASP PORTAL - 'xportal.mdb' Remote Database Disclosure phpPgAdmin 4.2.1 - (_language) Local File Inclusion ASP PORTAL - Remote Database Disclosure phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion PayPal eStore - Admin Password Changing Exploit Product Sale Framework 0.1b - (forum_topic_id) SQL Injection PayPal eStore - Admin Password Change Product Sale Framework 0.1b - SQL Injection Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion Mini-CMS 1.0.1 - 'index.php' Local File Inclusion MG2 0.5.1 - 'Filename' Remote Code Execution MG2 0.5.1 - 'filename' Parameter Remote Code Execution dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection Poll Pro 2.0 - (Authentication Bypass) SQL Injection Professional Download Assistant 0.1 - Authentication Bypass Poll Pro 2.0 - Authentication Bypass Peel Shopping 3.1 - (index.php rubid) SQL Injection Peel Shopping 3.1 - 'rubid' Parameter SQL Injection ProQuiz 1.0 - (Authentication Bypass) SQL Injection ProQuiz 1.0 - Authentication Bypass PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - 'member.php u' SQL Injection HTMPL 1.11 - Command Execution EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation WebMaster Marketplace - SQL Injection eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required) eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation ReVou Twitter Clone - Admin Password Changing Exploit ReVou Twitter Clone - Admin Password Change w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection w3blabor CMS 3.3.0 - Authentication Bypass rankem - File Disclosure / Cross-Site Scripting / Cookie Rankem - File Disclosure / Cross-Site Scripting / Cookie revou twitter clone - Cross-Site Scripting / SQL Injection Revou Twitter Clone - Cross-Site Scripting / SQL Injection My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution My Simple Forum 7.1 - Remote Command Execution Mini-CMS 1.0.1 - (page.php id) SQL Injection Mini-CMS 1.0.1 - 'page.php' SQL Injection Texas Rankem - 'player.asp player_id' SQL Injection Texas Rankem - 'player_id' Parameter SQL Injection Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection Mini-CMS RibaFS 1.0 - Authentication Bypass reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.4 - SQL Injection Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection Texas Rankem - player.asp selPlayer Parameter SQL Injection Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection Texas Rankem - 'selPlayer' Parameter SQL Injection Texas Rankem - 'tournament_id' Parameter SQL Injection Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting Rapid Classified 3.1 - 'viewad.asp' SQL Injection Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting Rapid Classified - AgencyCatResult.asp SQL Injection Rapid Classified - 'AgencyCatResult.asp' SQL Injection bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection bcoos 1.0.10 - 'ratephoto.php' SQL Injection bcoos 1.0.10 - 'ratelink.php' SQL Injection bcoos 1.0.10 - adresses/ratefile.php SQL Injection bcoos 1.0.10 - 'ratefile.php' SQL Injection bcoos 1.0.13 - 'include/common.php' Remote File Inclusion bcoos 1.0.13 - 'common.php' Remote File Inclusion bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection bcoos 1.0.13 - 'click.php' SQL Injection Z1Exchange 1.0 - showads.php id Parameter SQL Injection Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting Z1Exchange 1.0 - 'id' Parameter SQL Injection Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting dotnetindex Professional Download Assistant 0.1 - SQL Injection Professional Download Assistant 0.1 - SQL Injection Active Bids - search.asp search Parameter Cross-Site Scripting Active Bids - search.asp search Parameter SQL Injection Active Bids - 'search' Parameter Cross-Site Scripting Active Bids - 'search' Parameter SQL Injection eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).