A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 0d43a7fe09 DB: 2017-01-05
2 new exploits

Kaspersky 17.0.0 - Local CA root is Incorrectly Protected

XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities
XAMPP 1.7.4 - Cross-Site Scripting

phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting

ASPPortal 3.1.1 - (downloadid) SQL Injection
ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection

ASPPortal 4.0.0 - (default1.asp) SQL Injection
ASPPortal 4.0.0 - 'default1.asp' SQL Injection

ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection)
ASPTicker 1.0 - Authentication Bypass

Active Photo Gallery - 'default.asp catid' SQL Injection
Active Photo Gallery - 'catid' Parameter SQL Injection

Active Trade 2 - 'default.asp catid' SQL Injection
Active Trade 2 - 'catid' Parameter SQL Injection

Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection
Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection
SailPlanner 0.3a - (Authentication Bypass) SQL Injection
Bluo CMS 1.2 - (index.php id) Blind SQL Injection
SailPlanner 0.3a - Authentication Bypass
Bluo CMS 1.2 - Blind SQL Injection
ReVou Twitter Clone - (Authentication Bypass) SQL Injection
Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection
Active Force Matrix 2 - (Authentication Bypass) SQL Injection
ASPReferral 5.3 - 'AccountID' Blind SQL Injection
ActiveVotes 2.2 - (Authentication Bypass) SQL Injection
Active Test 2.1 - (Authentication Bypass) SQL Injection
Active Websurvey 9.1 - (Authentication Bypass) SQL Injection
Active Membership 2 - (Authentication Bypass) SQL Injection
eWebquiz 8 - (Authentication Bypass) SQL Injection
Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection
Active Web Mail 4 - (Authentication Bypass) SQL Injection
Active Trade 2 - (Authentication Bypass) SQL Injection
Active Price Comparison 4 - (Authentication Bypass) SQL Injection
PHP TV Portal 2.0 - (index.php mid) SQL Injection
ReVou Twitter Clone - Authentication Bypass
Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection
Active Force Matrix 2 - Authentication Bypass
ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection
ActiveVotes 2.2 - Authentication Bypass
Active Test 2.1 - Authentication Bypass
Active Websurvey 9.1 - Authentication Bypass
Active Membership 2 - Authentication Bypass
eWebquiz 8 - Authentication Bypass
Active NewsLetter 4.3 - Authentication Bypass
Active Web Mail 4 - Authentication Bypass
Active Trade 2 - Authentication Bypass
Active Price Comparison 4 - Authentication Bypass
PHP TV Portal 2.0 - 'mid' Parameter SQL Injection
Active Price Comparison 4 - 'ProductID' Blind SQL Injection
Active Bids 3.5 - 'itemID' Blind SQL Injection
Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection
Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection
Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection
Lito Lite CMS - 'cate.php cid' SQL Injection
Active Test 2.1 - 'QuizID' Blind SQL Injection
Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection
Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection
Active Time Billing 3.2 - (Authentication Bypass) SQL Injection
Active Web Helpdesk 2 - Authentication Bypass
Lito Lite CMS - 'cid' Parameter SQL Injection
Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection
Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection
Active Photo Gallery 6.2 - Authentication Bypass
Active Time Billing 3.2 - Authentication Bypass

Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure
Quick Tree View .NET 3.1 - Database Disclosure

z1exchange 1.0 - (edit.php site) SQL Injection
z1exchange 1.0 - 'site' Parameter SQL Injection
E.Z. Poll 2 - (Authentication Bypass) SQL Injection
ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure
bcoos 1.0.13 - (viewcat.php cid) SQL Injection
PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure
E.Z. Poll 2 - Authentication Bypass
ASPPortal 3.2.5 - Database Disclosure
bcoos 1.0.13 - 'viewcat.php' SQL Injection
PacPoll 4.0 - Database Disclosure
SunByte e-Flower - 'id' SQL Injection
Rapid Classified 3.1 - (cldb.mdb) Database Disclosure
Codefixer MailingListPro (MailingList.mdb) - Database Disclosure
Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection
SunByte e-Flower - 'id' Parameter SQL Injection
Rapid Classified 3.1 - Database Disclosure
Codefixer MailingListPro - Database Disclosure
Gallery MX 2.0.0 - Blind SQL Injection
Check New 4.52 - 'findoffice.php search' SQL Injection
Joomla! Component com_jmovies 1.1 - 'id' SQL Injection
Check New 4.52 - SQL Injection
Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection
Rae Media Contact MS - (Authentication Bypass) SQL Injection
Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion
ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion
Rae Media Contact MS - Authentication Bypass
Multi SEO phpBB 1.1.0 - Remote File Inclusion
ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion

Easy News Content Management - 'News.mdb' Database Disclosure
Easy News Content Management - Database Disclosure
My Simple Forum 3.0 - (index.php action) Local File Inclusion
Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection
Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution
My Simple Forum 3.0 - Local File Inclusion
Joomla! Component mydyngallery 1.4.2 - SQL Injection
Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
RankEm - 'rankup.asp siteID' SQL Injection
RankEm - (Authentication Bypass) SQL Injection
RankEm - 'siteID' Parameter SQL Injection
Rankem - Authentication Bypass
Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities
Cold BBS - 'cforum.mdb' Remote Database Disclosure
Tizag Countdown Creator .v.3 - Insecure Upload
Merlix Teamworx Server - File Disclosure/Bypass
Cold BBS - Remote Database Disclosure
Tizag Countdown Creator 3 - Insecure Upload
ASP PORTAL - Multiple SQL Injections
ASPTicker 1.0 - (news.mdb) Remote Database Disclosure
ASP Portal - Multiple SQL Injections
ASPTicker 1.0 - Remote Database Disclosure
ASP PORTAL - 'xportal.mdb' Remote Database Disclosure
phpPgAdmin 4.2.1 - (_language) Local File Inclusion
ASP PORTAL - Remote Database Disclosure
phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion
PayPal eStore - Admin Password Changing Exploit
Product Sale Framework 0.1b - (forum_topic_id) SQL Injection
PayPal eStore - Admin Password Change
Product Sale Framework 0.1b - SQL Injection

Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion
Mini-CMS 1.0.1 - 'index.php' Local File Inclusion

MG2 0.5.1 - 'Filename' Remote Code Execution
MG2 0.5.1 - 'filename' Parameter Remote Code Execution
dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection
Poll Pro 2.0 - (Authentication Bypass) SQL Injection
Professional Download Assistant 0.1 - Authentication Bypass
Poll Pro 2.0 - Authentication Bypass

Peel Shopping 3.1 - (index.php rubid) SQL Injection
Peel Shopping 3.1 - 'rubid' Parameter SQL Injection

ProQuiz 1.0 - (Authentication Bypass) SQL Injection
ProQuiz 1.0 - Authentication Bypass

PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion
PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion
HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution
eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
WebMaster Marketplace - 'member.php u' SQL Injection
HTMPL 1.11 - Command Execution
EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
WebMaster Marketplace - SQL Injection

eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)

eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation
EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation

ReVou Twitter Clone - Admin Password Changing Exploit
ReVou Twitter Clone - Admin Password Change

w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection
w3blabor CMS 3.3.0 - Authentication Bypass

rankem - File Disclosure / Cross-Site Scripting / Cookie
Rankem - File Disclosure / Cross-Site Scripting / Cookie

revou twitter clone - Cross-Site Scripting / SQL Injection
Revou Twitter Clone - Cross-Site Scripting / SQL Injection

My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution
My Simple Forum 7.1 - Remote Command Execution

Mini-CMS 1.0.1 - (page.php id) SQL Injection
Mini-CMS 1.0.1 - 'page.php' SQL Injection

Texas Rankem - 'player.asp player_id' SQL Injection
Texas Rankem - 'player_id' Parameter SQL Injection

Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection
Mini-CMS RibaFS 1.0 - Authentication Bypass

reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting

Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection
Andy's PHP KnowledgeBase 0.95.4 - SQL Injection

Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection
Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection

Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections

PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection
PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection
Texas Rankem - player.asp selPlayer Parameter SQL Injection
Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection
Texas Rankem - 'selPlayer' Parameter SQL Injection
Texas Rankem - 'tournament_id' Parameter SQL Injection
Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection
Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting
Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting
Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting
Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting
Rapid Classified 3.1 - 'viewad.asp' SQL Injection
Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting

WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection
WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection

phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting

Rapid Classified - AgencyCatResult.asp SQL Injection
Rapid Classified - 'AgencyCatResult.asp' SQL Injection
bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection
bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection
bcoos 1.0.10 - 'ratephoto.php' SQL Injection
bcoos 1.0.10 - 'ratelink.php' SQL Injection

bcoos 1.0.10 - adresses/ratefile.php SQL Injection
bcoos 1.0.10 - 'ratefile.php' SQL Injection

bcoos 1.0.13 - 'include/common.php' Remote File Inclusion
bcoos 1.0.13 - 'common.php' Remote File Inclusion

bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection
bcoos 1.0.13 - 'click.php' SQL Injection
Z1Exchange 1.0 - showads.php id Parameter SQL Injection
Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting
Z1Exchange 1.0 - 'id' Parameter SQL Injection
Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting

dotnetindex Professional Download Assistant 0.1 - SQL Injection
Professional Download Assistant 0.1 - SQL Injection
Active Bids - search.asp search Parameter Cross-Site Scripting
Active Bids - search.asp search Parameter SQL Injection
Active Bids - 'search' Parameter Cross-Site Scripting
Active Bids - 'search' Parameter SQL Injection

eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting
EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting

Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting
2017-01-05 05:01:17 +00:00
platforms DB: 2017-01-05 2017-01-05 05:01:17 +00:00
files.csv DB: 2017-01-05 2017-01-05 05:01:17 +00:00
README.md Merge pull request #65 from g0tmi1k/searchsploit 2016-12-08 20:36:52 +00:00
searchsploit Fix for #67 - Show result when their’s only 1 for nmap’s XML mode 2016-12-20 14:30:14 +00:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)   | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)              | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).