A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
127a1da37b
1 new exploits EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC) EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC) Kaspersky 17.0.0 - Local CA root is Incorrectly Protected Kaspersky 17.0.0 - Local CA root Incorrectly Protected CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python) CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python) CUPS < 1.3.8-4 - Privilege Escalation Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Phpclanwebsite 1.23.1 - (par) SQL Injection Phpclanwebsite 1.23.1 - SQL Injection Nukedit CMS 4.9.6 - Unauthorized Admin Add Nukedit 4.9.6 - Unauthorized Admin Add iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection iyzi Forum 1.0 Beta 3 - SQL Injection Liberum Help Desk 0.97.3 - (details.asp) SQL Injection Liberum Help Desk 0.97.3 - SQL Injection Pligg 9.9.0 - Remote Code Execution Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection Pligg CMS 9.9.0 - Remote Code Execution Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection CF_Auction - (forummessage) Blind SQL Injection CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection CF_Auction - Blind SQL Injection CFMBLOG - 'categorynbr' Parameter Blind SQL Injection phpAddEdit 1.3 - (editform) Local File Inclusion phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure MyCal Personal Events Calendar - Database Disclosure Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection Ad Management Java - (Authentication Bypass) SQL Injection Banner Exchange Java - (Authentication Bypass) SQL Injection Affiliate Software Java 4.0 - Authentication Bypass Ad Management Java - Authentication Bypass Banner Exchange Java - Authentication Bypass ASP-CMS 1.0 - (index.asp cha) SQL Injection SUMON 0.7.0 - (chg.php host) Command Execution Xpoze 4.10 - (home.html menu) Blind SQL Injection Social Groupie - 'group_index.php id' SQL Injection ASP-CMS 1.0 - 'cha' Parameter SQL Injection SUMON 0.7.0 - Command Execution Xpoze 4.10 - 'menu' Parameter Blind SQL Injection Social Groupie - 'id' Parameter SQL Injection Umer Inc Songs Portal Script - 'id' SQL Injection Umer Inc Songs Portal Script - 'id' Parameter SQL Injection ASPired2Quote - 'quote.mdb' Remote Database Disclosure ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection ASPired2Quote - Remote Database Disclosure ASP-DEV Internal E-Mail System - Authentication Bypass iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure iyzi Forum 1.0b3 - Database Disclosure CodeAvalanche FreeForum - Database Disclosure FLDS 1.2a - (redir.php id) SQL Injection FLDS 1.2a - 'redir.php' SQL Injection Mediatheka 4.2 - (index.php lang) Local File Inclusion Mediatheka 4.2 - 'lang' Parameter Local File Inclusion Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure Forest Blog 1.3.2 - Remote Database Disclosure CodeAvalanche Directory - Database Disclosure CodeAvalanche FreeForAll - Database Disclosure CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure CodeAvalanche Articles - Database Disclosure CodeAvalanche RateMySite - Database Disclosure FLDS 1.2a - (lpro.php id) SQL Injection BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit FLDS 1.2a - 'lpro.php' SQL Injection BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection XOOPS Module Amevents - 'print.php id' SQL Injection CadeNix - 'cid' SQL Injection The Rat CMS Alpha 2 - Authentication Bypass XOOPS Module Amevents - SQL Injection CadeNix - SQL Injection CFAGCMS 1 - 'right.php title' SQL Injection CFAGCMS 1 - SQL Injection FaScript FaUpload - 'download.php' SQL Injection Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD FLDS 1.2a - report.php (linkida) SQL Injection FaScript FaUpload - SQL Injection Web Wiz Guestbook 8.21 - Database Disclosure FLDS 1.2a - 'report.php' SQL Injection Gnews Publisher .NET - (authors.asp authorID) SQL Injection Gnews Publisher .NET - SQL Injection Joomla! Component Tech Article 1.x - (item) SQL Injection TinyMCE 2.0.1 - (index.php menuID) SQL Injection Joomla! Component Tech Article 1.x - SQL Injection TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure QuickerSite Easy CMS - Database Disclosure I-Rater Basic - 'messages.php' SQL Injection I-Rater Basic - SQL Injection Injader CMS 2.1.1 - 'id' SQL Injection Injader CMS 2.1.1 - 'id' Parameter SQL Injection MyPHPsite - 'index.php mod' Local File Inclusion MyPBS - 'index.php seasonID' SQL Injection MyPHPsite - Local File Inclusion MyPBS - 'seasonID' Parameter SQL Injection Extract Website - 'download.php Filename' File Disclosure Extract Website - 'Filename' Parameter File Disclosure FreeLyrics 1.0 - (source.php p) Remote File Disclosure FreeLyrics 1.0 - Remote File Disclosure Userlocator 3.0 - (y) Blind SQL Injection Userlocator 3.0 - Blind SQL Injection chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting BLOG 1.55B - (image_upload.php) Arbitrary File Upload BLOG 1.55B - 'image_upload.php' Arbitrary File Upload RSS Simple News - 'news.php pid' SQL Injection Text Lines Rearrange Script - 'Filename' File Disclosure RSS Simple News - SQL Injection Text Lines Rearrange Script - 'Filename' Parameter File Disclosure Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection Joomla! Component Volunteer 2.0 - (job_id) SQL Injection Joomla! Component Volunteer 2.0 - SQL Injection Calendar Script 1.1 - (Authentication Bypass) SQL Injection REDPEACH CMS - (zv) SQL Injection Calendar Script 1.1 - Authentication Bypass REDPEACH CMS - SQL Injection PHPLD 3.3 - (page.php name) Blind SQL Injection PHPLD 3.3 - Blind SQL Injection The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection The Rat CMS Alpha 2 - Blind SQL Injection Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) flatnux 2009-01-27 - Remote File Inclusion Flatnux 2009-01-27 - Remote File Inclusion flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Pligg 9.9.0 - (editlink.php id) Blind SQL Injection Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection CF Shopkart 5.3x - 'itemID' SQL Injection CF Shopkart 5.3x - 'itemID' Parameter SQL Injection worksimple_1.3.2 - Multiple Vulnerabilities WorkSimple 1.3.2 - Multiple Vulnerabilities Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting Constructr CMS 3.03 - MultipleRemote Vulnerabilities Constructr CMS 3.03 - Multiple Remote Vulnerabilities Pligg 1.1.4 - SQL Injection Pligg CMS 1.1.4 - SQL Injection phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2) OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection OneOrZero Helpdesk 1.4 - install.php Administrative Access OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting Pligg 9.5 - Reset Forgotten Password Security Bypass Pligg CMS 9.5 - Reset Forgotten Password Security Bypass Click&BaneX - Details.asp SQL Injection Click&BaneX - 'Details.asp' SQL Injection ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting Chicomas 2.0.4 - 'index.php' Cross-Site Scripting Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg 1.0.4 - 'search.php' Cross-Site Scripting Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting Pligg 2.0.1 - Multiple Vulnerabilities Pligg CMS 2.0.1 - Multiple Vulnerabilities Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access FlatnuX CMS - Traversal Arbitrary File Access Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).