A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 127a1da37b DB: 2017-01-06
1 new exploits

EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC)
EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)

Kaspersky 17.0.0 - Local CA root is Incorrectly Protected
Kaspersky 17.0.0 - Local CA root Incorrectly Protected
CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python)
CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)
CUPS < 1.3.8-4 - Privilege Escalation

Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution

Phpclanwebsite 1.23.1 - (par) SQL Injection
Phpclanwebsite 1.23.1 - SQL Injection

Nukedit CMS 4.9.6 - Unauthorized Admin Add
Nukedit 4.9.6 - Unauthorized Admin Add

iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection
iyzi Forum 1.0 Beta 3 - SQL Injection

Liberum Help Desk 0.97.3 - (details.asp) SQL Injection
Liberum Help Desk 0.97.3 - SQL Injection
Pligg 9.9.0 - Remote Code Execution
Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
Pligg CMS 9.9.0 - Remote Code Execution
Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
CF_Auction - (forummessage) Blind SQL Injection
CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection
CF_Auction - Blind SQL Injection
CFMBLOG - 'categorynbr' Parameter Blind SQL Injection

phpAddEdit 1.3 - (editform) Local File Inclusion
phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion

MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure
MyCal Personal Events Calendar - Database Disclosure
Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection
Ad Management Java - (Authentication Bypass) SQL Injection
Banner Exchange Java - (Authentication Bypass) SQL Injection
Affiliate Software Java 4.0 - Authentication Bypass
Ad Management Java - Authentication Bypass
Banner Exchange Java - Authentication Bypass
ASP-CMS 1.0 - (index.asp cha) SQL Injection
SUMON 0.7.0 - (chg.php host) Command Execution
Xpoze 4.10 - (home.html menu) Blind SQL Injection
Social Groupie - 'group_index.php id' SQL Injection
ASP-CMS 1.0 - 'cha' Parameter SQL Injection
SUMON 0.7.0 - Command Execution
Xpoze 4.10 - 'menu' Parameter Blind SQL Injection
Social Groupie - 'id' Parameter SQL Injection

Umer Inc Songs Portal Script - 'id' SQL Injection
Umer Inc Songs Portal Script - 'id' Parameter SQL Injection
ASPired2Quote - 'quote.mdb' Remote Database Disclosure
ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection
ASPired2Quote - Remote Database Disclosure
ASP-DEV Internal E-Mail System - Authentication Bypass
iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure
CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure
iyzi Forum 1.0b3 - Database Disclosure
CodeAvalanche FreeForum - Database Disclosure

FLDS 1.2a - (redir.php id) SQL Injection
FLDS 1.2a - 'redir.php' SQL Injection

Mediatheka 4.2 - (index.php lang) Local File Inclusion
Mediatheka 4.2 - 'lang' Parameter Local File Inclusion
Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure
CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure
CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure
Forest Blog 1.3.2 - Remote Database Disclosure
CodeAvalanche Directory - Database Disclosure
CodeAvalanche FreeForAll - Database Disclosure
CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure
CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure
CodeAvalanche Articles - Database Disclosure
CodeAvalanche RateMySite - Database Disclosure
FLDS 1.2a - (lpro.php id) SQL Injection
BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit
FLDS 1.2a - 'lpro.php' SQL Injection
BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit
The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection
XOOPS Module Amevents - 'print.php id' SQL Injection
CadeNix - 'cid' SQL Injection
The Rat CMS Alpha 2 - Authentication Bypass
XOOPS Module Amevents - SQL Injection
CadeNix - SQL Injection

CFAGCMS 1 - 'right.php title' SQL Injection
CFAGCMS 1 - SQL Injection
FaScript FaUpload - 'download.php' SQL Injection
Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD
FLDS 1.2a - report.php (linkida) SQL Injection
FaScript FaUpload - SQL Injection
Web Wiz Guestbook 8.21 - Database Disclosure
FLDS 1.2a - 'report.php' SQL Injection

Gnews Publisher .NET - (authors.asp authorID) SQL Injection
Gnews Publisher .NET - SQL Injection
Joomla! Component Tech Article 1.x - (item) SQL Injection
TinyMCE 2.0.1 - (index.php menuID) SQL Injection
Joomla! Component Tech Article 1.x - SQL Injection
TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection

QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure
QuickerSite Easy CMS - Database Disclosure

I-Rater Basic - 'messages.php' SQL Injection
I-Rater Basic - SQL Injection

Injader CMS 2.1.1 - 'id' SQL Injection
Injader CMS 2.1.1 - 'id' Parameter SQL Injection
MyPHPsite - 'index.php mod' Local File Inclusion
MyPBS - 'index.php seasonID' SQL Injection
MyPHPsite - Local File Inclusion
MyPBS - 'seasonID' Parameter SQL Injection

Extract Website - 'download.php Filename' File Disclosure
Extract Website - 'Filename' Parameter File Disclosure

FreeLyrics 1.0 - (source.php p) Remote File Disclosure
FreeLyrics 1.0 - Remote File Disclosure

Userlocator 3.0 - (y) Blind SQL Injection
Userlocator 3.0 - Blind SQL Injection

chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting
Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting

BLOG 1.55B - (image_upload.php) Arbitrary File Upload
BLOG 1.55B - 'image_upload.php' Arbitrary File Upload
RSS Simple News - 'news.php pid' SQL Injection
Text Lines Rearrange Script - 'Filename' File Disclosure
RSS Simple News - SQL Injection
Text Lines Rearrange Script - 'Filename' Parameter File Disclosure

Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection
Pligg 9.9.5b - Arbitrary File Upload / SQL Injection

Joomla! Component Volunteer 2.0 - (job_id) SQL Injection
Joomla! Component Volunteer 2.0 - SQL Injection
Calendar Script 1.1 - (Authentication Bypass) SQL Injection
REDPEACH CMS - (zv) SQL Injection
Calendar Script 1.1 - Authentication Bypass
REDPEACH CMS - SQL Injection

PHPLD 3.3 - (page.php name) Blind SQL Injection
PHPLD 3.3 - Blind SQL Injection

The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection
The Rat CMS Alpha 2 - Blind SQL Injection

Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass
Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass

Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC)
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC)

flatnux 2009-01-27 - Remote File Inclusion
Flatnux 2009-01-27 - Remote File Inclusion

flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure
Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure

Pligg 9.9.0 - (editlink.php id) Blind SQL Injection
Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection

CF Shopkart 5.3x - 'itemID' SQL Injection
CF Shopkart 5.3x - 'itemID' Parameter SQL Injection

worksimple_1.3.2 - Multiple Vulnerabilities
WorkSimple 1.3.2 - Multiple Vulnerabilities

Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting
Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting

Constructr CMS 3.03 - MultipleRemote Vulnerabilities
Constructr CMS 3.03 - Multiple Remote Vulnerabilities

Pligg 1.1.4 - SQL Injection
Pligg CMS 1.1.4 - SQL Injection

phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1)
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)

phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2)
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)
OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection
OneOrZero Helpdesk 1.4 - install.php Administrative Access
OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection
OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access

phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion
phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion
phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting
phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting

Pligg 9.5 - Reset Forgotten Password Security Bypass
Pligg CMS 9.5 - Reset Forgotten Password Security Bypass

Click&BaneX - Details.asp SQL Injection
Click&BaneX - 'Details.asp' SQL Injection

ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting
Chicomas 2.0.4 - 'index.php' Cross-Site Scripting

Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass
Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass

Pligg 1.0.4 - 'search.php' Cross-Site Scripting
Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting

Pligg 2.0.1 - Multiple Vulnerabilities
Pligg CMS 2.0.1 - Multiple Vulnerabilities

Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting

Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation
Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation

FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access
FlatnuX CMS - Traversal Arbitrary File Access

Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting
Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting
2017-01-06 05:01:17 +00:00
platforms DB: 2017-01-06 2017-01-06 05:01:17 +00:00
files.csv DB: 2017-01-06 2017-01-06 05:01:17 +00:00
README.md Merge pull request #65 from g0tmi1k/searchsploit 2016-12-08 20:36:52 +00:00
searchsploit Fix for #67 - Show result when their’s only 1 for nmap’s XML mode 2016-12-20 14:30:14 +00:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)   | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)              | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).