A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 1edbc5ecc4 DB: 2016-11-04
14 new exploits

Microsoft Windows - Metafile (.WMF) Remote File Download Exploit Generator
Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator)

Redaxo CMS 3.2 - 'INCLUDE_PATH' Remote File Inclusion
Redaxo 3.2 - 'INCLUDE_PATH' Remote File Inclusion

Mambo Component com_loudmouth 4.0j -  Remote File Inclusion
Mambo Component com_loudmouth 4.0j - Remote File Inclusion

Sisfo Kampus 2006 - 'dwoprn.php f' Remote File Download
Sisfo Kampus 2006 - 'dwoprn.php f' Arbitrary File Download

Mambo Component 'com_newsletter'  4.5 - 'listid' Parameter SQL Injection
Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection

Joomla! / Mambo Component com_catalogproduction - 'id' SQL Injection
Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection

Megacubo 5.0.7 - (mega://) Remote File Download and Execute Exploit
Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute

DMXReady SDK 1.1 - Remote File Download
DMXReady SDK 1.1 - Arbitrary File Download

Joomla! 1.5.12 RCE via TinyMCE - Arbitrary File Upload
Joomla! 1.5.12 TinyMCE - Remote Code Execution (via Arbitrary File Upload)

Joomla! Component Jw_allVideos - Remote File Download
Joomla! Component Jw_allVideos - Arbitrary File Download

Trouble Ticket Software - ttx.cgi Remote File Download
Trouble Ticket Software - 'ttx.cgi' Arbitrary File Download

Redaxo CMS 4.2.1 - Remote File Inclusion
Redaxo 4.2.1 - Remote File Inclusion

Joomla! Component Music Manager - Local File Inclusion
Joomla! Component 'Music Manager' - Local File Inclusion

Joomla! Component NeoRecruit (com_neorecruit Itemid) - Blind SQL Injection
Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection
Joomla! Component artforms 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection
Joomla! Component 'com_artforms' 2.1b7.2 rc2 - Multiple Vulnerabilities
Joomla! Component 'PaymentsPlus' 2.1.5 - Blind SQL Injection
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component IXXO Cart - SQL Injection
Joomla! Component com_jomtube - (user_id) Blind SQL Injection / SQL Injection
Joomla! Component redSHOP 1.0 (com_redshop pid) - SQL Injection
Joomla! Component QuickFAQ (com_quickfaq) - Blind SQL Injection
Joomla! Component 'Minify4Joomla' - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component 'IXXO Cart' - SQL Injection
Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection
Joomla! Component 'com_redshop' 1.0 - 'pid' Parameter SQL Injection
Joomla! Component 'com_quickfaq' - Blind SQL Injection
Joomla! Component MyHome (com_myhome) - Blind SQL Injection
Joomla! Component MySms (com_mysms) - Arbitrary File Upload
Joomla! Component Health & Fitness Stats - Persistent Cross-Site Scripting
Joomla! Component 'com_myhome' - Blind SQL Injection
Joomla! Component 'com_mysms' - Arbitrary File Upload
Joomla! Component 'healthstats' - Persistent Cross-Site Scripting

Joomla! Component Rapid Recipe - Persistent Cross-Site Scripting
Joomla! Component 'Rapid-Recipe' - Persistent Cross-Site Scripting

Joomla! Component EasyBlog - Persistent Cross-Site Scripting
Joomla! Component 'EasyBlog' - Persistent Cross-Site Scripting

Joomla! Component QContacts (com_qcontacts) - SQL Injection
Joomla! Component 'com_qcontacts' - SQL Injection

Joomla! Component RedShop 1.0.23.1 - Blind SQL Injection
Joomla! Component 'com_redshop' 1.0.23.1 - Blind SQL Injection
Joomla! Component com_spa - SQL Injection (2)
Joomla! Component com_staticxt - SQL Injection
Joomla! Component 'com_spa' - SQL Injection (2)
Joomla! Component 'com_staticxt' - SQL Injection

Joomla! Component com_spa - SQL Injection (1)
Joomla! Component 'com_spa' - SQL Injection (1)
Joomla! Component com_golfcourseguide) 0.9.6.0 (Beta) / 1 (Beta - SQL Injection
Joomla! Component com_huruhelpdesk - SQL Injection
Joomla! Component com_iproperty - SQL Injection
Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component 'com_iproperty' - SQL Injection
Joomla! Component Ozio Gallery (com_oziogallery) - SQL Injection
Joomla! Component ITArmory (com_itarmory) - SQL Injection
Joomla! Component 'com_oziogallery' - SQL Injection
Joomla! Component 'com_itarmory' - SQL Injection
Joomla! Component com_joomdle) 0.24 - SQL Injection
Joomla! Component com_youtube - SQL Injection
Joomla! Component 'com_joomdle' 0.24 - SQL Injection
Joomla! Component 'com_youtube' - SQL Injection

Joomla! Component com_Joomla-visites - Remote File Inclusion
Joomla! Component 'com_Joomla-visites' - Remote File Inclusion

Joomla! Component TTVideo 1.0 - SQL Injection
Joomla! Component 'com_ttvideo' 1.0 - SQL Injection

Joomla! Component appointinator 1.0.1 - Multiple Vulnerabilities
Joomla! Component 'com_appointinator' 1.0.1 - Multiple Vulnerabilities

Joomla! Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injections
Joomla! Component com_photomapgallery 1.6.0 - Multiple Blind SQL Injections

Joomla! Component com_beamospetition - SQL Injection
Joomla! Component 'com_beamospetition' - SQL Injection

Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download
Caedo HTTPd Server 0.5.1 ALPHA - Arbitrary File Download

Joomla! Component 1.0 'com_jdownloads' - Arbitrary File Upload
Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload

ADA IMGSVR 0.4 - Remote File Download
ADA IMGSVR 0.4 - Arbitrary File Download

Joomla! / Mambo Component com_buslicense - 'aid' Parameter SQL Injection
Joomla! / Mambo Component 'com_buslicense' - 'aid' Parameter SQL Injection

Joomla! / Mambo Component com_sermon 0.2 - 'gid' Parameter SQL Injection
Joomla! / Mambo Component 'com_sermon' 0.2 - 'gid' Parameter SQL Injection

Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_comments' 0.5.8.5g - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_iomezun - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_iomezun' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_Joomlavvz - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_most - 'secid' Parameter SQL Injection
Joomla! / Mambo Component com_asortyment - 'katid' Parameter SQL Injection
Joomla! / Mambo Component 'com_Joomlavvz' - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_most' - 'secid' Parameter SQL Injection
Joomla! / Mambo Component 'com_asortyment' - 'katid' Parameter SQL Injection
Joomla! / Mambo Component com_model - 'objid' Parameter SQL Injection
Joomla! / Mambo Component com_omnirealestate - 'objid' Parameter SQL Injection
Joomla! / Mambo Component 'com_model' - 'objid' Parameter SQL Injection
Joomla! / Mambo Component 'com_omnirealestate' - 'objid' Parameter SQL Injection
Joomla! / Mambo Component com_smslist - 'listid' Parameter SQL Injection
Joomla! / Mambo Component com_activities - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_smslist' - 'listid' Parameter SQL Injection
Joomla! / Mambo Component 'com_activities' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_lexikon - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_lexikon' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_team - SQL Injection
Joomla! / Mambo Component com_iigcatalog - 'cat' Parameter SQL Injection
Joomla! / Mambo Component com_formtool - 'catid' Parameter SQL Injection
Joomla! / Mambo Component com_genealogy - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_team' - SQL Injection
Joomla! / Mambo Component 'com_iigcatalog' - 'cat' Parameter SQL Injection
Joomla! / Mambo Component 'com_formtool' - 'catid' Parameter SQL Injection
Joomla! / Mambo Component 'com_genealogy' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_hello_world - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_hello_world' - 'id' Parameter SQL Injection
Joomla! / Mambo Component com_publication - 'pid' Parameter SQL Injection
Joomla! / Mambo Component com_blog - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_publication' - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_blog' - 'pid' Parameter SQL Injection

Joomla! / Mambo Component com_wines 1.0 - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_wines' 1.0 - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_inter - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_inter' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_guide - 'category' Parameter SQL Injection
Joomla! / Mambo Component 'com_guide' - 'category' Parameter SQL Injection

Joomla! / Mambo Component com_is 1.0.1 - Multiple SQL Injections
Joomla! / Mambo Component 'com_is' 1.0.1 - Multiple SQL Injections

Joomla! / Mambo Component com_utchat 0.2 - Multiple Remote File Inclusion
Joomla! / Mambo Component 'com_utchat' 0.2 - Multiple Remote File Inclusion

Vana CMS - 'Filename' Parameter Remote File Download
Vana CMS - 'Filename' Parameter Arbitrary File Download

Joomla! Component Rapid-Recipe - HTML Injection
Joomla! Component 'Rapid-Recipe' - HTML Injection

Joomla! Component FreiChat 1.0/2.x - Unspecified HTML Injection
Joomla! Component 'FreiChat' 1.0/2.x - Unspecified HTML Injection

REDAXO - 'subpage' Parameter Cross-Site Scripting

Redaxo CMS 5.0.0 - Multiple Vulnerabilities
Redaxo 5.0.0 - Multiple Vulnerabilities

DarkComet Server - Remote File Download Exploit (Metasploit)
DarkComet Server - Arbitrary File Download (Metasploit)
WinaXe 7.7 'FTP client' - Remote Buffer Overflow
Rapid PHP Editor 14.1 - Remote Command Execution
Memcached 1.4.33 - PoC (1)
Memcached 1.4.33 - PoC (2)
Memcached 1.4.33 - PoC (3)
SweetRice 1.5.1 - Arbitrary File Download
Axessh 4.2 - Denial Of Service
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
ETchat 3.7 - Cross-Site Request Forgery
sNews 1.7.1 - Cross-Site Request Forgery
sNews 1.7.1 - Arbitrary File Upload
PCMan FTP Server 2.0.7 - 'ACCT' Command Buffer Overflow
nodCMS - Cross-Site Request Forgery
Redaxo 5.2.0 - Cross-Site Request Forgery
2016-11-04 05:01:21 +00:00
platforms DB: 2016-11-04 2016-11-04 05:01:21 +00:00
files.csv DB: 2016-11-04 2016-11-04 05:01:21 +00:00
README.md Note about dependencies 2016-10-26 16:44:58 +01:00
searchsploit Hardcode ${gitpath} path 2016-10-26 13:13:51 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)            | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)                | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.
root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).