A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 26b1e8b6ad DB: 2016-12-23
10 new exploits

Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056)

Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
Microsoft Internet Explorer 11 - MSHTML CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution
macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free
macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free
macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement
macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation
Vesta Control Panel 0.9.8-16 - Local Privilege Escalation
macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free
macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

PHP iCalendar 2.21 - (publish.ical.php) Remote Code Execution
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution

CzarNews 1.14 - (tpath) Remote File Inclusion
CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion

N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion
N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion

Powies pForum 1.29a - (editpoll.php) SQL Injection
Powies pForum 1.29a - 'editpoll.php' SQL Injection

AssetMan 2.4a - (download_pdf.php) Remote File Disclosure
AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure

Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass
Orion-Blog 2.0 - Remote Authentication Bypass

Ol BookMarks Manager 0.7.4 - (root) Remote File Inclusion
Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion

AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion
AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion

WSN Links Basic Edition - (displaycat catid) SQL Injection
WSN Links Basic Edition - 'catid' Parameter SQL Injection

phpRealty 0.02 - (MGR) Multiple Remote File Inclusion
phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion
jPORTAL 2 - mailer.php SQL Injection
jPORTAL 2.3.1 - articles.php SQL Injection
jPORTAL 2 - 'mailer.php' SQL Injection
jPORTAL 2.3.1 - 'articles.php' SQL Injection

AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection
AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection

PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion

D-iscussion Board 3.01 - (topic) Local File Inclusion
D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion

PhpWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection
PhpWebGallery 1.3.4 - Blind SQL Injection
pForum 1.30 - (showprofil.php id) SQL Injection
WebPortal CMS 0.7.4 - (download.php aid) SQL Injection
iBoutique 4.0 - (cat) SQL Injection
SkaLinks 1.5 - (register.php) Arbitrary Add Editor
vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection
pForum 1.30 - 'showprofil.php' SQL Injection
WebPortal CMS 0.7.4 - 'download.php' SQL Injection
iBoutique 4.0 - 'cat' Parameter SQL Injection
SkaLinks 1.5 - 'register.php' Arbitrary Add Editor
vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection

pLink 2.07 - (linkto.php id) Blind SQL Injection
pLink 2.07 - 'linkto.php' Blind SQL Injection

FoT Video scripti 1.1b - (oyun) SQL Injection
FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection

Pre Real Estate Listings - 'search.php c' SQL Injection
Pre Real Estate Listings - 'search.php' SQL Injection

iScripts EasyIndex - (produid) SQL Injection
iScripts EasyIndex - 'produid' Parameter SQL Injection
Hotel Reservation System - 'city.asp city' Blind SQL Injection
phpRealty 0.3 - (INC) Remote File Inclusion
PHP Crawler 0.8 - (footer) Remote File Inclusion
Technote 7 - (shop_this_skin_path) Remote File Inclusion
Hotel Reservation System - 'city.asp' Blind SQL Injection
phpRealty 0.3 - 'INC' Parameter Remote File Inclusion
PHP Crawler 0.8 - Remote File Inclusion
Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion
E-PHP CMS - 'article.php es_id' SQL Injection
addalink 4 - 'category_id' SQL Injection
ProArcadeScript 1.3 - (random) SQL Injection
CYASK 3.x - (collect.php neturl) Local File Disclosure
Diesel Joke Site - 'picture_category.php id' SQL Injection
ProActive CMS - 'template' Local File Inclusion
E-PHP CMS - 'article.php' SQL Injection
addalink 4 - 'category_id' Parameter SQL Injection
ProArcadeScript 1.3 - 'random' Parameter SQL Injection
CYASK 3.x - 'neturl' Parameter Local File Disclosure
Diesel Joke Site - 'picture_category.php' SQL Injection
ProActive CMS - 'template' Parameter Local File Inclusion
Diesel Pay Script - (area) SQL Injection
Plaincart 1.1.2 - (p) SQL Injection
Oceandir 2.9 - (show_vote.php id) SQL Injection
jPORTAL 2 - 'humor.php id' SQL Injection
Diesel Pay Script - 'area' Parameter SQL Injection
Plaincart 1.1.2 - 'p' Parameter SQL Injection
Oceandir 2.9 - 'show_vote.php' SQL Injection
jPORTAL 2 - 'humor.php' SQL Injection

Diesel Job Site - (job_id) Blind SQL Injection
Diesel Job Site - 'job_id' Parameter Blind SQL Injection

e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection
e107 Plugin Image Gallery 0.9.6.2 - SQL Injection

WSN Links 2.22/2.23 - (vote.php) SQL Injection
WSN Links 2.22/2.23 - 'vote.php' SQL Injection
BuzzyWall 1.3.1 - (search.php search) SQL Injection
WCMS 1.0b - (news_detail.asp id) SQL Injection
BuzzyWall 1.3.1 - 'search' Parameter SQL Injection
WCMS 1.0b - 'news_detail.asp' SQL Injection

OpenElec 3.01 - (form.php obj) Local File Inclusion
OpenElec 3.01 - 'obj' Parameter Local File Inclusion
basebuilder 2.0.1 - (main.inc.php) Remote File Inclusion
Fez 1.3/2.0 RC1 - (list.php) SQL Injection
basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion
Fez 1.3/2.0 RC1 - 'list.php' SQL Injection
OpenRat 0.8-beta4 - (tpl_dir) Remote File Inclusion
Sofi WebGui 0.6.3 PRE - (mod_dir) Remote File Inclusion
OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion
Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion

JETIK-WEB Software - 'sayfa.php kat' SQL Injection
JETIK-WEB Software - 'kat' Parameter SQL Injection
WebPortal CMS 0.7.4 - (code) Remote Code Execution
HotScripts Clone - 'cid' SQL Injection
WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution
HotScripts Clone - 'cid' Parameter SQL Injection
emergecolab 1.0 - (sitecode) Local File Inclusion
mailwatch 1.0.4 - (docs.php doc) Local File Inclusion
PHPcounter 1.3.2 - (defs.php l) Local File Inclusion
emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion
mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion
PHPcounter 1.3.2 - 'defs.php' Local File Inclusion

webcp 0.5.7 - (filelocation) Remote File Disclosure
webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure
LanSuite 3.3.2 - (design) Local File Inclusion
PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion
Vikingboard 0.2 Beta - (task) Local File Inclusion
LanSuite 3.3.2 - 'design' Parameter Local File Inclusion
PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion
Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion

barcodegen 2.0.0 - (class_dir) Remote File Inclusion
barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion

PHPcounter 1.3.2 - (index.php name) SQL Injection
PHPcounter 1.3.2 - 'index.php' SQL Injection

PhpWebGallery 1.7.2 - Session Hijacking / Code Execution
PHPWebGallery 1.7.2 - Session Hijacking / Code Execution

BuzzyWall 1.3.1 - (download id) Remote File Disclosure
BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure

Pre Real Estate Listings - (Authentication Bypass) SQL Injection
Pre Real Estate Listings - Authentication Bypass

Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection
Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection

SkaLinks 1.5 - (Authentication Bypass) SQL Injection
SkaLinks 1.5 - Authentication Bypass

diesel job site 1.4 - Multiple Vulnerabilities
Diesel Job Site 1.4 - Multiple Vulnerabilities

ProArcadeScript to Game - (game) SQL Injection
ProArcadeScript to Game - SQL Injection

Link Bid Script - 'links.php id' SQL Injection
Link Bid Script - 'links.php' SQL Injection

NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection
iBoutique 4.0 - 'key' Parameter SQL Injection

PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion
PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion

JPortal 2.2.1 - print.php SQL Injection
jPORTAL 2.2.1 - 'print.php' SQL Injection

CzarNews 1.13/1.14 - headlines.php Remote File Inclusion
CzarNews 1.13/1.14 - 'headlines.php' Remote File Inclusion

JPortal 2.3.1 - Banner.php SQL Injection
jPORTAL 2.3.1 - 'Banner.php' SQL Injection

CJ Ultra Plus 1.0.3/1.0.4 - OUT.php SQL Injection
CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection

JPortal 2.2.1/2.3.1 - download.php SQL Injection
jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - comment.php id Parameter SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - news.php id Parameter SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection

PHPWCMS 1.2.5 -DEV - random_image.php imgdir Parameter Traversal Arbitrary File Access
PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access

JPortal 2.2.1/2.3 Forum - forum.php SQL Injection
jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection

Diesel Joke Site - Category.php SQL Injection
Diesel Joke Site - 'Category.php' SQL Injection
TinyPHPForum 3.6 - error.php Information Disclosure
TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass
TinyPHPForum 3.6 - 'error.php' Information Disclosure
TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass
Vikingboard Viking board 0.1b - help.php act Parameter Cross-Site Scripting
Vikingboard Viking board 0.1b - report.php p Parameter Cross-Site Scripting
Vikingboard 0.1 - topic.php SQL Injection
Vikingboard 0.1b - 'help.php' Cross-Site Scripting
Vikingboard 0.1b - 'report.php' Cross-Site Scripting
Vikingboard 0.1 - 'topic.php' SQL Injection
PHP iCalendar 1.1/2.x - day.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - month.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - year.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - week.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - search.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - rss/index.php getdate Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - print.php getdate Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting
Vikingboard Viking board 0.1.2 - cp.php Multiple Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - user.php u Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - post.php Multiple Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - topic.php s Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - forum.php debug Variable Information Disclosure
Vikingboard Viking board 0.1.2 - cp.php debug Variable Information Disclosure
Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'topic.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'forum.php' Information Disclosure
Vikingboard 0.1.2 - 'cp.php' Information Disclosure
PaysiteReviewCMS 1.1 - search.php q Parameter Cross-Site Scripting
PaysiteReviewCMS - image.php image Parameter Cross-Site Scripting
PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting
PaysiteReviewCMS - 'image.php' Cross-Site Scripting

BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
2016-12-23 05:01:18 +00:00
platforms DB: 2016-12-23 2016-12-23 05:01:18 +00:00
files.csv DB: 2016-12-23 2016-12-23 05:01:18 +00:00
README.md Merge pull request #65 from g0tmi1k/searchsploit 2016-12-08 20:36:52 +00:00
searchsploit Fix for #67 - Show result when their’s only 1 for nmap’s XML mode 2016-12-20 14:30:14 +00:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)   | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)              | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).