![]() 10 new exploits Microsoft Internet Explorer 11 - MSHTML CPasteCommand::ConvertBitmaptoPng Heap-Based Buffer Overflow (MS14-056) Microsoft Internet Explorer 11 MSHTML - CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) Microsoft Internet Explorer 11 - MSHTML CSpliceTreeEngine::RemoveSplice Use-After-Free (MS14-035) macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation Vesta Control Panel 0.9.8-16 - Local Privilege Escalation macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation PHP iCalendar 2.21 - (publish.ical.php) Remote Code Execution PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution CzarNews 1.14 - (tpath) Remote File Inclusion CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion Powies pForum 1.29a - (editpoll.php) SQL Injection Powies pForum 1.29a - 'editpoll.php' SQL Injection AssetMan 2.4a - (download_pdf.php) Remote File Disclosure AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass Orion-Blog 2.0 - Remote Authentication Bypass Ol BookMarks Manager 0.7.4 - (root) Remote File Inclusion Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion WSN Links Basic Edition - (displaycat catid) SQL Injection WSN Links Basic Edition - 'catid' Parameter SQL Injection phpRealty 0.02 - (MGR) Multiple Remote File Inclusion phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion jPORTAL 2 - mailer.php SQL Injection jPORTAL 2.3.1 - articles.php SQL Injection jPORTAL 2 - 'mailer.php' SQL Injection jPORTAL 2.3.1 - 'articles.php' SQL Injection AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion D-iscussion Board 3.01 - (topic) Local File Inclusion D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion PhpWebGallery 1.3.4 - Blind SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection PhpWebGallery 1.3.4 - Blind SQL Injection pForum 1.30 - (showprofil.php id) SQL Injection WebPortal CMS 0.7.4 - (download.php aid) SQL Injection iBoutique 4.0 - (cat) SQL Injection SkaLinks 1.5 - (register.php) Arbitrary Add Editor vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection PHPWebGallery 1.3.4 - Blind SQL Injection pForum 1.30 - 'showprofil.php' SQL Injection WebPortal CMS 0.7.4 - 'download.php' SQL Injection iBoutique 4.0 - 'cat' Parameter SQL Injection SkaLinks 1.5 - 'register.php' Arbitrary Add Editor vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection pLink 2.07 - (linkto.php id) Blind SQL Injection pLink 2.07 - 'linkto.php' Blind SQL Injection FoT Video scripti 1.1b - (oyun) SQL Injection FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection Pre Real Estate Listings - 'search.php c' SQL Injection Pre Real Estate Listings - 'search.php' SQL Injection iScripts EasyIndex - (produid) SQL Injection iScripts EasyIndex - 'produid' Parameter SQL Injection Hotel Reservation System - 'city.asp city' Blind SQL Injection phpRealty 0.3 - (INC) Remote File Inclusion PHP Crawler 0.8 - (footer) Remote File Inclusion Technote 7 - (shop_this_skin_path) Remote File Inclusion Hotel Reservation System - 'city.asp' Blind SQL Injection phpRealty 0.3 - 'INC' Parameter Remote File Inclusion PHP Crawler 0.8 - Remote File Inclusion Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion E-PHP CMS - 'article.php es_id' SQL Injection addalink 4 - 'category_id' SQL Injection ProArcadeScript 1.3 - (random) SQL Injection CYASK 3.x - (collect.php neturl) Local File Disclosure Diesel Joke Site - 'picture_category.php id' SQL Injection ProActive CMS - 'template' Local File Inclusion E-PHP CMS - 'article.php' SQL Injection addalink 4 - 'category_id' Parameter SQL Injection ProArcadeScript 1.3 - 'random' Parameter SQL Injection CYASK 3.x - 'neturl' Parameter Local File Disclosure Diesel Joke Site - 'picture_category.php' SQL Injection ProActive CMS - 'template' Parameter Local File Inclusion Diesel Pay Script - (area) SQL Injection Plaincart 1.1.2 - (p) SQL Injection Oceandir 2.9 - (show_vote.php id) SQL Injection jPORTAL 2 - 'humor.php id' SQL Injection Diesel Pay Script - 'area' Parameter SQL Injection Plaincart 1.1.2 - 'p' Parameter SQL Injection Oceandir 2.9 - 'show_vote.php' SQL Injection jPORTAL 2 - 'humor.php' SQL Injection Diesel Job Site - (job_id) Blind SQL Injection Diesel Job Site - 'job_id' Parameter Blind SQL Injection e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection e107 Plugin Image Gallery 0.9.6.2 - SQL Injection WSN Links 2.22/2.23 - (vote.php) SQL Injection WSN Links 2.22/2.23 - 'vote.php' SQL Injection BuzzyWall 1.3.1 - (search.php search) SQL Injection WCMS 1.0b - (news_detail.asp id) SQL Injection BuzzyWall 1.3.1 - 'search' Parameter SQL Injection WCMS 1.0b - 'news_detail.asp' SQL Injection OpenElec 3.01 - (form.php obj) Local File Inclusion OpenElec 3.01 - 'obj' Parameter Local File Inclusion basebuilder 2.0.1 - (main.inc.php) Remote File Inclusion Fez 1.3/2.0 RC1 - (list.php) SQL Injection basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion Fez 1.3/2.0 RC1 - 'list.php' SQL Injection OpenRat 0.8-beta4 - (tpl_dir) Remote File Inclusion Sofi WebGui 0.6.3 PRE - (mod_dir) Remote File Inclusion OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion JETIK-WEB Software - 'sayfa.php kat' SQL Injection JETIK-WEB Software - 'kat' Parameter SQL Injection WebPortal CMS 0.7.4 - (code) Remote Code Execution HotScripts Clone - 'cid' SQL Injection WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution HotScripts Clone - 'cid' Parameter SQL Injection emergecolab 1.0 - (sitecode) Local File Inclusion mailwatch 1.0.4 - (docs.php doc) Local File Inclusion PHPcounter 1.3.2 - (defs.php l) Local File Inclusion emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion PHPcounter 1.3.2 - 'defs.php' Local File Inclusion webcp 0.5.7 - (filelocation) Remote File Disclosure webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure LanSuite 3.3.2 - (design) Local File Inclusion PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion Vikingboard 0.2 Beta - (task) Local File Inclusion LanSuite 3.3.2 - 'design' Parameter Local File Inclusion PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion barcodegen 2.0.0 - (class_dir) Remote File Inclusion barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion PHPcounter 1.3.2 - (index.php name) SQL Injection PHPcounter 1.3.2 - 'index.php' SQL Injection PhpWebGallery 1.7.2 - Session Hijacking / Code Execution PHPWebGallery 1.7.2 - Session Hijacking / Code Execution BuzzyWall 1.3.1 - (download id) Remote File Disclosure BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure Pre Real Estate Listings - (Authentication Bypass) SQL Injection Pre Real Estate Listings - Authentication Bypass Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection SkaLinks 1.5 - (Authentication Bypass) SQL Injection SkaLinks 1.5 - Authentication Bypass diesel job site 1.4 - Multiple Vulnerabilities Diesel Job Site 1.4 - Multiple Vulnerabilities ProArcadeScript to Game - (game) SQL Injection ProArcadeScript to Game - SQL Injection Link Bid Script - 'links.php id' SQL Injection Link Bid Script - 'links.php' SQL Injection NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection iBoutique 4.0 - 'key' Parameter SQL Injection PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion JPortal 2.2.1 - print.php SQL Injection jPORTAL 2.2.1 - 'print.php' SQL Injection CzarNews 1.13/1.14 - headlines.php Remote File Inclusion CzarNews 1.13/1.14 - 'headlines.php' Remote File Inclusion JPortal 2.3.1 - Banner.php SQL Injection jPORTAL 2.3.1 - 'Banner.php' SQL Injection CJ Ultra Plus 1.0.3/1.0.4 - OUT.php SQL Injection CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection JPortal 2.2.1/2.3.1 - download.php SQL Injection jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection JPortal Web Portal 2.2.1/2.3.1 - comment.php id Parameter SQL Injection JPortal Web Portal 2.2.1/2.3.1 - news.php id Parameter SQL Injection JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection PHPWCMS 1.2.5 -DEV - random_image.php imgdir Parameter Traversal Arbitrary File Access PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access JPortal 2.2.1/2.3 Forum - forum.php SQL Injection jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection Diesel Joke Site - Category.php SQL Injection Diesel Joke Site - 'Category.php' SQL Injection TinyPHPForum 3.6 - error.php Information Disclosure TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass TinyPHPForum 3.6 - 'error.php' Information Disclosure TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass Vikingboard Viking board 0.1b - help.php act Parameter Cross-Site Scripting Vikingboard Viking board 0.1b - report.php p Parameter Cross-Site Scripting Vikingboard 0.1 - topic.php SQL Injection Vikingboard 0.1b - 'help.php' Cross-Site Scripting Vikingboard 0.1b - 'report.php' Cross-Site Scripting Vikingboard 0.1 - 'topic.php' SQL Injection PHP iCalendar 1.1/2.x - day.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - month.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - year.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - week.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - search.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - rss/index.php getdate Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - print.php getdate Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting Vikingboard Viking board 0.1.2 - cp.php Multiple Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - user.php u Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - post.php Multiple Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - topic.php s Parameter Cross-Site Scripting Vikingboard Viking board 0.1.2 - forum.php debug Variable Information Disclosure Vikingboard Viking board 0.1.2 - cp.php debug Variable Information Disclosure Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting Vikingboard 0.1.2 - 'topic.php' Cross-Site Scripting Vikingboard 0.1.2 - 'forum.php' Information Disclosure Vikingboard 0.1.2 - 'cp.php' Information Disclosure PaysiteReviewCMS 1.1 - search.php q Parameter Cross-Site Scripting PaysiteReviewCMS - image.php image Parameter Cross-Site Scripting PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting PaysiteReviewCMS - 'image.php' Cross-Site Scripting BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).