A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
33cc894818
43 new exploits Microsoft Internet Explorer 6.0/7.0 - RemoveChild Denial of Service Microsoft Internet Explorer 6.0/7.0 - 'RemoveChild' Denial of Service SGI IRIX 6.3 Systour and OutOfBox - Exploit SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Exploit Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Apple macOS < 10.12.2 / iOS < 10.2 - '_kernelrpc_mach_port_insert_right_trap' Kernel Reference Count Leak / Use-After-Free Novell eDirectory 9.0 - DHost Remote Buffer Overflow Novell eDirectory 9.0 - 'DHost' Remote Buffer Overflow Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote Exploit (Attached to GDB) Opera 9.61 - opera:historysearch Code Execution (PoC) Opera 9.61 - 'opera:historysearch' Code Execution (PoC) Home FTP Server 1.11.1.149 RETR DELE RMD - Directory Traversal Home FTP Server 1.11.1.149 - 'RETR'/'DELE'/'RMD' Directory Traversal Microsoft Windows 95/WfW - smbclient Directory Traversal Microsoft Windows 95/Windows for Workgroups - 'smbclient' Directory Traversal RSA Authentication Agent for Web 5.3 - Open Redirection RSA Authentication Agent for Web 5.3 - Open Redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection HP System Management Homepage - 'RedirectUrl' Open Redirection HP System Management Homepage - 'RedirectUrl' Open Redirection FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection FirePass 7.0 SSL VPN - 'refreshURL' Open Redirection EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow EasyFTP Server 1.7.0.11 - 'APPE' Remote Buffer Overflow MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation MyPHP Forum 3.0 - Edit Topics/Blind SQL Injection MyPHP Forum 3.0 - Edit Topics / Blind SQL Injection ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities ILIAS Lms 3.9.9/3.10.7 - Arbitrary Edition/Information Disclosure Vulnerabilities Tkai's Shoutbox - 'Query' Open Redirection Tkai's Shoutbox - 'Query' Open Redirection SAP Web Application Server 6.x/7.0 - Open Redirection SAP Web Application Server 6.x/7.0 - Open Redirection UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection UC Gateway Investment SiteEngine 5.0 - 'api.php' Open Redirection Autonomy Ultraseek - 'cs.html' Open Redirection Autonomy Ultraseek - 'cs.html' Open Redirection Joomla! Component com_user - 'view' Open Redirection Joomla! Component com_user - 'view' Open Redirection MBoard 1.3 - 'url' Open Redirection MBoard 1.3 - 'url' Open Redirection Sitecore CMS 6.4.1 - 'url' Open Redirection Sitecore CMS 6.4.1 - 'url' Open Redirection Orchard 1.3.9 - 'ReturnUrl' Open Redirection Orchard 1.3.9 - 'ReturnUrl' Open Redirection Tiki Wiki CMS Groupware - 'url' Open Redirection Tiki Wiki CMS Groupware - 'url' Open Redirection WebsitePanel - 'ReturnUrl' Open Redirection WebsitePanel - 'ReturnUrl' Open Redirection ocPortal 7.1.5 - 'redirect' Open Redirection ocPortal 7.1.5 - 'redirect' Open Redirection Silverstripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS 2.4.x - 'BackURL' Open Redirection PHP Melody 2.6.1 - SQL Injection PHPMyFAQ 2.9.8 - Cross-Site Scripting (3) phpMyFAQ 2.9.8 - Cross-Site Request Forgery WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Zomato Clone Script - 'resid' SQL Injection Website Broker Script - 'status_id' SQL Injection Vastal I-Tech Agent Zone - SQL Injection Php Inventory - Arbitrary File Upload Online Exam Test Application - 'sort' SQL Injection Nice PHP FAQ Script - 'nice_theme' SQL Injection Fake Magazine Cover Script - SQL Injection CPA Lead Reward Script - SQL Injection Basic B2B Script - SQL Injection CmsLite 1.4 - 'S' SQL Injection MyMagazine 1.0 - 'id' SQL Injection News 1.0 - SQL Injection Newspaper 1.0 - SQL Injection US Zip Codes Database - 'state' SQL Injection Shareet - 'photo' SQL Injection AROX School ERP PHP Script - 'id' SQL Injection Protected Links - SQL Injection ZeeBuddy 2x - 'groupid' SQL Injection Vastal I-Tech Dating Zone 0.9.9 - 'product_id' SQL Injection tPanel 2009 - Authentication Bypass Sokial Social Network Script 1.0 - SQL Injection SoftDatepro Dating Social Network 1.3 - SQL Injection Same Sex Dating Software Pro 1.0 - SQL Injection PHP CityPortal 2.0 - SQL Injection PG All Share Video 1.0 - SQL Injection MyBuilder Clone 1.0 - 'subcategory' SQL Injection Mailing List Manager Pro 3.0 - SQL Injection Joomla! Component Zh YandexMap 6.1.1.0 - 'placemarklistid' SQL Injection Joomla! Component NS Download Shop 2.2.6 - 'id' SQL Injection Job Board Script - 'nice_theme' SQL Injection iTech Gigs Script 1.21 - SQL Injection iStock Management System 1.0 - Arbitrary File Upload iProject Management System 1.0 - 'ID' SQL Injection Article Directory Script 3.0 - 'id' SQL Injection Adult Script Pro 2.2.4 - SQL Injection D-Park Pro 1.0 - SQL Injection Ingenious 2.3.0 - Arbitrary File Upload Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"
For more examples, see the manual: https://www.exploit-db.com/searchsploit/
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
--exclude="term" Remove values from results. By using "|" to separated you can chain multiple values.
e.g. --exclude="term1|term2|term3".
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | win_x86/local/40564.c
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | windows/local/21844.rb
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046) | windows/dos/18755.c
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86-64/local/39525.py
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | win_x86/local/39446.py
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | windows/local/18176.py
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).