A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
4b3da08aa9
1 new exploits PHP - wddx_deserialize() String Append Crash PHP 5 - wddx_deserialize() String Append Crash PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC) PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC) Samba 3.0.27a - send_mailslot() Remote Buffer Overflow Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow PHP 5.2.6 - sleep() Local Memory Exhaust Exploit CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC) PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC) freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated Samba (client) - receive_smb_raw() Buffer Overflow (PoC) FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC) FreeSSHD 1.2.4 - Remote Buffer Overflow Denial of Service FreeSSHd 1.2.4 - Denial of Service Samba - Multiple Denial of Service Vulnerabilities Samba 3.4.7/3.5.1 - Denial of Service FreeSSHd - Crash (PoC) FreeSSHd - Denial of Service (PoC) PHP - Hashtables Denial of Service PHP 5.3.8 - Hashtables Denial of Service freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service freeSSHd 1.3.1 - Denial of Service FreeSSHd 1.3.1 - Denial of Service PHP - SplDoublyLinkedList Unserialize() Use-After-Free PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free PHP - SplObjectStorage Unserialize() Use-After-Free PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free PHP - Unserialize() Use-After-Free Vulnerabilities PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities PHP - 'ini_restore()' Memory Information Disclosure PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation Linux Kernel 3.13 - Privilege Escalation PoC (gid) Linux Kernel 3.13 - Privilege Escalation PoC (SGID) freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow freeSSHd 1.2.1 - Authenticated Remote SEH Overflow FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow FreeSSHd 1.2.1 - (rename) Remote Buffer Overflow (SEH) FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit) Samba (Solaris SPARC) - trans2open Overflow (Metasploit) Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit) Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit) Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit) Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit) Samba (OSX/PPC) - trans2open Overflow (Metasploit) Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit) Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit) Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit) Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit) PHP - CGI Argument Injection (Metasploit) PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit) PHP - apache_request_headers Function Buffer Overflow (Metasploit) PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit) Samba - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit) Samba 3.4.16/3.5.14/3.6.4 - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit) FreeSSHD 2.1.3 - Remote Authentication Bypass FreeSSHd 2.1.3 - Remote Authentication Bypass FreeSSHD - Authentication Bypass (Metasploit) FreeSSHd 1.2.6 - Authentication Bypass (Metasploit) HP LoadRunner - magentproc.exe Overflow (Metasploit) HP LoadRunner - 'magentproc.exe' Overflow (Metasploit) PHP - 'header()' HTTP Header Injection PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection VX Search Enterprise 9.0.26 - Buffer Overflow Sync Breeze Enterprise 8.9.24 - Buffer Overflow Dup Scout Enterprise 9.0.28 - Buffer Overflow Disk Sorter Enterprise 9.0.24 - Buffer Overflow Disk Savvy Enterprise 9.0.32 - Buffer Overflow VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow VX Search Enterprise 9.1.12 - Buffer Overflow Sync Breeze Enterprise 9.1.16 - Buffer Overflow Disk Sorter Enterprise 9.1.12 - Buffer Overflow Dup Scout Enterprise 9.1.14 - Buffer Overflow Disk Savvy Enterprise 9.1.14 - Buffer Overflow Disk Pulse Enterprise 9.1.16 - Buffer Overflow VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow PHP - (php-exec-dir) Patch Command Access Restriction Bypass PHP 4.3.7 - (php-exec-dir) Patch Command Access Restriction Bypass phNNTP 1.3 - (article-raw.php) Remote File Inclusion phNNTP 1.3 - 'article-raw.php' Remote File Inclusion Travelsized CMS 0.4 - (FrontPage.php) Remote File Inclusion Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion BP Blog 7.0 - (default.asp layout) SQL Injection BP Blog 7.0 - 'layout' Parameter SQL Injection Joomla! Component Artist (idgalery) - SQL Injection FlashBlog - (articulo_id) SQL Injection Joomla! Component Artist - 'idgalery' Parameter SQL Injection FlashBlog - 'articulo_id' Parameter SQL Injection AirvaeCommerce 3.0 - 'pid' SQL Injection AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection CMS from Scratch 1.1.3 - (image.php) Directory Traversal CMS from Scratch 1.1.3 - 'image.php' Directory Traversal HiveMaker Professional 1.0.2 - 'cid' SQL Injection HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection Social Site Generator - (sgc_id) SQL Injection Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection PHP Visit Counter 0.4 - (datespan) SQL Injection PassWiki 0.9.16 RC3 - (site_id) Local File Inclusion BP Blog 6.0 - 'id' Blind SQL Injection EasyWay CMS - 'index.php mid' SQL Injection Social Site Generator - (path) Remote File Inclusion Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection Joomla! Component com_biblestudy 1.5.0 - 'id' SQL Injection PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion BP Blog 6.0 - 'id' Parameter Blind SQL Injection EasyWay CMS - 'mid' Parameter SQL Injection Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection HiveMaker Directory - 'index.php cid' SQL Injection HiveMaker Directory - 'cid' Parameter SQL Injection Goople 1.8.2 - (FrontPage.php) Blind SQL Injection Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection PsychoStats 3.2.2b - (awards.php id Parameter) Blind SQL Injection PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection PsychoStats 2.x - Login Parameter Cross-Site Scripting PsychoStats 2.3 - Server.php Full Path Disclosure PsychoStats 2.3 - 'Server.php' Full Path Disclosure PsychoStats 3.0.6b - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities PHP - cgimode fpm writeprocmemfile Bypass disable function demo PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function CMSimple - /2author/index.php color Parameter Remote Code Execution CMSimple 4.4.4 - 'color' Parameter Remote Code Execution |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).