A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 62dddb2f49 DB: 2016-12-20
9 new exploits

Apache 2.2 - (Windows) Local Denial of Service
Apache 2.2 (Windows) - Local Denial of Service

Apache 1.3.x + Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service
Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition
Apache 2.4.7 (mod_status) - Scoreboard Handling Race Condition

Google Chrome < 31.0.1650.48 - HTTP 1xx base::String­Tokenizer­T<...>::Quick­Get­Next Out-of-Bounds Read

Apache 1.3.31 mod_include - Local Buffer Overflow
Apache 1.3.31 (mod_include) - Local Buffer Overflow

Gopher 3.0.9 - (+VIEWS) Remote Client Side Buffer Overflow
Gopher 3.0.9 - (+VIEWS) Remote Client-Side Buffer Overflow

Apache 'Mod_Auth_OpenID' - Session Stealing
Apache (Mod_Auth_OpenID) - Session Stealing
Apache 2.0.4x mod_php Module - File Descriptor Leakage (1)
Apache 2.0.4x mod_php Module - File Descriptor Leakage (2)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)

Apache 2.0.4x mod_perl Module - File Descriptor Leakage (3)
Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)

Apache 1.3.x mod_include - Local Buffer Overflow
Apache 1.3.x (mod_include) - Local Buffer Overflow

Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution
Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock)
Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download

Apache 1.3.x mod_mylo - Remote Code Execution
Apache 1.3.x (mod_mylo) - Remote Code Execution

Apache 1.3.x < 2.0.48 - mod_userdir Remote Users Disclosure
Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure

Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (2)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray

Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting
Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting

Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit
Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit

Apache (Windows x86) - (Windows x86) Chunked Encoding (Metasploit)
Apache (Windows x86) - Chunked Encoding (Metasploit)

Apache mod_proxy - Reverse Proxy Exposure (PoC)
Apache (mod_proxy) - Reverse Proxy Exposure (PoC)

Apache 1.3.20 - Win32 PHP.exe Remote File Disclosure
Apache 1.3.20 (Win32) - 'PHP.exe' Remote File Disclosure

Apache mod_ssl (< 2.8.7) OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)

Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit)
Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)

Apache 2.2.6 - 'mod_negotiation' HTML Injection and HTTP Response Splitting
Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting

Apache 7.0.x 'mod_proxy'- Reverse Proxy Security Bypass
Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass

Apache 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass
Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass

Apache 'mod_wsgi' Module - Information Disclosure
Apache (mod_wsgi) - Information Disclosure

Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection
Joomla! Component JP Jobs 1.4.1 - SQL Injection

Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion
Joomla! Component Picasa 2.0 - Local File Inclusion

Joomla! Component 'com_jinventory' - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion

Joomla! Component 'com_loginbox' - Local File Inclusion
Joomla! Component LoginBox - Local File Inclusion

Joomla! Component 'com_Joomlaupdater' - Local File Inclusion
Joomla! Component Magic Updater - Local File Inclusion
Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion
Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection
Joomla! Component News Portal 1.5.x - Local File Inclusion
Joomla! Component Freestyle FAQ Lite 1.3 - 'faqid' Parameter SQL Injection
Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion
Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion
Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion
Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion
Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion
Joomla! Component 'com_datafeeds' 880 - Local File Inclusion
Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
Joomla! Component Juke Box 1.7 - Local File Inclusion
Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Highslide 1.5 - Local File Inclusion
Joomla! Component Fabrik 2.0 - Local File Inclusion
Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion
Joomla! Component 'com_javoice' - Local File Inclusion
Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
Joomla! Component JA Voice 2.0 - Local File Inclusion
Joomla! Component 'com_jfeedback' - Local File Inclusion
Joomla! Component 'com_jprojectmanager' - Local File Inclusion
Joomla! Component Jfeedback 1.2 - Local File Inclusion
Joomla! Component JProject Manager 1.0 - Local File Inclusion

Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection
Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection

Joomla! Component 'com_horoscope' - Local File Inclusion
Joomla! Component Horoscope 1.5.0 - Local File Inclusion

Joomla! Component 'com_market' - Local File Inclusion
Joomla! Component Online Market 2.x - Local File Inclusion
Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection
Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection
Joomla! Component Jvehicles 1.0/2.0 - 'aid' Parameter SQL Injection
Joomla! Component JP Jobs 1.2.0 - 'id' Parameter SQL Injection
Joomla! Component 'com_mtfireeagle' - Local File Inclusion
Joomla! Component 'com_mediamall' - Blind SQL Injection
Joomla! Component 'com_lovefactory' - Local File Inclusion
Joomla! Component 'com_jacomment' - Local File Inclusion
Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
Joomla! Component Love Factory 1.3.4 - Local File Inclusion
Joomla! Component JA Comment - Local File Inclusion

Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_joltcard' - SQL Injection
Joomla! Component JoltCard 1.2.1 - SQL Injection
Joomla! Component 'com_gadgetfactory' - Local File Inclusion
Joomla! Component 'com_matamko' - Local File Inclusion
Joomla! Component 'com_multiroot' - Local File Inclusion
Joomla! Component 'com_multimap' - Local File Inclusion
Joomla! Component 'com_drawroot' - Local File Inclusion
Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
Joomla! Component Matamko 1.01 - Local File Inclusion
Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion

Joomla! Component 'com_if_surfalert' - Local File Inclusion
Joomla! Component iF surfALERT 1.2 - Local File Inclusion

Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection
Joomla! Component GBU Facebook 1.0.5 - SQL Injection
Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection
Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection
Joomla! Component Online News Paper Manager 1.0 - 'cid' Parameter SQL Injection
Joomla! Component JTM Reseller 1.9 Beta - SQL Injection

Joomla! Component 'com_mmsblog' - Local File Inclusion
Joomla! Component MMS Blog 2.3.0 - Local File Inclusion

Joomla! Component 'com_noticeboard' - Local File Inclusion
Joomla! Component NoticeBoard 1.3 - Local File Inclusion

Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion
Joomla! Component Graphics 1.0.6 - Local File Inclusion

Joomla! Component 'com_newsfeeds' - SQL Injection
Joomla! Component Newsfeeds - SQL Injection

Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection
Joomla! Component Komento 1.0.0 - 'sid' Parameter SQL Injection

Joomla! Component 'com_dioneformwizard' - Local File Inclusion
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

Joomla! Component 'com_jejob' 1.0 - Local File Inclusion
Joomla! Component JE Job 1.0 - Local File Inclusion

Joomla! Component 'com_jequoteform' - Local File Inclusion
Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion

Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion
Joomla! Component MS Comment 0.8.0b - Local File Inclusion

Apache Axis2 Administration console - Authenticated Cross-Site Scripting
Apache Axis2 Administration Console - Authenticated Cross-Site Scripting

Joomla! Component 'com_mycar' - Multiple Vulnerabilities
Joomla! Component My Car 1.0 - Multiple Vulnerabilities

Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection
Joomla! Component JE Job 1.0 - 'catid' Parameter SQL Injection

Joomla! Component 'com_jsjobs' - SQL Injection
Joomla! Component JS Jobs 1.0.5.8 - SQL Injection

Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities
Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities

Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection
Joomla! Component Gamesbox 1.0.2 - 'id' Parameter SQL Injection

Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection
Joomla! Component eventCal 1.6.4 - Blind SQL Injection

Joomla! Component 'com_ninjamonials' - Blind SQL Injection
Joomla! Component NinjaMonials - Blind SQL Injection

Joomla! Component 'com_neorecruit' - 'Itemid' Parameter Blind SQL Injection
Joomla! Component NeoRecruit 1.6.4 - 'Itemid' Parameter Blind SQL Injection
Joomla! Component 'com_golfcourseguide' 0.9.6.0 - SQL Injection
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component Golf Course Guide 0.9.6.0 - SQL Injection
Joomla! Component Huru Helpdesk - SQL Injection

Joomla! Component 'com_joomdle' 0.24 - SQL Injection
Joomla! Component Joomdle 0.24 - SQL Injection

Joomla! Component 'com_Joomla-visites' - Remote File Inclusion
Joomla! Component Visites 1.1 RC2 - Remote File Inclusion

Joomla! Component 'com_jefaqpro' - Multiple Blind SQL Injection
Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injection

Joomla! Component 'com_magazine' 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion

Joomla! Component 'com_gantry' 3.0.10 - Blind SQL Injection
Joomla! Component Gantry 3.0.10 - Blind SQL Injection

Joomla! Component 'com_jphone' - Local File Inclusion
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion

Joomla! Component 'com_jgen' - SQL Injection
Joomla! Component JGen 0.9.33 - SQL Injection

Joomla! Component 'com_ezautos' - SQL Injection
Joomla! Component Joostina - SQL Injection

Joomla! Component 'com_jeguestbook' 1.0 - Multiple Vulnerabilities
Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities

Joomla! Component 'com_jedirectory' - SQL Injection
Joomla! Component JE Directory 1.0 - SQL Injection

Joomla! Component 'com_jscalendar' 1.5.1 - Multiple Vulnerabilities
Joomla! Component JS Calendar 1.5.1 - Multiple Vulnerabilities

Joomla! Component 'com_jeajaxeventcalendar' - SQL Injection
Joomla! Component JE Ajax Event Calendar - SQL Injection

Joomla! Component 'com_flipwall' - SQL Injection
Joomla! Component Pulse Infotech Flip Wall - SQL Injection

Joomla! Component 'com_jquarks4s' 1.0.0 - Blind SQL Injection
Joomla! Component JQuarks4s 1.0.0 - Blind SQL Injection
Joomla! Component 'com_jsupport' - Cross-Site Scripting
Joomla! Component 'com_jsupport' - SQL Injection
Joomla! Component JSupport 1.5.6 - Cross-Site Scripting
Joomla! Component JSupport 1.5.6 - SQL Injection

Joomla! Component 'com_jimtawl' - Local File Inclusion
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion

phpMyAdmin - Client Side Code Injection / Redirect Link Falsification
phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification

Joomla! Component 'com_jeauto' 1.0 - SQL Injection
Joomla! Component JE Auto 1.0 - SQL Injection

Joomla! Component 'com_jradio' - Local File Inclusion
Joomla! Component JRadio - Local File Inclusion

Joomla! Component 'com_jotloader' 2.2.1 - Local File Inclusion
Joomla! Component JotLoader 2.2.1 - Local File Inclusion

Joomla! Component 'com_hmcommunity' - Multiple Vulnerabilities
Joomla! Component HM Community - Multiple Vulnerabilities

Joomla! Component 'com_estateagent' - SQL Injection
Joomla! Component Estate Agent - SQL Injection

EPortfolio 1.0 - Client Side Input Validation
EPortfolio 1.0 - Client-Side Input Validation

ActiveWeb Contentserver 5.6.2929 CMS - Client Side Filtering Bypass
ActiveWeb Contentserver 5.6.2929 CMS - Client-Side Filtering Bypass
Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection
Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component JV Comment 3.0.2 - 'id' Parameter SQL Injection

Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting
Joomla! Component JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting

Joomla! Component 'com_clubmanager' - 'cm_id' Parameter SQL Injection
Joomla! Component Club Manager - 'cm_id' Parameter SQL Injection

Joomla! Component 'com_jstore' - 'Controller' Parameter Local File Inclusion
Joomla! Component Jstore - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection
Joomla! Component ECommerce-WD 1.2.5 - SQL Injection

Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection
Joomla! Component Contact Form Maker 1.0.1 - SQL Injection

Joomla! Component 'com_kp' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_kp - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities
Joomla! Component Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities
Wordpress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
Wordpress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection
ntop-ng 2.5.160805 - Username  Enumeration
2016-12-20 05:01:16 +00:00
platforms DB: 2016-12-20 2016-12-20 05:01:16 +00:00
files.csv DB: 2016-12-20 2016-12-20 05:01:16 +00:00
README.md Merge pull request #65 from g0tmi1k/searchsploit 2016-12-08 20:36:52 +00:00
searchsploit Fix for #64 2016-12-08 20:35:54 +00:00
update-exploits.txt DB: 2016-12-17 2016-12-17 08:08:43 +00:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)   | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)              | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).