A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
6a202bbb97
4 new exploits Serv-U FTP Server < 5.2 - Remote Denial of Service RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service FTPShell Server 6.36 - '.csv' Local Denial of Service Serv-U FTP Server 3.x < 5.x - Privilege Escalation RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal IndexScript 2.8 - (show_cat.php cat_id) SQL Injection IndexScript 2.8 - 'cat_id' Parameter SQL Injection GForge < 4.6b2 - (skill_delete) SQL Injection GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection torrenttrader classic 1.07 - Multiple Vulnerabilities TorrentTrader Classic 1.07 - Multiple Vulnerabilities Camera Life 2.6.2 - 'id' SQL Injection Camera Life 2.6.2 - 'id' Parameter SQL Injection Full PHP Emlak Script - 'arsaprint.php id' SQL Injection Full PHP Emlak Script - 'arsaprint.php' SQL Injection CCMS 3.1 - (skin) Multiple Local File Inclusion CCMS 3.1 - 'skin' Parameter Local File Inclusion JMweb - Multiple (src) Local File Inclusion JMweb - 'src' Parameter Local File Inclusion geccBBlite 2.0 - (leggi.php id) SQL Injection geccBBlite 2.0 - 'id' Parameter SQL Injection PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection PHP-Fusion Mod recept - (kat_id) SQL Injection PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection Yerba SACphp 6.3 - (mod) Local File Inclusion Yerba SACphp 6.3 - Local File Inclusion Joomla! Component com_hotspots - (w) SQL Injection Joomla! Component com_hotspots - SQL Injection PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection PHP Autos 2.9.1 - 'catid' Parameter SQL Injection Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection AdMan 1.1.20070907 - 'campaignId' SQL Injection AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection Gforge 4.5.19 - Multiple SQL Injections Gforge 4.6 rc1 - (skill_edit) SQL Injection GForge 4.5.19 - Multiple SQL Injections Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting IranMC Arad Center - 'news.php id' SQL Injection IranMC Arad Center - SQL Injection Ayco Okul Portali - (linkid) SQL Injection (tr) Ayco Okul Portali - 'linkid' Parameter SQL Injection Easynet4u faq Host - 'faq.php faq' SQL Injection Easynet4u faq Host - 'faq.php' SQL Injection MunzurSoft Wep Portal W3 - (kat) SQL Injection Easynet4u Link Host - 'cat_id' SQL Injection SlimCMS 1.0.0 - (redirect.php) Privilege Escalation Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection Easynet4u Link Host - 'cat_id' Parameter SQL Injection SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection Real Estate Scripts 2008 - 'index.php cat' SQL Injection Real Estate Scripts 2008 - 'cat' Parameter SQL Injection ParsBlogger - 'links.asp id' SQL Injection IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection ParsBlogger - 'links.asp' SQL Injection IndexScript 3.0 - 'parent_id' Parameter SQL Injection XOOPS Module xhresim - 'index.php no' SQL Injection XOOPS Module xhresim - SQL Injection SezHoo 0.1 - (IP) Remote File Inclusion SezHoo 0.1 - Remote File Inclusion torrenttrader classic 1.09 - Multiple Vulnerabilities TorrentTrader Classic 1.09 - Multiple Vulnerabilities AdaptCMS Lite 1.5 2009-07-07 - Exploit AdaptCMS Lite 1.5 - Arbitrary Add Admin Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting Joomla! Component Blog Calendar - SQL Injection PHPMailer 5.2.17 - Remote Code Execution |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).