bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
1267 commits 1 branch 0 tags 351 MiB
C 27.7%
Python 26.4%
Ruby 15.2%
Perl 8.3%
HTML 8.2%
Other 13.8%
Find a file
Offensive Security 6ab9a26ee4 DB: 2017-06-27 
10 new exploits

PHP Exif Extension - 'exif_read_data()' Function Remote Denial of Service
PHP 'Exif' Extension - 'exif_read_data()' Function Remote Denial of Service

PHP phar extension 1.1.1 - Heap Overflow
PHP 'phar' Extension 1.1.1 - Heap Overflow

PHP 5.2.1 GD Extension - '.WBMP' File Integer Overflow Vulnerabilities
PHP 5.2.1 'GD' Extension - '.WBMP' File Integer Overflow Vulnerabilities

PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass
PHP 5.3.1 - 'session_save_path()' 'Safe_mode()' Restriction Bypass Exploiot

PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities
PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x - 'Zip' Extension 'stream_get_contents()' Function Denial of Service
PHP 5.3.x  'Intl' Extension - 'NumberFormatter::setSymbol()' Function Denial of Service
PHP 5.3.x 'Zip' Extension - 'stream_get_contents()' Function Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_encrypt Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 OpenSSL Extension - openssl_decrypt Function Ciphertext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Function Plaintext Data Memory Leak Denial of Service
PHP < 5.3.6 'OpenSSL' Extension - 'openssl_decrypt' Function Ciphertext Data Memory Leak Denial of Service

unrar 5.40 - VMSF_DELTA Filter Arbitrary Memory Write
unrar 5.40 - 'VMSF_DELTA' Filter Arbitrary Memory Write
NTFS 3.1 - Master File Table Denial of Service
LAME 3.99.5 - 'II_step_one' Buffer Overflow
LAME 3.99.5 - 'III_dequantize_sample' Stack-Based Buffer Overflow
IBM DB2 9.7 / 10.1 / 10.5 / 11.1 - Command Line Processor Buffer Overflow

PHP COM extensions - (inconsistent Win32) Safe_mode Bypass Exploit
PHP 'COM' Extensions - (inconsistent Win32) 'safe_mode' Bypass Exploit

PHP 5.2.3 Tidy extension - Local Buffer Overflow
PHP 5.2.3 'Tidy' Extension - Local Buffer Overflow

PHP 5.2.3 - Win32std ext. Safe_mode/disable_functions Protections Bypass
PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass

PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit
PHP 5.x - (Win32service) Local 'Safe_Mode()' Bypass Exploit
PHP FFI Extension 5.0.5 - Local Safe_mode Bypass
PHP Perl Extension - Safe_mode BypassExploit
PHP 'FFI' Extension 5.0.5 - 'Safe_mode' Local  Bypass Exploit
PHP 'Perl' Extension - 'Safe_mode' Bypass Exploit

PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass
PHP 4.4.7 / 5.2.3 - MySQL/MySQLi 'Safe_Mode' Bypass Exploit

PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass
PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass

PHP 5.x - COM functions Safe_mode and disable_function Bypass
PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass

PHP 5.2.6 - (error_log) Safe_mode Bypass
PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit

PHP - Safe_mode Bypass via proc_open() and custom Environment
PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment

PHP python extension safe_mode - Bypass Local
PHP 'python' Extension - 'safe_mode' Local Bypass Exploit

PHP 3 < 5 - Ini_Restore() Safe_mode and open_basedir Restriction Bypass
PHP 3 < 5 - Ini_Restore() 'Safe_mode' / 'open_basedir' Restriction Bypass

PHP 5.2 - Session.Save_Path() Safe_mode and open_basedir Restriction Bypass
PHP 5.2 - Session.Save_Path() 'Safe_mode' / 'open_basedir' Restriction Bypass

PHP 5.2 - FOpen Safe_mode Restriction-Bypass
PHP 5.2 - FOpen 'Safe_mode' Restriction Bypass Exploit

PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' and 'open_basedir' Restriction Bypass Vulnerabilities
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities

suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass
suPHP 0.7 - 'suPHP_ConfigPath' Safe_Mode() Restriction Bypass Exploit

PHP 5.2.9 cURL - 'Safe_mode' and 'open_basedir' Restriction-Bypass
PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit

JAD Java Decompiler 1.5.8e - Buffer Overflow

Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass/RCI Exploit
Oracle Secure Backup Server 10.3.0.1.0 - Authentication Bypass / Remote Code Injection Exploit

Network Tool 0.2 PHP-Nuke Addon - MetaCharacter Filtering Command Execution
PHP-Nuke Network Tool 0.2 Addon - MetaCharacter Filtering Command Execution

PHP 4.x/5.x - Html_Entity_Decode() Information Disclosure
PHP 4.x/5.x - 'Html_Entity_Decode()' Information Disclosure

PHP 4.x - copy() Function Safe Mode Bypass
PHP 4.x - 'copy()' Function 'Safe_Mode' Bypass Exploit

PHP 5.2.5 - cURL 'safe mode' Security Bypass
PHP 5.2.5 - cURL 'safe_mode' Security Bypass Exploit

PHP 5.x (5.3.x 5.3.2) - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
PHP 5.3.x < 5.3.2 - 'ext/phar/stream.c' / 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities

Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution

Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)

Crypttech CryptoLog - Remote Code Execution (Metasploit)
Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)
Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)

Linux/x86 - Bind Shell Shellcode (75 bytes)

JiRos Banner Experience 1.0 - (Create Authentication Bypass) Remote Exploit
JiRos Banner Experience 1.0 - Create Authentication Bypass Remote Exploit

XOOPS myAds Module - (lid) SQL Injection
XOOPS myAds Module - 'lid' SQL Injection

PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit
PHP-Update 2.7 - 'extract()' Authentication Bypass / Shell Inject Exploit

Kolang - proc_open PHP safe mode Bypass 4.3.10 - 5.3.0 Exploit
Kolang 4.3.10 < 5.3.0 - 'proc_open()' PHP 'safe_mode' Bypass Exploit
SmarterMail 7.x (7.2.3925) - Persistent Cross-Site Scripting
SmarterMail 7.x (7.2.3925) - LDAP Injection
SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail < 7.2.3925 - LDAP Injection

MaticMarket 2.02 for PHP-Nuke - Local File Inclusion
PHP-Nuke MaticMarket 2.02 - Local File Inclusion

WordPress Plugin BuddyPress plugin 1.5.x < 1.5.5 - SQL Injection
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection

Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection
PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection

SonicWALL Gms 7.x - Filter Bypass & Persistent Exploit
SonicWALL Gms 7.x - Filter Bypass / Persistent Exploit

Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Exploit
Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass / Persistent Exploit

PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)
PHP < 5.6.2 - 'disable_functions()' Bypass Exploit (Shellshock)

phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection

pragmaMx 1.12.1 - modules.php URI Cross-Site Scripting
pragmaMx 1.12.1 - 'modules.php' URI Cross-Site Scripting

Glossaire Module for XOOPS - '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection

ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution
ATutor LMS - 'install_modules.php' Cross-Site Request Forgery / Remote Code Execution

vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API
vBulletin 4.x/5.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API

Eltek SmartPack - Backdoor Account
2017-06-27 05:01:26 +00:00
platforms DB: 2017-06-27 2017-06-27 05:01:26 +00:00
files.csv DB: 2017-06-27 2017-06-27 05:01:26 +00:00
README.md Add "--exclude" to remove values from results 2017-06-14 15:58:54 +01:00
searchsploit Move the ordering about (to help regex) 2017-06-26 17:52:14 +01:00

README.md

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446
  searchsploit linux kernel 3.2 --exclude="(PoC)|/dos/"

  For more examples, see the manual: https://www.exploit-db.com/searchsploit/

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                                Use "-v" (verbose) to try even more combinations
       --exclude="term"       Remove values from results. By using "|" to separated you can chain multiple values.
                                e.g. --exclude="term1|term2|term3".

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
---------------------------------------------------------------------------------------- -----------------------------------
 Exploit Title                                                                          |  Path
                                                                                        | (/usr/share/exploitdb/platforms/)
---------------------------------------------------------------------------------------- -----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                         | windows/dos/17133.c
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)                     | windows/dos/18755.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)        | windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)                   | windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)          | windows/local/21844.rb
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)  | win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)                     | win_x86/local/40564.c
---------------------------------------------------------------------------------------- -----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).