A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
Find a file
Offensive Security 8330920f32 DB: 2016-10-25
4 new exploits

ATutor 1.5.3.1 - (links) Blind SQL Injection
ATutor 1.5.3.1 - 'links' Blind SQL Injection

Mihalism Multi Host 2.0.7 - download.php Remote File Disclosure
Mihalism Multi Host 2.0.7 - 'download.php' Remote File Disclosure

IBM Domino Web Access Upload Module - inotes6.dll Buffer Overflow
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Buffer Overflow

WebPortal CMS 0.6.0 - (index.php m) SQL Injection
WebPortal CMS 0.6.0 - 'index.php' SQL Injection

samPHPweb - 'db.php commonpath' Remote File Inclusion
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion

samPHPweb - 'songinfo.php' SQL Injection
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection

ATutor 1.6.1-pl1 - (import.php) Remote File Inclusion
ATutor 1.6.1-pl1 - 'import.php' Remote File Inclusion

The Matt Wright Guestbook.pl 2.3.1 - Server Side Include
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

html2ps - 'include file' Server Side Include Directive Directory Traversal
html2ps - 'include file' Server-Side Include Directive Directory Traversal

ClanSphere 2011.3 - (cs_lang cookie Parameter) Local File Inclusion
ClanSphere 2011.3 - 'cs_lang' Cookie Parameter Local File Inclusion

Imatix Xitami 2.5 - Server Side Includes Cross-Site Scripting
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

Flatnux CMS 2013-01.17 - (index.php theme Parameter) Local File Inclusion
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion

Network Weathermap 0.97a - (editor.php) Persistent Cross-Site Scripting
Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting
ATutor 1.4.3 - browse.php show_course Parameter Cross-Site Scripting
ATutor 1.4.3 - contact.php subject Parameter Cross-Site Scripting
ATutor 1.4.3 - content.php cid Parameter Cross-Site Scripting
ATutor 1.4.3 - send_message.php l Parameter Cross-Site Scripting
ATutor 1.4.3 - search.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - inbox/index.php view Parameter Cross-Site Scripting
ATutor 1.4.3 - tile.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - subscribe_forum.php us Parameter Cross-Site Scripting
ATutor 1.4.3 - Directory.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'browse.php' show_course Parameter Cross-Site Scripting
ATutor 1.4.3 - 'contact.php' subject Parameter Cross-Site Scripting
ATutor 1.4.3 - 'content.php' cid Parameter Cross-Site Scripting
ATutor 1.4.3 - 'send_message.php' l Parameter Cross-Site Scripting
ATutor 1.4.3 - 'search.php' Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'inbox/index.php' view Parameter Cross-Site Scripting
ATutor 1.4.3 - 'tile.php' Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'subscribe_forum.php' us Parameter Cross-Site Scripting
ATutor 1.4.3 - 'Directory.php' Multiple Parameter Cross-Site Scripting

Cuppa CMS - 'alertConfigField.php urlConfig Parameter' Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion

Novell Zenworks Mobile Device Managment - Local File Inclusion (Metasploit)
Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)

Weathermap 0.97c - (editor.php mapname Parameter) Local File Inclusion
Weathermap 0.97c - 'mapname' Parameter Local File Inclusion

ATutor 1.5.1 - password_reminder.php SQL Injection
ATutor 1.5.1 - 'password_reminder.php' SQL Injection
ATutor 1.x - forum.inc.php Arbitrary Command Execution
ATutor 1.x - body_header.inc.php section Parameter Local File Inclusion
ATutor 1.x - print.php section Parameter Remote File Inclusion
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
ATutor 1.x - 'body_header.inc.php' section Parameter Local File Inclusion
ATutor 1.x - 'print.php' section Parameter Remote File Inclusion
ATutor 1.5.x - create_course.php Multiple Parameter Cross-Site Scripting
ATutor 1.5.x - documentation/admin/index.php Cross-Site Scripting
ATutor 1.5.x - password_reminder.php forgot Parameter Cross-Site Scripting
ATutor 1.5.x - users/browse.php cat Parameter Cross-Site Scripting
ATutor 1.5.x - 'create_course.php' Multiple Parameter Cross-Site Scripting
ATutor 1.5.x - 'documentation/admin/index.php' Cross-Site Scripting
ATutor 1.5.x - 'password_reminder.php' forgot Parameter Cross-Site Scripting
ATutor 1.5.x - 'users/browse.php' cat Parameter Cross-Site Scripting

Zimbra - Privilegie Escalation (via Local File Inclusion)
Zimbra 2009-2013 - Local File Inclusion

Zimbra Collaboration Server - Local File Inclusion (Metasploit)
Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit)

Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - (browse.php file Parameter) Local File Inclusion
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion

Cart Engine 3.0.0 - (task.php) Local File Inclusion
Cart Engine 3.0.0 - 'task.php' Local File Inclusion

Kemana Directory 1.5.6 - (run Parameter) Local File Inclusion
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion

Railo - Remote File Inclusion (Metasploit)
Railo 4.2.1 - Remote File Inclusion (Metasploit)

LittleSite 0.1 - 'file' Parameter Local File Inclusion
LittleSite 0.1 - 'index.php' Local File Inclusion

OSClass 3.4.1 - (index.php file Parameter) Local File Inclusion
OSClass 3.4.1 - 'index.php' Local File Inclusion

Magento Server MAGMI Plugin - Remote File Inclusion
Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion

Cacti Superlinks Plugin 1.4-2 - Remote Code Execution (via Local File Inclusion + SQL Injection)
Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion

Lotus Mail Encryption Server (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)

u5CMS 3.9.3 - (thumb.php) Local File Inclusion
u5CMS 3.9.3 - 'thumb.php' Local File Inclusion
openSIS - 'modname' Parameter Local File Inclusion
ATutor - 'tool_file' Parameter Local File Inclusion
openSIS 5.1 - 'ajax.php' Local File Inclusion
ATutor 2.1 - 'tool_file' Parameter Local File Inclusion

Fork CMS - 'file' Parameter Local File Inclusion
Fork CMS - 'js.php' Local File Inclusion

HP Insight Diagnostics - Local File Inclusion
HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion

phpVibe - Information Disclosure / Remote File Inclusion
phpVibe 3.1 - Information Disclosure / Remote File Inclusion

CakePHP - AssetDispatcher Class Local File Inclusion
CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion

TomatoCart - 'install/rpc.php' Local File Inclusion
TomatoCart 1.1.8.2 - 'class' Parameter Local File Inclusion

NeoBill - /install/index.php language Parameter Traversal Local File Inclusion
NeoBill 0.9-alpha - 'language' Parameter Local File Inclusion
iScripts AutoHoster - /websitebuilder/showtemplateimage.php tmpid Parameter Traversal Local File Inclusion
iScripts AutoHoster - /admin/downloadfile.php fname Parameter Traversal Local File Inclusion
iScripts AutoHoster - /support/admin/csvdownload.php id Parameter Traversal Local File Inclusion
iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion
iScripts AutoHoster - 'fname' Parameter Local File Inclusion
iScripts AutoHoster - 'id' Parameter Local File Inclusion
AFCommerce - /afcontrol/adblock.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - /afcontrol/adminpassword.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - /afcontrol/controlheader.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - 'adblock.php' Remote File Inclusion
AFCommerce - 'adminpassword.php' Remote File Inclusion
AFCommerce - 'controlheader.php' Remote File Inclusion

xBoard - 'post' Parameter Local File Inclusion
xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion

BloofoxCMS - /admin/include/inc_settings_editor.php fileurl Parameter Local File Inclusion
BloofoxCMS 0.5.0 - 'fileurl' Parameter Local File Inclusion

Rips Scanner 0.5 - (code.php) Local File Inclusion
Rips Scanner 0.5 - 'code.php' Local File Inclusion

MeiuPic - 'ctl' Parameter Local File Inclusion
MeiuPic 2.1.2 - 'ctl' Parameter Local File Inclusion

qEngine - 'run' Parameter Local File Inclusion
qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion

WordPress Plugin BookX - 'includes/bookx_export.php' Local File Inclusion
WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion
Alfresco - /proxy endpoint Parameter Server Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery
Alfresco - /proxy endpoint Parameter Server-Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery

CMSimple - Remote file Inclusion
CMSimple 4.4.4 - Remote file Inclusion

VoipSwitch - 'action' Parameter Local File Inclusion
VoipSwitch - 'user.php' Local File Inclusion

Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion
Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String
Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String

vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)
EC-CUBE 2.12.6 - Server-Side Request Forgery
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
2016-10-25 05:01:17 +00:00
platforms DB: 2016-10-25 2016-10-25 05:01:17 +00:00
files.csv DB: 2016-10-25 2016-10-25 05:01:17 +00:00
README.md Able to update via package management 2016-09-19 23:37:14 +01:00
searchsploit Fix an clipboard issue if it there wasn't $DISPLAY 2016-09-20 23:28:07 +01:00

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

=========
 Examples
=========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]    Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]    Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help               Show this help screen.
   -j, --json     [Term]    Show result in JSON format.
   -m, --mirror   [EDB-ID]  Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]    Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]  Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]    Search JUST the exploit title (Default is title AND the file's path).
   -u, --update             Check for and install any exploitdb package updates (deb or git)
   -w, --www      [Term]    Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]  Examine (aka opens) the exploit using .
       --colour             Disable colour highlighting in search results.
       --id                 Display the EDB-ID value rather than local path.

=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)            | ./windows/local/6757.txt
Microsoft Windows XP - afd.sys Local Kernel Denial of Service                    | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)                | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.
root@kali:~#