A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
9cad083b49
5 new exploits uTorrent 1.8.3 (Build 15772) - Create New Torrent Buffer Overflow (PoC) uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) F5 BIG-IP - Authentication Bypass (1) F5 BIG-IP - Authentication Bypass (PoC) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2) Microsoft Internet Explorer 9 MSHTML - CElement::HasFlag Memory Corruption uTorrent - DLL Hijacking uTorrent 2.0.3 - DLL Hijacking F5 BIG-IP - Authentication Bypass (2) F5 BIG-IP - Authentication Bypass SePortal - SQL Injection / Remote Code Execution (Metasploit) SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit) MyPHP CMS 0.3 - (domain) Remote File Inclusion MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion RSS-aggregator - 'display.php path' Remote File Inclusion RSS-aggregator - 'path' Parameter Remote File Inclusion HoMaP-CMS 0.1 - (plugin_admin.php) Remote File Inclusion HomePH Design 2.10 RC2 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmreams CMS 1.3.1.1 beta2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting HoMaP-CMS 0.1 - (index.php go) SQL Injection HoMaP-CMS 0.1 - 'go' Parameter SQL Injection Ready2Edit - 'pages.php menuid' SQL Injection ResearchGuide 0.5 - (guide.php id) SQL Injection MVC-Web CMS 1.0/1.2 - (index.asp newsid) SQL Injection Ready2Edit - 'menuid' Parameter SQL Injection ResearchGuide 0.5 - 'id' Parameter SQL Injection MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection Demo4 CMS - 'index.php id' SQL Injection Joomla! Component com_facileforms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - (dir_inc) Remote File Inclusion TinxCMS 1.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities mm chat 1.5 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ourvideo CMS 9.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmsWorks 2.2 RC4 - (mod_root) Remote File Inclusion Demo4 CMS - 'id' Parameter SQL Injection Joomla! Component FacileForms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting mm chat 1.5 - Local File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection DUcalendar 1.0 - (detail.asp iEve) SQL Injection HiveMaker Directory - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection Link ADS 1 - 'out.php linkid' SQL Injection TOKOKITA - 'barang.php produk_id' SQL Injection Webdevindo-CMS 0.1 - (index.php hal) SQL Injection mUnky 0.0.1 - (index.php zone) Local File Inclusion Jokes & Funny Pics Script - (sb_jokeid) SQL Injection DUcalendar 1.0 - 'iEve' Parameter SQL Injection HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection Link ADS 1 - 'linkid' Parameter SQL Injection TOKOKITA - 'produk_id' Parameter SQL Injection Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection mUnky 0.0.1 - 'zone' Parameter Local File Inclusion Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection MyPHP CMS 0.3.1 - (page.php pid) SQL Injection PHPmotion 2.0 - (update_profile.php) Arbitrary File Upload MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload polypager 1.0rc2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHP-Fusion Mod Kroax 4.42 - (category) SQL Injection polypager 1.0rc2 - SQL Injection / Cross-Site Scripting PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection Riddles Complete Website 1.2.1 - (riddleid) SQL Injection Tips Complete Website 1.2.0 - (tipid) SQL Injection Jokes Complete Website 2.1.3 - (jokeid) SQL Injection Drinks Complete Website 2.1.0 - (drinkid) SQL Injection Cheats Complete Website 1.1.1 - 'itemID' SQL Injection Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting SePortal 2.4 - (poll.php poll_id) SQL Injection SePortal 2.4 - 'poll_id' Parameter SQL Injection poweraward 1.1.0 rc1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component jabode - 'id' SQL Injection Online Booking Manager 2.2 - 'id' SQL Injection poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting Joomla! Component jabode - 'id' Parameter SQL Injection Online Booking Manager 2.2 - 'id' Parameter SQL Injection Joomla! Component Xe webtv - 'id' Blind SQL Injection Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection AcmlmBoard 1.A2 - 'pow' SQL Injection eSHOP100 - (SUB) SQL Injection AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection eSHOP100 - 'SUB' Parameter SQL Injection OTManager CMS 2.4 - (Tipo) Remote File Inclusion OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion Orca 2.0.2 - (Topic) Cross-Site Scripting Orca 2.0.2 - Cross-Site Scripting Hedgehog-CMS 1.21 - (Local File Inclusion) Remote Command Execution Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution catviz 0.4.0b1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting Joomla! Component com_facileforms - Cross-Site Scripting Joomla! Component FacileForms - Cross-Site Scripting PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload PHPmotion 1.62 - 'FCKeditor' Arbitrary File Upload Roundcube 1.2.2 - Remote Code Execution Pivot 1.0 - Remote module_db.php File Inclusion Pivot 1.0 - 'module_db.php' Remote File Inclusion MyBloggie 2.1 - 'index.php' year Parameter Cross-Site Scripting MyBloggie 2.1 - 'index.php' Cross-Site Scripting E-topbiz Link ADS 1 - 'out.php' SQL Injection PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting RSS-aggregator 1.0 - admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection RSS-aggregator 1.0 - admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection RSS-aggregator 1.0 - 'admin/fonctions/' Direct Request Administrator Authentication Bypass RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection RSS-aggregator 1.0 - Authentication Bypass Jokes Complete Website - joke.php id Parameter Cross-Site Scripting Jokes Complete Website - results.php searchingred Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting Splunk Enterprise 6.4.3 - Server-Side Request Forgery |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).