A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
9f1fdff37d
6 new exploits VicFTPS < 5.0 - (CWD) Remote Buffer Overflow (PoC) VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC) SilverSHielD 1.0.2.34 - (opendir) Denial of Service SilverSHielD 1.0.2.34 - Denial of Service Android - get_user/put_user Exploit (Metasploit) LoudBlog 0.4 - (path) Arbitrary Remote File Inclusion LoudBlog 0.4 - Arbitrary Remote File Inclusion MyEvent 1.3 - (myevent_path) Remote File Inclusion MyEvent 1.3 - 'event.php' Remote File Inclusion LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure LoudBlog 0.5 - SQL Injection / Admin Credentials Disclosure yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion PHP Easy Downloader 1.5 - (save.php) Remote Code Execution PHP Easy Downloader 1.5 - 'save.php' Remote Code Execution Ip Reg 0.3 - Multiple SQL Injections IP Reg 0.3 - Multiple SQL Injections AstroSPACES - 'id' SQL Injection AstroSPACES 1.1.1 - 'id' Parameter SQL Injection myEvent 1.6 - (viewevent.php) SQL Injection myEvent 1.6 - 'eventdate' Parameter SQL Injection Mosaic Commerce - 'category.php cid' SQL Injection Mosaic Commerce - 'cid' Parameter SQL Injection PokerMax Poker League - Insecure Cookie Handling Kure 0.6.3 - (index.php post & doc) Local File Inclusion PokerMax Poker League 0.13 - Insecure Cookie Handling Kure 0.6.3 - 'index.php' Local File Inclusion PHP Easy Downloader 1.5 - (file) File Disclosure PHP Easy Downloader 1.5 - 'file' Parameter File Disclosure Post Affiliate Pro 2.0 - (index.php md) Local File Inclusion Post Affiliate Pro 2.0 - 'md' Parameter Local File Inclusion XOOPS Module GesGaleri - (kategorino) SQL Injection XOOPS Module GesGaleri - SQL Injection zeeproperty - 'adid' SQL Injection zeeproperty - 'adid' Parameter SQL Injection Fast Click SQL 1.1.7 Lite - (init.php) Remote File Inclusion yappa-ng 2.3.3-beta0 - (album) Local File Inclusion Fast Click SQL 1.1.7 Lite - 'init.php' Remote File Inclusion Yappa-ng 2.3.3-beta0 - 'album' Parameter Local File Inclusion WBB Plugin rGallery 1.09 - 'itemID' Blind SQL Injection e107 <= 0.7.13 - (usersettings.php) Blind SQL Injection Joomla! Component ds-syndicate - (feed_id) SQL Injection XOOPS Module makale - SQL Injection WBB Plugin rGallery 1.09 - 'itemID' Parameter Blind SQL Injection e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection Joomla! Component ds-syndicate - 'feed_id' Parameter SQL Injection XOOPS Module makale 0.26 - SQL Injection ShopMaker 1.0 - (product.php id) SQL Injection Joomla! Component Daily Message 1.0.3 - 'id' SQL Injection ShopMaker CMS 1.0 - 'id' Parameter SQL Injection Joomla! Component Daily Message 1.0.3 - 'id' Parameter SQL Injection phpcrs 2.06 - (importFunction) Local File Inclusion LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection phpcrs 2.06 - 'importFunction' Parameter Local File Inclusion LoudBlog 0.8.0a - 'ajax.php' SQL Injection YDC - 'kdlist.php cat' SQL Injection YDC - 'cat' Parameter SQL Injection txtshop 1.0b (Windows) - 'Language' Local File Inclusion txtshop 1.0b (Windows) - 'Language' Parameter Local File Inclusion MindDezign Photo Gallery 2.2 - (index.php id) SQL Injection MindDezign Photo Gallery 2.2 - SQL Injection websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution Aj RSS Reader - 'EditUrl.php url' SQL Injection Aj RSS Reader - 'url' Parameter SQL Injection WordPress Plugin Media Holder - 'mediaHolder.php id' SQL Injection SFS Ez Forum - 'forum.php id' SQL Injection WordPress Plugin Media Holder - SQL Injection SFS Ez Forum - SQL Injection e107 Plugin EasyShop - (category_id) Blind SQL Injection e107 Plugin EasyShop - 'category_id' Parameter Blind SQL Injection Post Affiliate Pro 3 - (umprof_status) Blind SQL Injection Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection CafeEngine - 'index.php catid' SQL Injection CafeEngine - 'catid' Parameter SQL Injection shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion CafeEngine CMS 2.3 - SQL Injection CafeEngine 2.3 - SQL Injection Yappa-NG 1.x/2.x - Unspecified Remote File Inclusion Yappa-NG 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting LoudBlog 0.41 - podcast.php id Parameter SQL Injection LoudBlog 0.41 - 'podcast.php' SQL Injection LoudBlog 0.41 - backend_settings.php language Parameter Traversal Arbitrary File Access LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access Fast Click SQL Lite 1.1.2/1.1.3 - show.php Remote File Inclusion Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion myEvent 1.2/1.3 - Myevent.php Remote File Inclusion myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - search.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'day.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'week.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'month.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'search.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'report.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'help.php' Cross-Site Scripting yappa-ng - 'index.php' album Parameter Cross-Site Scripting yappa-ng - Query String Cross-Site Scripting Yappa-ng - 'index.php' album Parameter Cross-Site Scripting Yappa-ng - Query String Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/upload.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php Empty type Parameter Directory Listing tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php Empty type Parameter Directory Listing tinybrowser - 'type' Parameter Cross-Site Scripting tinybrowser - 'tinybrowser.php' Directory Listing tinybrowser - 'edit.php' Directory Listing Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection PHPMailer < 5.2.18 - Remote Code Execution (Python) WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).