A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
b22e31535e
3 new exploits Winamp 5.21 - (Midi File Header Handling) Buffer Overflow (PoC) Winamp 5.21 - .Midi File Header Handling Buffer Overflow (PoC) Nullsoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC) NullSoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC) Microsoft Visual InterDev 6.0 (SP6) - .SLN File Local Buffer Overflow (PoC) Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC) WinAmp GEN_MSN Plugin - Heap Buffer Overflow (PoC) Winamp GEN_MSN Plugin - Heap Buffer Overflow (PoC) Winamp 5.572 - whatsnew.txt Stack Overflow (PoC) Winamp 5.572 - 'whatsnew.txt' Stack Overflow (PoC) Nullsoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow NullSoft Winamp 5.0.x - Variant 'IN_CDDA.dll' Remote Buffer Overflow WinAmp 5.63 - Invalid Pointer Dereference WinAmp 5.63 - Stack Based Buffer Overflow Winamp 5.63 - Invalid Pointer Dereference Winamp 5.63 - Stack Based Buffer Overflow Winamp 5.666 build 3516 - (Corrupted flv) Crash (PoC) Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC) Microsoft Edge - 'eval' Type Confusion Nullsoft Winamp 5.32 - .MP4 Tags Stack Overflow NullSoft Winamp 5.32 - .MP4 Tags Stack Overflow SCO UnixWare < 7.1.4 p534589 - (pkgadd) Privilege Escalation SCO UnixWare Reliant HA - Privilege Escalation SCO UnixWare Merge - mcd Privilege Escalation Microsoft Visual Basic Enterprise 6 SP6 - '.DSR' File Local Buffer Overflow SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Privilege Escalation SCO UnixWare Reliant HA 1.1.4 - Privilege Escalation SCO UnixWare Merge - 'mcd' Privilege Escalation Winamp 5.05-5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.572 - whatsnew.txt Stack Overflow Winamp 5.572 - whatsnew.txt Local Buffer Overflow (Windows XP SP3 DE) Winamp 5.572 - 'whatsnew.txt' Stack Overflow Winamp 5.572 (Windows XP SP3 DE) - 'whatsnew.txt' Local Buffer Overflow Winamp 5.572 - whatsnew.txt SEH (Metasploit) Winamp 5.572 - 'whatsnew.txt' SEH (Metasploit) Winamp 5.572 - Local Buffer Overflow (Windows 7 ASLR + DEP Bypass) Winamp 5.572 (Windows 7) - Local Buffer Overflow (ASLR + DEP Bypass) Nullsoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking NullSoft Winamp 5.581 - 'wnaspi32.dll' DLL Hijacking WinAmp 5.63 - (winamp.ini) Local Exploit Winamp 5.63 - 'winamp.ini' Local Exploit Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2) Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3/TriTeal TED CDE 4.3/Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2) Nullsoft Winamp 2.x - AIP Buffer Overflow NullSoft Winamp 2.x - AIP Buffer Overflow Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow NullSoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow winamp Web interface 7.5.13 - Multiple Vulnerabilities Winamp Web interface 7.5.13 - Multiple Vulnerabilities Nullsoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow NullSoft Winamp 5.0 - Malformed ID3v2 Tag Buffer Overflow LinPHA 1.3.1 - (new_images.php) Blind SQL Injection LinPHA 1.3.1 - 'new_images.php' Blind SQL Injection KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection KwsPHP 1.0 - Newsletter Module SQL Injection KwsPHP 1.0 Module Newsletter - SQL Injection DaZPHP 0.1 - (prefixdir) Local File Inclusion PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion KwsPHP Module Galerie - (id_gal) SQL Injection KwsPHP Module Archives - 'id' SQL Injection KwsPHP Module jeuxflash (cat) 1.0 - SQL Injection KwsPHP Module ConcoursPhoto - (C_ID) SQL Injection XPOZE Pro 3.05 - (reed) SQL Injection Vastal I-Tech Software Zone - 'cat_id' SQL Injection sabros.us 1.75 - (thumbnails.php) Remote File Disclosure Comdev News Publisher - SQL Injection Affiliate Directory - 'cat_id' SQL Injection PHP Photo Gallery 1.0 - (photo_id) SQL Injection Blogator-script 0.95 - (incl_page) Remote File Inclusion PIGMy-SQL 1.4.1 - (getdata.php id) Blind SQL Injection Blogator-script 0.95 - (id_art) SQL Injection Dragoon 0.1 - (lng) Local File Inclusion DaZPHP 0.1 - 'prefixdir' Parameter Local File Inclusion PhpBlock a8.4 - 'PATH_TO_CODE' Parameter Remote File Inclusion KwsPHP 1.3.456 Module Galerie - 'id_gal' Parameter SQL Injection KwsPHP 1.3.456 Module Archives - 'id' Parameter SQL Injection KwsPHP Module jeuxflash 1.0 - 'cat' Parameter SQL Injection KwsPHP Module ConcoursPhoto 2.0 - 'C_ID' Parameter SQL Injection XPOZE Pro 3.05 - 'reed' Parameter SQL Injection Vastal I-Tech Software Zone - 'cat_id' Parameter SQL Injection Sabros.us 1.75 - 'thumbnails.php' Remote File Disclosure Comdev News Publisher 4.1.2 - SQL Injection Affiliate Directory - 'cat_id' Parameter SQL Injection PHP Photo Gallery 1.0 - 'photo_id' Parameter SQL Injection Blogator-script 0.95 - 'incl_page' Parameter Remote File Inclusion PIGMy-SQL 1.4.1 - 'getdata.php' Blind SQL Injection Blogator-script 0.95 - 'id_art' Parameter SQL Injection Dragoon 0.1 - 'lng' Parameter Local File Inclusion Easynet Forum Host - 'forum.php forum' SQL Injection CoBaLT 0.1 - Multiple SQL Injections Gaming Directory 1.0 - 'cat_id' SQL Injection Easynet Forum Host - 'forum.php' SQL Injection Cobalt 0.1 - Multiple SQL Injections Gaming Directory 1.0 - 'cat_id' Parameter SQL Injection Links Directory 1.1 - 'cat_id' SQL Injection Software Index 1.1 - 'cid' SQL Injection Links Directory 1.1 - 'cat_id' Parameter SQL Injection Software Index 1.1 - 'cid' Parameter SQL Injection Blog PixelMotion - 'index.php categorie' SQL Injection Site Sift Listings - 'id' SQL Injection Blog PixelMotion - 'categorie' Parameter SQL Injection Site Sift Listings - 'id' Parameter SQL Injection Prozilla Forum Service - 'forum.php forum' SQL Injection Prozilla Forum Service - 'forum' Parameter SQL Injection Prozilla Freelancers - (project) SQL Injection Prozilla Freelancers - 'project' Parameter SQL Injection LinPHA 1.3.3 - (maps plugin) Remote Command Execution Dragoon 0.1 - (root) Remote File Inclusion LinPHA 1.3.3 Plugin Maps - Remote Command Execution Dragoon 0.1 - 'root' Parameter Remote File Inclusion k-links directory - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities k-links directory - SQL Injection / Cross-Site Scripting SFS Affiliate Directory - 'id' SQL Injection Affiliate Directory - 'id' Parameter SQL Injection SFS EZ Gaming Directory - 'Directory.php id' SQL Injection SFS EZ Gaming Directory - 'directory.php' SQL Injection SFS EZ Gaming Directory - 'cat_id' SQL Injection SFS EZ Gaming Directory - 'cat_id' Parameter SQL Injection LinPHA 1.3.2 - (rotate.php) Remote Command Execution LinPHA 1.3.2 - 'rotate.php' Remote Command Execution cobalt qube webmail 1.0 - Directory Traversal Cobalt Qube Webmail 1.0 - Directory Traversal LinPHA 0.9.x/1.0 - 'index.php' lang Parameter Local File Inclusion LinPHA 0.9.x/1.0 - install.php language Parameter Local File Inclusion LinPHA 0.9.x/1.0 - sec_stage_install.php language Parameter Local File Inclusion LinPHA 0.9.x/1.0 - forth_stage_install.php language Variable POST Method Local File Inclusion LinPHA 0.9.x/1.0 - 'lang' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'install.php' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'sec_stage_install.php' Parameter Local File Inclusion LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion LinPHA 1.1 - Multiple Cross-Site Scripting Vulnerabilities Drake CMS 0.2 - 'index.php' Cross-Site Scripting Sabros.US 1.7 - 'index.php' Cross-Site Scripting Drake CMS 0.3.7 - 404.php Local File Inclusion Drake CMS 0.3.7 - '404.php' Local File Inclusion Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting Blogator-script 0.95 - 'bs_auth.php' Cross-Site Scripting CoBaLT 2.0 - 'adminler.asp' SQL Injection Cobalt 2.0 - 'adminler.asp' SQL Injection VisualPic 0.3.1 - Cross-Site Scripting LinPHA 1.3.2/1.3.3 - 'login.php' Cross-Site Scripting LinPHA 1.3.2/1.3.3 - new_images.php Cross-Site Scripting Software Index - 'signinform.php' Cross-Site Scripting CMSimple 4.4.4 - Remote file Inclusion CMSimple 4.4.4 - Remote File Inclusion Wordpress Plugin Answer My Question 1.3 - SQL Injection Wordpress Plugin Sirv 1.3.1 - SQL Injection |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).