![]() 4 new exploits Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC) Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC) Remote Utilities Host 6.3 - Denial of Service Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) GNU Wget < 1.18 - Access List Bypass / Race Condition miniBB - 'user' Input Validation Hole MiniBB 1.7f - 'user' Parameter SQL Injection TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection miniBB 2.1 - (table) SQL Injection MiniBB 2.1 - 'table' Parameter SQL Injection Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure Apartment Search Script - 'listtest.php r' SQL Injection XOOPS Module Recipe - 'detail.php id' SQL Injection Aterr 0.9.1 - (class) Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection Apartment Search Script - 'listtest.php' SQL Injection XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection Aterr 0.9.1 - Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection KubeLance 1.6.4 - (ipn.php i) Local File Inclusion acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - (view.asp id) SQL Injection Crazy Goomba 1.2.1 - 'id' SQL Injection RedDot CMS 7.5 - (LngId) SQL Injection TR News 2.1 - (nb) SQL Injection KubeLance 1.6.4 - 'ipn.php' Local File Inclusion Acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - 'id' Parameter SQL Injection Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection RedDot CMS 7.5 - 'LngId' Parameter SQL Injection TR News 2.1 - 'nb' Parameter SQL Injection E RESERV 2.1 - (index.php ID_loc) SQL Injection Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection E RESERV 2.1 - 'index.php' SQL Injection Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities PostNuke Module PostSchedule - (eid) SQL Injection MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting PHP Forge 3 Beta 2 - 'id' SQL Injection PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Jokes Site Script - 'jokes.php?catagorie' SQL Injection FluentCMS - 'view.php sid' SQL Injection megabbs forum 2.2 - SQL Injection / Cross-Site Scripting Jokes Site Script - 'jokes.php' SQL Injection FluentCMS - 'view.php' SQL Injection Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection Softbiz Web Host Directory Script (host_id) - SQL Injection Joovili 3.1 - (browse.videos.php category) SQL Injection Prozilla Hosting Index - 'cat_id' Parameter SQL Injection Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection Joovili 3.1 - 'browse.videos.php' SQL Injection w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting Prozilla Hosting Index - 'id' SQL Injection Prozilla Hosting Index - 'id' Parameter SQL Injection web Calendar system 3.12/3.30 - Multiple Vulnerabilities Web Calendar System 3.12/3.30 - Multiple Vulnerabilities Web Calendar 4.1 - (Authentication Bypass) SQL Injection Web Calendar 4.1 - Authentication Bypass web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection KubeLance - 'profile.php?id' SQL Injection KubeLance 1.7.6 - 'profile.php' SQL Injection Clever Copy 2.0 - calendar.php Cross-Site Scripting Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - 'results.php' Cross-Site Scripting Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure ODFaq 2.1 - faq.php SQL Injection ODFaq 2.1 - 'faq.php' SQL Injection MiniBB 1.5 - news.php Remote File Inclusion MiniBB 1.5 - 'news.php' Remote File Inclusion W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting W1L3D4 philboard 0.3 - Cross-Site Scripting Proverbs Web Calendar 1.1 - Password Parameter SQL Injection Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection miniBB 3.1 - Blind SQL Injection MiniBB 3.1 - Blind SQL Injection Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).