A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
bac881f89a
3 new exploits QNAP NAS Devices - Heap Overflow Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH) PHPFanBase 2.x - (protection.php) Remote File Inclusion PHPFanBase 2.x - 'protection.php' Remote File Inclusion DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection DigiAffiliate 1.4 - 'id' Parameter SQL Injection ExoPHPDesk 1.2.1 - (faq.php) SQL Injection ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection MiniGal b13 - (image backdoor) Remote Code Execution MiniGal b13 - Remote Code Execution PHP Auto Listings - 'moreinfo.php pg' SQL Injection Pre Simple CMS - SQL Injection (Authentication Bypass) PHP Auto Listings - 'pg' Parameter SQL Injection Pre Simple CMS - Authentication Bypass Harlandscripts drinks - (recid) SQL Injection Harlandscripts drinks - 'recid' Parameter SQL Injection Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection Mole Group Taxi Calc Dist Script - Authentication Bypass DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection DevelopItEasy Membership System 1.3 - Authentication Bypass NICE FAQ Script - (Authentication Bypass) SQL Injection NICE FAQ Script - Authentication Bypass SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery 1.0 - Authentication Bypass DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection SoftComplex PHP Image Gallery - (ctg) SQL Injection DELTAScripts PHP Classifieds 7.5 - Authentication Bypass DELTAScripts PHP Links 1.3 - Authentication Bypass DELTAScripts PHP Shop 1.0 - Authentication Bypass SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection Mole Group Pizza - (manufacturers_id) Script SQL Injection TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection PHP Auto Listings Script - (Authentication Bypass) SQL Injection Mole Group Rental Script - (Authentication Bypass) SQL Injection MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection E-topbiz Online Store 1 - Authentication Bypass PHP Auto Listings Script - Authentication Bypass Mole Group Rental Script - Authentication Bypass MyioSoft Ajax Portal 3.0 - Authentication Bypass MyioSoft EasyBookMarker 4.0 - Authentication Bypass MyioSoft EasyCalendar - Authentication Bypass E-topbiz Online Store 1 - 'cat_id' SQL Injection E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection Myiosoft EasyBookMarker 4 - (Parent) SQL Injection Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection DigiAffiliate 1.4 - Authentication Bypass Mole Group Airline Ticket Script - Authentication Bypass ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection ExoPHPDesk 1.2 Final - Authentication Bypass ZEEMATRI 3.0 - 'adid' Parameter SQL Injection Joomla! Component com_books - (book_id) SQL Injection Joomla! Component com_books - 'book_id' Parameter SQL Injection Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection PozScripts Business Directory Script - 'cid' SQL Injection PozScripts Business Directory Script - 'cid' Parameter SQL Injection Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection Quick Poll Script - 'code.php id' SQL Injection Alstrasoft Web Host Directory - Authentication Bypass Quick Poll Script - 'id' Parameter SQL Injection Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection Bankoi Webhost Panel 1.20 - Authentication Bypass Minigal b13 - 'index.php list' Remote File Disclosure yahoo answers - 'id' SQL Injection Minigal b13 - Remote File Disclosure yahoo answers - 'id' Parameter SQL Injection PHPstore Wholesale - 'track.php?id' SQL Injection PHPstore Wholesale - 'id' Parameter SQL Injection E-topbiz ADManager 4 - (group) Blind SQL Injection E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion Jadu Galaxies - 'categoryId' Blind SQL Injection PHPfan 3.3.4 - 'init.php' Remote File Inclusion Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection MemHT Portal 4.0.1 - (avatar) Remote Code Execution MemHT Portal 4.0.1 - Remote Code Execution MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit MemHT Portal 4.0.1 - Delete All Private Messages Exploit MyioSoft Ajax Portal 3.0 - (page) SQL Injection MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection X10media Mp3 Search Engine < 1.6.2 Admin Access X10media Mp3 Search Engine < 1.6.2 - Admin Access Arab Portal 2.2 - (Authentication Bypass) SQL Injection Arab Portal 2.2 - Authentication Bypass Arab Portal 2.x - (forum.php qc) SQL Injection Arab Portal 2.x - 'forum.php' SQL Injection Arab Portal 2.2 - (mod.php module) Local File Inclusion Arab Portal 2.2 - 'mod.php' Local File Inclusion Collabtive - SQL Injection Collabtive 0.65 - SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection Collabtive 1.0 - 'manageuser.php' SQL Injection Arab Portal 2.0 - Link.php SQL Injection Arab Portal 2.0 - 'Link.php' SQL Injection Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting Arab Portal 2.0 - 'online.php' Cross-Site Scripting Arab Portal 2.0 - 'download.php' Cross-Site Scripting ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection Collabtive 1.1 - 'managetimetracker.php' SQL Injection Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass Zeeways Shaadi Clone 2.0 - Authentication Bypass PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).