bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
1125 commits 1 branch 0 tags 359 MiB
C 27.7%
Python 26.5%
Ruby 15.2%
Perl 8.3%
HTML 8.1%
Other 13.8%
Find a file
Offensive Security bf6526a40b DB: 2017-01-31 
39 new exploits

OpenSSL 1.1.0 - Remote Client Denial of Service

CDRTools CDRecord 2.0 - Mandrake Privilege Escalation
CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation

RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit
RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation
BitchX 1.0c19 - Privilege Escalation (suid?)
Apache 1.3.31 (mod_include) - Local Buffer Overflow
BitchX 1.0c19 - Privilege Escalation
Apache 1.3.31 mod_include - Local Buffer Overflow

AIX 4.3/5.1 < 5.3 - lsmcode Command Execution Privilege Escalation
AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation

Debian 2.2 - /usr/bin/pileup Privilege Escalation
Debian 2.2 /usr/bin/pileup - Privilege Escalation

Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation

GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow

Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow

IBM AIX 5.3 sp6 - ftp gets() Privilege Escalation
IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation

IBM AIX 5.3.0 - setlocale() Privilege Escalation
IBM AIX 5.3.0 - 'setlocale()' Privilege Escalation

FreeBSD 6x/7 - protosw kernel Local Privilege Escalation Exploit
FreeBSD 6x/7 protosw Kernel - Privilege Escalation

PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit

HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow

(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation
(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation

Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)
Linux Kernel 4.6.3 (x86) - 'Netfilter' Privilege Escalation (Metasploit)

FreeBSD 6.4 - Netgraph Local Privilege Escalation Exploit
FreeBSD 6.4 - Netgraph Privilege Escalation

PHP 5.4.3 (Windows x86 Polish) - Code Execution

Apache (Mod_Auth_OpenID) - Session Stealing
Apache Mod_Auth_OpenID - Session Stealing

cPanel 5.0 - Openwebmail Privilege Escalation
cPanel 5.0 - 'Openwebmail' Privilege Escalation
Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)
Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)
Apache 2.0.4x mod_php - File Descriptor Leakage (1)
Apache 2.0.4x mod_php - File Descriptor Leakage (2)

Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)
Apache 2.0.4x mod_perl - File Descriptor Leakage (3)

cPanel 5-9 - Privilege Escalation
cPanel 5 < 9 - Privilege Escalation

Apache 1.3.x (mod_include) - Local Buffer Overflow
Apache 1.3.x mod_include - Local Buffer Overflow

IBM AIX 5.x - Diag Privilege Escalation Vulnerabilities
IBM AIX 5.x - 'Diag' Privilege Escalation

Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation
Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation

Amanda 3.3.1 - amstar Command Injection Privilege Escalation
Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)
Deepin Linux 15 - lastore-daemon Privilege Escalation
Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)
Deepin Linux 15 - 'lastore-daemon' Privilege Escalation

Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)

Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)

Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)

Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation

Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)

Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)
Allwinner 3.4 Legacy Kernel - Privilege Escalation (Metasploit)

Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('mysql' System User) Privilege Escalation / Race Condition

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation

Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)
Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit)

Apache CouchDB 2.0.0 - Local Privilege Escalation
Apache CouchDB 2.0.0 - Privilege Escalation

Vesta Control Panel 0.9.8-16 - Local Privilege Escalation
Vesta Control Panel 0.9.8-16 - Privilege Escalation

Systemd 228 - Privilege Escalation (PoC)
Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC)

Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC)

Apache 1.3.x (mod_mylo) - Remote Code Execution
Apache 1.3.x mod_mylo - Remote Code Execution

Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure
Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure

Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032)

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit

Veritas NetBackup 6.0 (Windows x86) - (bpjava-msvc) Remote Exploit

Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow
Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow

Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow
Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow

Apache Tomcat Connector (mod_jk) - Remote Exploit (exec-shield)
Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit

3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)

SapLPD 6.28 (Windows x86) - Remote Buffer Overflow

Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow

Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow
Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow

Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow

Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting
Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting

Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit
Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit

Apache (mod_proxy) - Reverse Proxy Exposure (PoC)
Apache mod_proxy - Reverse Proxy Exposure (PoC)

Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)
Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit

Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting
Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting

Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass
Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass

Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass
Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

Apache (mod_wsgi) - Information Disclosure
Apache mod_wsgi - Information Disclosure

Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit
Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution

phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit
phpGraphy 0.9.12 - Privilege Escalation / Commands Execution

PEAR 1.9.0 - Multiple Remote File Inclusion
PHP PEAR 1.9.0 - Multiple Remote File Inclusion

Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload
PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload

Radisys MRF - Command Injection
PHP PEAR 1.10.1 - Arbitrary File Download
Caregiver Script 2.57 - SQL Injection
Auction Script 6.49 - SQL Injection
Itech B2B Script 4.28 - SQL Injection
Itech Classifieds Script 7.27 - 'scat' Parameter SQL Injection
Itech Dating Script 3.26 - SQL Injection
Itech Freelancer Script 5.13 - SQL Injection
Itech Multi Vendor Script 6.49 - SQL Injection
Itech News Portal Script 6.28 - SQL Injection
Itech Real Estate Script 3.12 - SQL Injection
PHP Product Designer Script - Arbitrary File Upload
PHP Logo Designer Script - Arbitrary File Upload
Video Sharing Script 4.94 - SQL Injection
HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download
Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection
Itech Dating Script 3.26 - 'send_gift.php' SQL Injection
Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection
2017-01-31 05:01:15 +00:00
platforms DB: 2017-01-31 2017-01-31 05:01:15 +00:00
files.csv DB: 2017-01-31 2017-01-31 05:01:15 +00:00
README.md Merge pull request #65 from g0tmi1k/searchsploit 2016-12-08 20:36:52 +00:00
searchsploit Fix for #67 - Show result when their’s only 1 for nmap’s XML mode 2016-12-20 14:30:14 +00:00

README.md

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit)   | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)              | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.

root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).