A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
c203af40e6
1 new exploits Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure cPanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure pppBlog 0.3.8 - (randompic.php) System Disclosure pppBlog 0.3.8 - System Disclosure NetRisk 1.9.7 - (change_submit.php) Remote Password Change Exploit NetRisk 1.9.7 - Remote Password Change Exploit netrisk 1.9.7 - Cross-Site Scripting / SQL Injection NetRisk 1.9.7 - Cross-Site Scripting / SQL Injection Cpanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass) cPanel 11.x - 'Fantastico' Local File Inclusion (sec Bypass) MyForum 1.3 - (lecture.php id) SQL Injection MyForum 1.3 - 'lecture.php' SQL Injection MyForum 1.3 - (padmin) Local File Inclusion MyForum 1.3 - 'padmin' Parameter Local File Inclusion e107 Plugin alternate_profiles - 'id' SQL Injection MyKtools 2.4 - (langage) Local File Inclusion e107 Plugin alternate_profiles - 'id' Parameter SQL Injection MyKtools 2.4 - 'langage' Parameter Local File Inclusion questcms - Cross-Site Scripting / Directory Traversal / SQL Injection AIOCP 1.4 - 'poll_id' SQL Injection QuestCMS - Cross-Site Scripting / Directory Traversal / SQL Injection AIOCP 1.4 - 'poll_id' Parameter SQL Injection PersianBB - 'iranian_music.php id' SQL Injection Agares ThemeSiteScript 1.0 (loadadminpage) - Remote File Inclusion PersianBB - 'id' Parameter SQL Injection Agares ThemeSiteScript 1.0 - 'loadadminpage' Parameter Remote File Inclusion Sepal SPBOARD 4.5 - (board.cgi) Remote Command Execution Sepal SPBOARD 4.5 - 'board.cgi' Remote Command Execution Venalsur on-line Booking Centre - (OfertaID) Cross-Site Scripting / SQL Injection Pro Traffic One - 'poll_results.php id' SQL Injection Venalsur on-line Booking Centre - Cross-Site Scripting / SQL Injection Pro Traffic One - 'poll_results.php' SQL Injection e107 Plugin lyrics_menu - 'lyrics_song.php l_id' SQL Injection e107 Plugin lyrics_menu - 'l_id' Parameter SQL Injection SFS EZ Adult Directory - 'Directory.php id' SQL Injection Logz podcast CMS 1.3.1 - (add_url.php art) SQL Injection cpanel 11.x - Cross-Site Scripting / Local File Inclusion SFS EZ Adult Directory - 'directory.php' SQL Injection Logz podcast CMS 1.3.1 - 'art' Parameter SQL Injection cPanel 11.x - Cross-Site Scripting / Local File Inclusion SFS EZ HotScripts-like Site - 'cid' SQL Injection SFS EZ HotScripts-like Site - 'cid' Parameter SQL Injection SFS EZ Hosting Directory - 'cat_id' SQL Injection SFS EZ Hosting Directory - 'cat_id' Parameter SQL Injection SFS EZ Home Business Directory - 'cat_id' SQL Injection SFS EZ Link Directory - 'cat_id' SQL Injection Adult Banner Exchange Website - (targetid) SQL Injection SFS EZ BIZ PRO - 'track.php id' SQL Injection SFS EZ Affiliate - 'cat_id' SQL Injection Article Publisher PRO 1.5 - (Authentication Bypass) SQL Injection SFS EZ Webring - (cat) SQL Injection SFS EZ Hot or Not - (phid) SQL Injection SFS EZ Software - 'id' SQL Injection SFS EZ Home Business Directory - 'cat_id' Parameter SQL Injection SFS EZ Link Directory - 'cat_id' Parameter SQL Injection Adult Banner Exchange Website - 'targetid' Parameter SQL Injection SFS EZ BIZ PRO - SQL Injection SFS EZ Affiliate - 'cat_id' Parameter SQL Injection Article Publisher PRO 1.5 - Authentication Bypass SFS EZ Webring - 'cat' Parameter SQL Injection SFS EZ Hot or Not - 'phid' Parameter SQL Injection SFS EZ Software - 'id' Parameter SQL Injection Article Publisher PRO - (userid) SQL Injection SFS EZ Auction - 'viewfaqs.php cat' Blind SQL Injection SFS EZ Career - 'content.php topic' SQL Injection SFS EZ Top Sites - 'topsite.php ts' SQL Injection SFS EZ Webstore - (where) SQL Injection SFS EZ Pub Site - 'Directory.php cat' SQL Injection SFS EZ Gaming Cheats - 'id' SQL Injection Article Publisher PRO - 'userid' Parameter SQL Injection SFS EZ Auction - Blind SQL Injection SFS EZ Career - SQL Injection SFS EZ Top Sites - SQL Injection SFS EZ Webstore - 'where' Parameter SQL Injection SFS EZ Pub Site - SQL Injection SFS EZ Gaming Cheats - SQL Injection GO4I.NET ASP Forum 1.0 - (forum.asp iFor) SQL Injection YourFreeWorld Programs Rating - 'details.php id' SQL Injection GO4I.NET ASP Forum 1.0 - SQL Injection YourFreeWorld Programs Rating - SQL Injection Shahrood - 'ndetail.php id' Blind SQL Injection YourFreeWorld Downline Builder - 'id' SQL Injection YourFreeWorld Banner Management - 'id' SQL Injection YourFreeWorld Blog Blaster - 'id' SQL Injection YourFreeWorld Autoresponder Hosting - 'id' SQL Injection YourFreeWorld Forced Matrix Script - 'id' SQL Injection YourFreeWorld Short Url & Url Tracker - 'id' SQL Injection YourFreeWorld Viral Marketing - 'id' SQL Injection YourFreeWorld Scrolling Text Ads - 'id' SQL Injection YourFreeWorld Reminder Service - 'id' SQL Injection YourFreeWorld Classifieds Blaster - 'id' SQL Injection Shahrood - Blind SQL Injection YourFreeWorld Downline Builder - 'tr.php' SQL Injection YourFreeWorld Banner Management - SQL Injection YourFreeWorld Blog Blaster - 'tr.php' SQL Injection YourFreeWorld Autoresponder Hosting - 'tr.php' SQL Injection YourFreeWorld Forced Matrix Script - SQL Injection YourFreeWorld Short Url & Url Tracker - SQL Injection YourFreeWorld Viral Marketing - SQL Injection YourFreeWorld Scrolling Text Ads - SQL Injection YourFreeWorld Reminder Service - SQL Injection YourFreeWorld Classifieds Blaster - SQL Injection Downline Goldmine Builder - 'tr.php id' SQL Injection Downline Goldmine Category Addon - 'id' SQL Injection YourFreeWorld Classifieds Hosting - 'id' SQL Injection YourFreeWorld URL Rotator - 'id' SQL Injection Downline Goldmine paidversion - 'tr.php id' SQL Injection Downline Goldmine newdownlinebuilder - 'tr.php id' SQL Injection YourFreeWorld Shopping Cart - 'index.php c' Blind SQL Injection Maran PHP Shop - 'prod.php cat' SQL Injection Downline Goldmine Builder - SQL Injection Downline Goldmine Category Addon - SQL Injection YourFreeWorld Classifieds Hosting - SQL Injection YourFreeWorld URL Rotator - SQL Injection Downline Goldmine paidversion - SQL Injection Downline Goldmine newdownlinebuilder - SQL Injection YourFreeWorld Shopping Cart - Blind SQL Injection Maran PHP Shop - 'prod.php' SQL Injection 1st News - 'products.php id' SQL Injection 1st News - SQL Injection BosClassifieds - 'cat_id' SQL Injection BosClassifieds - 'cat_id' Parameter SQL Injection MatPo Link 1.2b - (view.php id) SQL Injection MatPo Link 1.2b - SQL Injection Apoll 0.7b - (Authentication Bypass) SQL Injection Apoll 0.7b - Authentication Bypass pppBlog 0.3.11 - (randompic.php) File Disclosure TBmnetCMS 1.0 - (index.php content) Local File Inclusion pppBlog 0.3.11 - File Disclosure TBmnetCMS 1.0 - Local File Inclusion WEBBDOMAIN Post Card 1.02 - 'catid' SQL Injection WEBBDOMAIN Post Card 1.02 - 'catid' Parameter SQL Injection nicLOR Puglia Landscape - 'id' Local File Inclusion nicLOR Puglia Landscape - Local File Inclusion Vibro-School-CMS - (nID) SQL Injection Vibro-School-CMS - 'nID' Parameter SQL Injection WEBBDOMAIN Petition 1.02/2.0/3.0 - (Authentication Bypass) SQL Injection WEBBDOMAIN Polls 1.01 - (Authentication Bypass) SQL Injection WEBBDOMAIN Quiz 1.02 - (Authentication Bypass) SQL Injection WEBBDOMAIN Webshop 1.02 - (Authentication Bypass) SQL Injection Simple Document Management System 1.1.4 - SQL Injection Authentication Bypass Tours Manager 1.0 - (cityview.php cityid) SQL Injection WEBBDOMAIN Post Card 1.02 - (Authentication Bypass) SQL Injection WEBBDOMAIN Petition 1.02/2.0/3.0 - Authentication Bypass WEBBDOMAIN Polls 1.01 - Authentication Bypass WEBBDOMAIN Quiz 1.02 - Authentication Bypass WEBBDOMAIN Webshop 1.02 - Authentication Bypass Simple Document Management System 1.1.4 - Authentication Bypass Tours Manager 1.0 - SQL Injection WEBBDOMAIN Post Card 1.02 - Authentication Bypass PHPX 3.5.16 - (news_id) SQL Injection Pre Podcast Portal - 'Tour.php id' SQL Injection PHPX 3.5.16 - 'news_id' Parameter SQL Injection Pre Podcast Portal - SQL Injection Graugon PHP Article Publisher 1.0 - (SQL Injection / Cookie Handling) Multiple Remote Vulnerabilities Graugon PHP Article Publisher 1.0 - SQL Injection / Cookie Handling Absolute Form Processor XE-V 1.5 - (Authentication Bypass) SQL Injection Absolute Form Processor XE-V 1.5 - Authentication Bypass MyForum 1.3 - (Authentication Bypass) SQL Injection MyForum 1.3 - Authentication Bypass Cpanel 11.25 - Cross-Site Request Forgery (Add FTP Account) cPanel 11.25 - Cross-Site Request Forgery (Add FTP Account) Simple Document Management System (SDMS) - SQL Injection Simple Document Management System - SQL Injection Cpanel 11.x - Cross-Site Request Forgery (Edit E-mail) cPanel 11.x - Cross-Site Request Forgery (Edit E-mail) PHPMyForum 4.0 - 'index.php' page Parameter Cross-Site Scripting PHPMyForum 4.0 - 'page' Parameter Cross-Site Scripting Cpanel 10 - Select.HTML Cross-Site Scripting cPanel 10 - Select.HTML Cross-Site Scripting CPanel 5-10 - SUID Wrapper Privilege Escalation cPanel 5-10 - SUID Wrapper Privilege Escalation AIOCP 1.3.x - 'cp_forum_view.php' Multiple Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_show_ec_products.php' order_field Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_users_online.php order_field Parameter Cross-Site Scripting AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter Cross-Site Scripting AIOCP 1.3.x - '/admin/code/index.php' load_page Parameter Remote File Inclusion AIOCP 1.3.x - 'cp_dpage.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_news.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_forum_view.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_edit_user.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_newsletter.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_links.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_contact_us.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_show_ec_products.php' Multiple Parameter SQL Injection AIOCP 1.3.x - 'cp_login.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_users_online.php' order_field Parameter SQL Injection AIOCP 1.3.x - 'cp_codice_fiscale.php' choosed_language Parameter SQL Injection AIOCP 1.3.x - 'cp_links_search.php' orderdir Parameter SQL Injection AIOCP 1.3.x - 'cp_forum_view.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_dpage.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_show_ec_products.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_users_online.php' Cross-Site Scripting AIOCP 1.3.x - 'cp_links_search.php' Cross-Site Scripting AIOCP 1.3.x - 'load_page' Parameter Remote File Inclusion AIOCP 1.3.x - 'cp_dpage.php' SQL Injection AIOCP 1.3.x - 'cp_news.php' SQL Injection AIOCP 1.3.x - 'cp_forum_view.php' SQL Injection AIOCP 1.3.x - 'cp_edit_user.php' SQL Injection AIOCP 1.3.x - 'cp_newsletter.php' SQL Injection AIOCP 1.3.x - 'cp_links.php' SQL Injection AIOCP 1.3.x - 'cp_contact_us.php' SQL Injection AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection AIOCP 1.3.x - 'cp_login.php' SQL Injection AIOCP 1.3.x - 'cp_users_online.php' SQL Injection AIOCP 1.3.x - 'cp_codice_fiscale.php' SQL Injection AIOCP 1.3.x - 'cp_links_search.php' SQL Injection CPanel 10 - DNSlook.HTML Cross-Site Scripting cPanel 10 - DNSlook.HTML Cross-Site Scripting CPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities cPanel 11 Beta - Multiple Cross-Site Scripting Vulnerabilities CPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting CPanel 11 - PassWDMySQL Cross-Site Scripting cPanel 11 - PassWDMySQL Cross-Site Scripting CPanel 10.9.1 - Resname Parameter Cross-Site Scripting cPanel 10.9.1 - Resname Parameter Cross-Site Scripting netRisk 1.9.7 - 'index.php' Remote File Inclusion NetRisk 1.9.7 - 'index.php' Remote File Inclusion YourFreeWorld Downline Builder Pro - 'id' Parameter SQL Injection YourFreeWorld Downline Builder Pro - 'tr.php' SQL Injection XIGLA Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection TBmnetCMS 1.0 - 'content' Parameter Cross-Site Scripting TBmnetCMS 1.0 - Cross-Site Scripting pppBLOG 0.3 - 'search.php' Cross-Site Scripting Zend Framework / zend-mail < 2.4.11 - Remote Code Execution |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).