A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb

Find a file

Offensive Security c65daa1397 DB: 2016-11-05 7 new exploits Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow Mercury/32 Mail Server 4.01 - (Pegasus) IMAP Buffer Overflow (3) Exim 4.41 - dns_build_reverse Local Exploit Exim 4.41 - 'dns_build_reverse' Local Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow Exploit 3Com TFTP Service (3CTftpSvc) 2.0.1 - 'Long Transporting Mode' Overflow BolinTech DreamFTP - (USER) Remote Buffer Overflow (PoC) BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC) ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1) Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Exploit Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow Winamp 5.551 - MAKI Parsing Integer Overflow Exploit Winamp 5.551 - MAKI Parsing Integer Overflow Icarus 2.0 - '.icp' Local Stack Overflow (PoC) Icarus 2.0 - '.ICP' Local Stack Overflow (PoC) ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2) Rock Band CMS 0.10 - news.php Multiple SQL Injection Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (1) Winamp 5.572 - whatsnew.txt Stack Overflow Exploit Winamp 5.572 - whatsnew.txt Stack Overflow Joomla! Component com_wmtpic 1.0 - SQL Injection Joomla! Component 'com_wmtpic' 1.0 - SQL Injection TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (1) Joomla! Component MediQnA 1.1 - Local File Inclusion Joomla! Component 'com_mediqna' 1.1 - Local File Inclusion Joomla! Component My Car - Multiple Vulnerabilities Joomla! Component BF Quiz - SQL Injection (1) Joomla! Component com_jepoll - (pollid) SQL Injection Joomla! Component com_jejob JE Job 1.0 - 'catid' SQL Injection Joomla! Component 'com_mycar' - Multiple Vulnerabilities Joomla! Component 'com_bfquiztrial' - SQL Injection (1) Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection Joomla! Component 'com_jejob' 1.0 - 'catid' Parameter SQL Injection Joomla! Component BF Quiz - SQL Injection (2) Joomla! Component 'com_bfquiztrial' - SQL Injection (2) Joomla! Component com_quran - SQL Injection Joomla! Component 'com_quran' - SQL Injection Joomla! Component com_g2bridge - Local File Inclusion Joomla! Component 'com_g2bridge' - Local File Inclusion Joomla! Component com_jsjobs - SQL Injection Joomla! Component 'com_jsjobs' - SQL Injection Joomla! Component ChronoConnectivity (com_chronoconnectivity) - Blind SQL Injection Joomla! Component ChronoForms (com_chronocontact) - Blind SQL Injection Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection Joomla! Component 'com_chronocontact' - Blind SQL Injection Joomla! Component com_lead - SQL Injection Joomla! Component 'com_lead' - SQL Injection Joomla! Component com_djartgallery - Multiple Vulnerabilities Joomla! Component 'com_djartgallery' - Multiple Vulnerabilities Joomla! Component com_searchlog - SQL Injection Joomla! Component 'com_searchlog' - SQL Injection Joomla! Component com_annonces - Arbitrary File Upload Joomla! Component 'com_annonces' - Arbitrary File Upload Joomla! Component cinema - SQL Injection Joomla! Component 'com_cinema' - SQL Injection Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting Joomla! Component 'Jreservation' 1.5 - SQL Injection / Cross-Site Scripting Joomla! Component com_jstore - SQL Injection Joomla! Component com_jtickets - SQL Injection Joomla! Component com_jcommunity - SQL Injection Joomla! Component com_jmarket - SQL Injection Joomla! Component com_jsubscription - SQL Injection Joomla! Component 'com_jstore' - SQL Injection Joomla! Component 'com_jtickets' - SQL Injection Joomla! Component 'com_jcommunity' - SQL Injection Joomla! Component 'com_jmarket' - SQL Injection Joomla! Component 'com_jsubscription' - SQL Injection Joomla! Component com_jnewsletter - SQL Injection Joomla! Component 'com_jnewsletter' - SQL Injection Joomla! Component com_joomdocs - Cross-Site Scripting Joomla! Component Answers 2.3beta - Multiple Vulnerabilities Joomla! Component ozio Gallery 2 - Multiple Vulnerabilities Joomla! Component listbingo 1.3 - Multiple Vulnerabilities Joomla! Component 'com_joomdocs' - Cross-Site Scripting Joomla! Component 'com_answers' 2.3beta - Multiple Vulnerabilities Joomla! Component 'com_oziogallery' 2 - Multiple Vulnerabilities Joomla! Component 'com_listbingo' 1.3 - Multiple Vulnerabilities Joomla! Component RSComments 1.0.0 - Persistent Cross-Site Scripting Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting Joomla! Component com_eportfolio - Arbitrary File Upload Joomla! Component 'com_eportfolio' - Arbitrary File Upload Joomla! Component Template BizWeb com_community - Persistent Cross-Site Scripting Joomla! Component Hot Property com_jomestate - Remote File Inclusion Joomla! Component 'com_community' - Persistent Cross-Site Scripting Joomla! Component 'com_jomestate' - Remote File Inclusion Joomla! Component JomSocial 1.6.288 - Multiple Cross-Site Scripting Joomla! Component 'JomSocial' 1.6.288 - Multiple Cross-Site Scripting Joomla! Component com_ybggal 1.0 - 'catid' SQL Injection Joomla! Component 'com_ybggal' 1.0 - 'catid' Parameter SQL Injection Joomla! Component Picasa2Gallery - Local File Inclusion Joomla! Component 'com_picasa2gallery' - Local File Inclusion Joomla! Component JE Ajax Event Calendar - SQL Injection Joomla! Component 'jeeventcalendar' - SQL Injection Joomla! Component com_realtyna - Local File Inclusion Joomla! Component 'com_realtyna' - Local File Inclusion Joomla! Component JE Story Submit - SQL Injection Joomla! Component com_sef - Remote File Inclusion Joomla! Component 'jesubmit' - SQL Injection Joomla! Component 'com_sef' - Remote File Inclusion Joomla! Component JE Awd Song - Persistent Cross-Site Scripting Joomla! Component JE Media Player - Local File Inclusion Joomla! Component 'com_awd_song' - Persistent Cross-Site Scripting Joomla! Component 'JE Media Player' - Local File Inclusion Joomla! Component JE Event Calendar - Local File Inclusion Joomla! Component JE Job com_jejob - Local File Inclusion Joomla! Component JE Section Finder - Local File Inclusion Joomla! Component 'jeeventcalendar' - Local File Inclusion Joomla! Component 'com_jejob' - Local File Inclusion Joomla! Component 'jesectionfinder' - Local File Inclusion Joomla! Component gamesbox com_gamesbox 1.0.2 - 'id' SQL Injection Joomla! Component Joomanager - SQL Injection Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection Joomla! Component 'Joomanager' - SQL Injection Joomla! Component com_dateconverter 0.1 - SQL Injection Joomla! Component 'com_dateconverter' 0.1 - SQL Injection Joomla! Component Front-End Article Manager System - Arbitrary File Upload Joomla! Component 'Front-End Article Manager System' - Arbitrary File Upload Joomla! Component Seyret Video (com_seyret) - Blind SQL Injection Joomla! Component 'com_seyret' - Blind SQL Injection Joomla! Component Seyret (com_seyret) - Local File Inclusion Joomla! Component 'com_seyret' - Local File Inclusion Joomla! Component eventcal 1.6.4 com_eventcal - Blind SQL Injection Joomla! Component 'com_eventcal' 1.6.4 - Blind SQL Injection Joomla! Component SocialAds com_socialads - Persistent Cross-Site Scripting Joomla! Component 'com_socialads' - Persistent Cross-Site Scripting Joomla! Component Phoca Gallery (com_phocagallery) - SQL Injection Joomla! Component Front-edit Address Book (com_addressbook) - Blind SQL Injection Joomla! Component 'com_phocagallery' - SQL Injection Joomla! Component 'com_addressbook' - Blind SQL Injection Joomla! Component NijnaMonials (com_ninjamonials) - Blind SQL Injection Joomla! Component SEF (com_sef) - Local File Inclusion Joomla! Component 'com_ninjamonials' - Blind SQL Injection Joomla! Component 'com_sef' - Local File Inclusion Joomla! Component JPodium (com_jpodium) - SQL Injection Joomla! Component 'com_jpodium' - SQL Injection Joomla! Component com_autartimonial - SQL Injection Joomla! Component 'com_autartimonial' - SQL Injection TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service TYPSoft FTP Server 1.10 - 'RETR' Command Denial of Service (2) Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit) Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit) Microsoft Excel 2010 - Crash PoC (1) Microsoft Excel 2010 - Crash (PoC) (1) Brooky CubeCart 2.0.1 - SQL Injection Brooky CubeCart 2.0.1/2.0.4 - ndex.php language Parameter Cross-Site Scripting Brooky CubeCart 2.0.1/2.0.4 - 'index.php' language Parameter Cross-Site Scripting Joomla! Component com_easygb - 'Itemid' Parameter Cross-Site Scripting Joomla! Component Percha Downloads Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component Percha Gallery 1.6 Beta - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchadownloadsattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchagallery' 1.6 Beta - 'Controller' Parameter Traversal Arbitrary File Access Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities Joomla! Component com_sar_news - 'id' Parameter SQL Injection Joomla! Component 'com_sar_news' - 'id' Parameter SQL Injection Joomla! Component Jreservation - Cross-Site Scripting Joomla! Component com_videowhisper_2wvc - Cross-Site Scripting Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion Joomla! Component Miniwork Studio Canteen 1.0 - SQL Injection / Local File Inclusion Joomla! Component 'com_canteen' 1.0 - Local File Inclusion Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection (2) IBM AIX 6.1/7.1/7.2.0.2 - 'lsmcode' Privilege Escalation VLC Media Player 2.2.1 - Buffer Overflow VideoLAN VLC Media Player 2.2.1 - Buffer Overflow Just Dial Clone Script - SQL Injection Just Dial Clone Script - SQL Injection (1) Just Dial Clone Script - SQL Injection Just Dial Clone Script - SQL Injection (2) IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation Freefloat FTP Server 1.0 - 'SITE ZONE' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'NLST' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'SITE CHMOD' Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow		2016-11-05 05:01:20 +00:00
platforms	DB: 2016-11-05	2016-11-05 05:01:20 +00:00
files.csv	DB: 2016-11-05	2016-11-05 05:01:20 +00:00
README.md	Note about dependencies	2016-10-26 16:44:58 +01:00
searchsploit	Hardcode ${gitpath} path	2016-10-26 13:13:51 +01:00

README.md

The Exploit Database Git Repository

This is the official repository of The Exploit Database, a project sponsored by Offensive Security.

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.

This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.

Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.

root@kali:~# searchsploit -h
  Usage: searchsploit [options] term1 [term2] ... [termN]

==========
 Examples
==========
  searchsploit afd windows local
  searchsploit -t oracle windows
  searchsploit -p 39446

=========
 Options
=========
   -c, --case     [Term]      Perform a case-sensitive search (Default is inSEnsITiVe).
   -e, --exact    [Term]      Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
   -h, --help                 Show this help screen.
   -j, --json     [Term]      Show result in JSON format.
   -m, --mirror   [EDB-ID]    Mirror (aka copies) an exploit to the current working directory.
   -o, --overflow [Term]      Exploit titles are allowed to overflow their columns.
   -p, --path     [EDB-ID]    Show the full path to an exploit (and also copies the path to the clipboard if possible).
   -t, --title    [Term]      Search JUST the exploit title (Default is title AND the file's path).
   -u, --update               Check for and install any exploitdb package updates (deb or git).
   -w, --www      [Term]      Show URLs to Exploit-DB.com rather than the local path.
   -x, --examine  [EDB-ID]    Examine (aka opens) the exploit using $PAGER.
       --colour               Disable colour highlighting in search results.
       --id                   Display the EDB-ID value rather than local path.
       --nmap     [file.xml]  Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
                              Use "-v" (verbose) to try even more combinations
=======
 Notes
=======
 * You can use any number of search terms.
 * Search terms are not case-sensitive (by default), and ordering is irrelevant.
   * Use '-c' if you wish to reduce results by case-sensitive searching.
   * And/Or '-e' if you wish to filter results by using an exact match.
 * Use '-t' to exclude the file's path to filter the search results.
   * Remove false positives (especially when searching using numbers - i.e. versions).
 * When updating from git or displaying help, search terms will be ignored.

root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                   |  Path
                                                                                 | (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin)            | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service                  | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)            | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080)                | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)   | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)            | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
    URL: https://www.exploit-db.com/exploits/39446/
   Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py

Copied EDB-ID 39446's path to the clipboard.
root@kali:~#

SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).