![]() 4 new exploits Free MP3 CD Ripper 2.6 - Exploit (1) Free MP3 CD Ripper 2.6 - '.wav' PoC Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (3) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2) Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (1) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC) Ascend R 4.5 Ci12 - Denial of Service (1) Ascend R 4.5 Ci12 - Denial of Service (2) Ascend R 4.5 Ci12 - Denial of Service (C) Ascend R 4.5 Ci12 - Denial of Service (Perl) Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (1) Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC) thttpd 2.2x - defang Remote Buffer Overflow (1) thttpd 2.2x - defang Remote Buffer Overflow (PoC) PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1) PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) (1) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (3) Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2) Free MP3 CD Ripper 2.6 - (wav) Stack Buffer Overflow (PoC) Free MP3 CD Ripper 2.6 - '.wav' Stack Buffer Overflow Free MP3 CD Ripper 2.6 - Exploit (2) Free MP3 CD Ripper 2.6 - '.wav' Exploit Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (2) Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1) Free MP3 CD Ripper 2.6 - Local Buffer Overflow Free MP3 CD Ripper 2.6 - '.wav' Local Buffer Overflow Free MP3 CD Ripper 2.6 2.8 '.wav' - SEH Based Buffer Overflow (Windows 7 DEP Bypass) Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass) Alt-N SecurityGateway - 'Username' Buffer Overflow (Metasploit) Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (2) WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow thttpd 2.2x - defang Remote Buffer Overflow (2) thttpd 2.2x - defang Remote Buffer Overflow Windows x64 - Bind Shell TCP Shellcode (508 bytes) CuteNews 1.4.1 - (function.php) Local File Inclusion CuteNews 1.4.1 - 'function.php' Local File Inclusion CoreNews 2.0.1 - (userid) SQL Injection CoreNews 2.0.1 - 'userid' Parameter SQL Injection phpAuction 2.1 - (phpAds_path) Remote File Inclusion phpAuction 2.1 - 'phpAds_path' Parameter Remote File Inclusion Freenews 1.1 - (moteur.php) Remote File Inclusion Freenews 1.1 - 'moteur.php' Remote File Inclusion SH-News 3.1 - (scriptpath) Multiple Remote File Inclusion SH-News 3.1 - 'scriptpath' Parameter Remote File Inclusion JaxUltraBB 2.0 - (delete.php) Remote Auto Deface Exploit JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit JaxUltraBB 2.0 - Topic Reply Command Execution JaxUltraBB 2.0 - Command Execution Oxygen 1.1.3 - (O2PHP Bulletin Board) SQL Injection Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection cutenews aj-fork 167f - (cutepath) Remote File Inclusion cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion SH-News 0.93 - (misc.php) Remote File Inclusion SH-News 0.93 - 'misc.php' Remote File Inclusion aspWebCalendar 4.5 - (calendar.asp eventid) SQL Injection AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection SH-News 3.0 - (comments.php id) SQL Injection SH-News 3.0 - 'comments.php' SQL Injection ClipShare - 'uprofile.php UID' SQL Injection ClipShare - 'UID' Parameter SQL Injection Lasernet CMS 1.5 - SQL Injection (2) LaserNet CMS 1.5 - SQL Injection (2) Oxygen 2.0 - (repquote) SQL Injection Oxygen 2.0 - 'repquote' Parameter SQL Injection Open Azimyt CMS 0.22 - 'lang' Local File Inclusion Open Azimyt CMS 0.22 - 'lang' Parameter Local File Inclusion Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection Bizon-CMS 2.0 - (index.php Id) SQL Injection Basic-CMS - 'index.php r' SQL Injection Bizon-CMS 2.0 - 'Id' Parameter SQL Injection Basic-CMS - 'index.php' SQL Injection ClipShare < 3.0.1 - (tid) SQL Injection easyTrade 2.x - (detail.php id) SQL Injection ThaiQuickCart - (sLanguage) Local File Inclusion ClipShare < 3.0.1 - 'tid' Parameter SQL Injection easyTrade 2.x - 'id' Parameter SQL Injection ThaiQuickCart 3 - 'sLanguage' Cookie Local File Inclusion eroCMS 1.4 - (index.php site) SQL Injection WebCalendar 1.0.4 - (includedir) Remote File Inclusion traindepot 0.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities doITlive CMS 2.50 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities AspWebCalendar 2008 - Arbitrary File Upload netBIOS - 'shownews.php newsid' SQL Injection Maxtrade AIO 1.3.23 - (categori) SQL Injection Mybizz-Classifieds - 'index.php cat' SQL Injection Easy Webstore 1.2 - (index.php postid) SQL Injection eroCMS 1.4 - 'site' Parameter SQL Injection WebCalendar 1.0.4 - 'includedir' Parameter Remote File Inclusion traindepot 0.1 - Local File Inclusion / Cross-Site Scripting doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting AspWebCalendar 2008 - Arbitrary File Upload netBIOS - 'newsid' Parameter SQL Injection Maxtrade AIO 1.3.23 - 'categori' Parameter SQL Injection Mybizz-Classifieds - 'cat' Parameter SQL Injection Easy Webstore 1.2 - SQL Injection Carscripts Classifieds - 'index.php cat' SQL Injection BoatScripts Classifieds - 'index.php type' SQL Injection Carscripts Classifieds - 'cat' Parameter SQL Injection BoatScripts Classifieds - 'type' Parameter SQL Injection ownrs blog beta3 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities samart-cms 2.0 - (contentsid) SQL Injection CMS-BRD - (menuclick) SQL Injection ownrs blog beta3 - SQL Injection / Cross-Site Scripting Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities samart-cms 2.0 - 'contentsid' Parameter SQL Injection CMS-BRD - 'menuclick' Parameter SQL Injection CaupoShop Classic 1.3 - (saArticle[ID]) SQL Injection CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities Lightweight news portal [lnp] 1.0b - Multiple Vulnerabilities Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities CiBlog 3.1 - (links-extern.php id) SQL Injection CiBlog 3.1 - 'id' Parameter SQL Injection jaxultrabb 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities emuCMS 0.3 - 'cat_id' SQL Injection phpAuction - 'profile.php user_id' SQL Injection SiteXS CMS 0.1.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities @CMS 2.1.1 - (readarticle.php article_id) SQL Injection eNews 0.1 - (delete.php) Arbitrary Delete Post PHP KnowledgeBase Script 2.4 - 'cat_id' SQL Injection jaxultrabb 2.0 - Local File Inclusion / Cross-Site Scripting emuCMS 0.3 - 'cat_id' Parameter SQL Injection phpAuction - 'profile.php' SQL Injection SiteXS CMS 0.1.1 - Arbitrary File Upload / Cross-Site Scripting @CMS 2.1.1 - SQL Injection eNews 0.1 - 'delete.php' Arbitrary Delete Post PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection OFFL 0.2.6 - (teams.php fflteam) SQL Injection Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection phpAuction 3.2.1 - (item.php id) SQL Injection Joomla! Component EXP Shop - 'catid' SQL Injection DUdForum 3.0 - (forum.asp iFor) SQL Injection shibby shop 2.2 - (SQL Injection / update) Multiple Vulnerabilities phpAuction 3.2.1 - 'item.php' SQL Injection Joomla! Component EXP Shop - 'catid' Parameter SQL Injection DUdForum 3.0 - 'iFor' Parameter SQL Injection shibby shop 2.2 - Multiple Vulnerabilities LiteNews 0.1 - 'id' SQL Injection LiteNews 0.1 - 'id' Parameter SQL Injection ClipShare Pro 2006-2007 - (chid) SQL Injection ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection phpauctionsystem - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities phpauctionsystem - Cross-Site Scripting / SQL Injection Jamroom - 'index.php t' Local File Inclusion Jamroom 4.0.2 - 't' Parameter Local File Inclusion Oxygen2PHP 1.1.3 - (member.php) SQL Injection Oxygen2PHP 1.1.3 - 'member.php' SQL Injection Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection MyPhpAuction 2010 - 'id' SQL Injection MyPhpAuction 2010 - 'id' Parameter SQL Injection CuteNews - 'index.php?page' Local File Inclusion CuteNews - 'page' Parameter Local File Inclusion Lasernet CMS 1.5 - SQL Injection (1) LaserNet CMS 1.5 - SQL Injection (1) WebCalendar 1.2.4 - (install/index.php) Remote Code Execution WebCalendar 1.2.4 - Remote Code Execution MyMarket 1.71 - Form_Header.php Cross-Site Scripting MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting CuteNews 0.88 - shownews.php Remote File Inclusion CuteNews 0.88 - search.php Remote File Inclusion CuteNews 0.88 - comments.php Remote File Inclusion CuteNews 0.88 - 'shownews.php' Remote File Inclusion CuteNews 0.88 - 'search.php' Remote File Inclusion CuteNews 0.88 - 'comments.php' Remote File Inclusion WebCalendar 0.9.x - colors.php color Cross-Site Scripting WebCalendar 0.9.x - week.php user Cross-Site Scripting CuteNews 0.88/1.3 - example1.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - example2.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - show_archives.php id Parameter Cross-Site Scripting CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting CuteNews 1.3.1 - show_archives.php archive Parameter Cross-Site Scripting CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting ClipShare 4.1.1 - (gmembers.php gid Parameter) Blind SQL Injection ClipShare 4.1.1 - 'gid' Parameter Blind SQL Injection CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection CuteNews 1.4.1 - show_archives.php template Parameter Traversal Arbitrary File Access CuteNews 1.4.1 - show_news.php template Parameter Traversal Arbitrary File Access CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access CuteNews 1.4.1 - 'template' Parameter Traversal Arbitrary File Access WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting CuteNews 1.4.1 - show_news.php Cross-Site Scripting CuteNews 1.4.1 - 'show_news.php' Cross-Site Scripting O2PHP Oxygen 1.0/1.1 - post.php SQL Injection O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection Freenews 1.1 - Aff_News.php Remote File Inclusion Freenews 1.1 - 'Aff_News.php' Remote File Inclusion ActiveNews Manager - activenews_view.asp articleId Parameter SQL Injection ActiveNews Manager - 'articleId' Parameter SQL Injection ActiveNews Manager - default.asp page Parameter SQL Injection ActiveNews Manager - activenews_search.asp query Parameter Cross-Site Scripting Active News Manager - activeNews_categories.asp catID Parameter SQL Injection Active News Manager - activeNews_comments.asp articleId Parameter SQL Injection ActiveNews Manager - 'page' Parameter SQL Injection ActiveNews Manager - 'query' Parameter Cross-Site Scripting Active News Manager - 'catID' Parameter SQL Injection Active News Manager - 'articleId' Parameter SQL Injection CuteNews 1.4.5 - show_news.php Query String Cross-Site Scripting CuteNews 1.4.5 - rss.php rss_title Parameter Cross-Site Scripting CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting CuteNews 1.3.6 - Result Parameter Cross-Site Scripting CuteNews 1.3.6 - 'result' Parameter Cross-Site Scripting ClipShare 1.5.3 - ADODB-Connection.Inc.php Remote File Inclusion ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion WebCalendar 1.1.6 - pref.php Query String Cross-Site Scripting WebCalendar 1.1.6 - search.php adv Parameter Cross-Site Scripting WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting SiteXS CMS 0.0.1 - 'upload.php' Arbitrary File Upload SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload Basic-CMS - 'index.php' SQL Injection Joomla! Component EXP Shop 1.0 'com_expshop' - SQL Injection Joomla! Component EXP Shop 1.0 - SQL Injection Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities Jamroom 3.3.8 - Cookie Authentication Bypass CuteNews 1.4.6 - register.php result Parameter Cross-Site Scripting CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting CuteNews 1.4.6 - search.php from_date_day Parameter Full Path Disclosure CuteNews 1.4.6 - 'from_date_day' Parameter Full Path Disclosure ZeroCMS 1.0 - (zero_view_article.php article_id Parameter) SQL Injection ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (1) WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (2) Netgear R7000 - Command Injection |
||
---|---|---|
platforms | ||
files.csv | ||
README.md | ||
searchsploit |
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066) | ./windows/local/6757.txt
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) (Metasploit) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) | ./windows/local/40564.c
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash
, sed
, grep
, awk
, etc.) for the core features to work. The self updating function will require git
, and the Nmap XML option to work, will require xmllint
(found in the libxml2-utils
package in Debian-based systems).