A mirror of the Gitlab repo: https://gitlab.com/exploit-database/exploitdb
fb1dd3709f
12 new exploits vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption XChat - Heap Overflow Denial of Service XChat 2.8.9 - Heap Overflow Denial of Service Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (1) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1) glibc - getaddrinfo Stack Based Buffer Overflow (1) glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) Microsoft Edge - JSON.parse Info Leak Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125) Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009) Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068) Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation (2) Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Microsoft PowerShell - XML External Entity Injection XChat 2.8.7b - (URI Handler) Remote Code Execution (Internet Explorer 6/7' XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7) Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap glibc - getaddrinfo Stack Based Buffer Overflow (2) glibc - 'getaddrinfo' Stack Based Buffer Overflow Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056) Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes) Gravity Board X 1.1 - (csscontent) Remote Code Execution Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion Mambo Component ExtCalendar 2.0 - Remote File Inclusion Mambo Component com_babackup 1.1 - File Inclusion Mambo Component bigAPE-Backup 1.1 - File Inclusion E-Smart Cart 1.0 - 'Product_ID' SQL Injection E-Smart Cart 1.0 - 'Product_ID' Parameter SQL Injection Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion Joomla! / Mambo Component New Article 1.1 - Remote File Inclusion Cartweaver - 'Details.cfm ProdID' SQL Injection Cartweaver 2.16.11 - 'ProdID' Parameter SQL Injection Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' Parameter SQL Injection xeCMS 1.x - (view.php list) Remote File Disclosure xeCMS 1.x - 'view.php' Remote File Disclosure Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection Mambo Component Portfolio Manager 1.0 - 'categoryId' Parameter SQL Injection Easy-Clanpage 2.2 - 'id' SQL Injection Easy-Clanpage 2.2 - 'id' Parameter SQL Injection JAMM CMS - 'id' Blind SQL Injection Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities JAMM CMS - 'id' Parameter Blind SQL Injection Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting GLLCTS2 <= 4.2.4 - (login.php detail) SQL Injection Butterfly ORGanizer 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection Mambo Component Galleries 1.0 - 'aid' Parameter SQL Injection Easy-Clanpage 3.0b1 - (section) Local File Inclusion WebChamado 1.1 - (tsk_id) SQL Injection Pre News Manager 1.0 - (index.php id) SQL Injection Pre Ads Portal 2.0 - SQL Injection Easy-Clanpage 3.0b1 - 'section' Parameter Local File Inclusion WebChamado 1.1 - 'tsk_id' Parameter SQL Injection Pre News Manager 1.0 - 'id' Parameter SQL Injection Pre ADS Portal 2.0 - SQL Injection GLLCTS2 - 'listing.php sort' Blind SQL Injection GLLCTS2 - 'sort' Parameter Blind SQL Injection Contenido 4.8.4 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Contenido 4.8.4 - Remote File Inclusion / Cross-Site Scripting PHPMyCart - 'shop.php cat' SQL Injection SHOUTcast Admin Panel 2.0 - (page) Local File Inclusion Cartweaver 3 - (prodId) Blind SQL Injection DIY - (index_topic did) Blind SQL Injection PHPMyCart 1.3 - 'cat' Parameter SQL Injection SHOUTcast Admin Panel 2.0 - 'page' Parameter Local File Inclusion Cartweaver 3 - 'prodId' Parameter Blind SQL Injection DIY - 'did' Parameter Blind SQL Injection ezcms 1.2 - (Blind SQL Injection / Authentication Bypass) Multiple Vulnerabilities PHPEasyNews 1.13 RC2 - (POST) SQL Injection ezcms 1.2 - Blind SQL Injection / Authentication Bypass PHPEasyNews 1.13 RC2 - 'POST' Parameter SQL Injection Devalcms 1.4a - (currentfile) Local File Inclusion Devalcms 1.4a - 'currentfile' Parameter Local File Inclusion IPTBB 0.5.6 - (index.php act) Local File Inclusion IPTBB 0.5.6 - 'act' Parameter Local File Inclusion Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection Mambo Component Articles - 'artid' Parameter Blind SQL Injection Mambo Component 'com_n-gallery' - Multiple SQL Injections Mambo Component N-Gallery - Multiple SQL Injections devalcms 1.4a - Cross-Site Scripting / Remote Code Execution Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution PHP JOBWEBSITE PRO - (Authentication Bypass) SQL Injection PHP JOBWEBSITE PRO - Authentication Bypass Pre ADS Portal 2.0 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities Pre ADS Portal 2.0 - Authentication Bypass / Cross-Site Scripting Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection Mambo Component n-form - 'form_id' Parameter Blind SQL Injection Pre Job Board - (Authentication Bypass) SQL Injection Pre Job Board - Authentication Bypass Butterfly ORGanizer 2.0.1 - (view.php id) SQL Injection Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection facil-cms 0.1rc2 - Multiple Vulnerabilities Facil-CMS 0.1RC2 - Multiple Vulnerabilities Family Connections CMS 1.9 - (member) SQL Injection Family Connections CMS 1.9 - SQL Injection Mambo Component 'com_hestar' - SQL Injection Mambo Component Hestar - SQL Injection Joomla! / Mambo Component 'com_tupinambis' - SQL Injection Joomla! / Mambo Component Tupinambis - SQL Injection Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion Joomla! / Mambo Component D4J eZine 2.1 - Remote File Inclusion Mambo Component 'com_materialsuche' 1.0 - SQL Injection Mambo Component Material Suche 1.0 - SQL Injection Pre ADS Portal - 'cid' SQL Injection Pre ADS Portal - 'cid' Parameter SQL Injection Pre News Manager - (nid) SQL Injection Pre News Manager - 'nid' Parameter SQL Injection Mambo Component 'com_akogallery' - SQL Injection Mambo Component AkoGallery - SQL Injection Mambo Component 'com_mambads' - SQL Injection Mambo Component MambAds - SQL Injection Facil-CMS - (Local File Inclusion / Remote File Inclusion) Facil-CMS 0.1RC2 - Local / Remote File Inclusion AskMe Pro 2.1 - (que_id) SQL Injection Alstrasoft AskMe Pro 2.1 - 'que_id' Parameter SQL Injection Pre Job Board Pro - SQL Injection Authentication Bypass Pre Job Board Pro - Authentication Bypass DiY-CMS 1.0 - Multiple Remote File Inclusion DIY-CMS 1.0 - Multiple Remote File Inclusion Alstrasoft AskMe Pro 2.1 - (forum_answer.php?que_id) SQL Injection Alstrasoft AskMe Pro 2.1 - (profile.php?id) SQL Injection Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection Pre Ads Portal - SQL Bypass Pre ADS Portal - Authentication Bypass Family Connections CMS 2.3.2 - (POST) Persistent Cross-Site Scripting / XML Injection Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection Family Connections CMS 2.5.0 / 2.7.1 - (less.php) Remote Command Execution Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit) Gravity Board X 1.1 - DeleteThread.php Cross-Site Scripting Clever Copy 3.0 - Connect.INC Information Disclosure Clever Copy 3.0 - 'Connect.INC' Information Disclosure Cartweaver 2.16.11 - Results.cfm category Parameter SQL Injection Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection Cartweaver 2.16.11 - 'Results.cfm' SQL Injection Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection Joomla! / Mambo Component Filebase - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection PHP JOBWEBSITE PRO - siteadmin/forgot.php adname Parameter SQL Injection PHP JOBWEBSITE PRO - siteadmin/forgot.php Multiple Parameter Cross-Site Scripting PHP JOBWEBSITE PRO - 'adname' Parameter SQL Injection PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection Conkurent PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection Mambo Component Docman 1.3.0 - Multiple SQL Injection Mambo Component 'com_n-skyrslur' - Cross-Site Scripting Mambo Component N-Skyrslur - Cross-Site Scripting Mambo Component 'com_n-gallery' - SQL Injection Mambo Component N-Gallery - SQL Injection Mambo Component 'com_n-press' - SQL Injection Mambo Component N-Press - SQL Injection Mambo Component 'com_n-frettir' - SQL Injection Mambo Component 'com_n-myndir' - SQL Injection Mambo Component N-Frettir - SQL Injection Mambo Component N-Myndir - SQL Injection AbanteCart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Edge SkateShop - Authentication bypass AbanteCart 1.2.7 - Cross-Site Scripting |
||
|---|---|---|
| platforms | ||
| files.csv | ||
| README.md | ||
| searchsploit | ||
The Exploit Database Git Repository
This is the official repository of The Exploit Database, a project sponsored by Offensive Security.
The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away.
This repository is updated daily with the most recently added submissions. Any additional resources can be found in our binary sploits repository.
Included with this repository is the searchsploit utility, which will allow you to search through the exploits using one or more terms. For more information, please see the SearchSploit manual.
root@kali:~# searchsploit -h
Usage: searchsploit [options] term1 [term2] ... [termN]
==========
Examples
==========
searchsploit afd windows local
searchsploit -t oracle windows
searchsploit -p 39446
=========
Options
=========
-c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe).
-e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies "-t"].
-h, --help Show this help screen.
-j, --json [Term] Show result in JSON format.
-m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory.
-o, --overflow [Term] Exploit titles are allowed to overflow their columns.
-p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible).
-t, --title [Term] Search JUST the exploit title (Default is title AND the file's path).
-u, --update Check for and install any exploitdb package updates (deb or git).
-w, --www [Term] Show URLs to Exploit-DB.com rather than the local path.
-x, --examine [EDB-ID] Examine (aka opens) the exploit using $PAGER.
--colour Disable colour highlighting in search results.
--id Display the EDB-ID value rather than local path.
--nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml).
Use "-v" (verbose) to try even more combinations
=======
Notes
=======
* You can use any number of search terms.
* Search terms are not case-sensitive (by default), and ordering is irrelevant.
* Use '-c' if you wish to reduce results by case-sensitive searching.
* And/Or '-e' if you wish to filter results by using an exact match.
* Use '-t' to exclude the file's path to filter the search results.
* Remove false positives (especially when searching using numbers - i.e. versions).
* When updating from git or displaying help, search terms will be ignored.
root@kali:~#
root@kali:~# searchsploit afd windows local
--------------------------------------------------------------------------------- ----------------------------------
Exploit Title | Path
| (/usr/share/exploitdb/platforms)
--------------------------------------------------------------------------------- ----------------------------------
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) | ./windows/local/6757.txt
Microsoft Windows XP - 'afd.sys' Local Kernel Denial of Service | ./windows/dos/17133.c
Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080) | ./windows/local/18176.py
Microsoft Windows - 'AfdJoinLeaf' Privilege Escalation (MS11-080) | ./windows/local/21844.rb
Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) | ./win_x86/local/39446.py
Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) | ./win_x86-64/local/39525.py
--------------------------------------------------------------------------------- ----------------------------------
root@kali:~#
root@kali:~# searchsploit -p 39446
Exploit: Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
URL: https://www.exploit-db.com/exploits/39446/
Path: /usr/share/exploitdb/platforms/win_x86/local/39446.py
Copied EDB-ID 39446's path to the clipboard.
root@kali:~#
SearchSploit requires either "CoreUtils" or "utilities" (e.g. bash, sed, grep, awk, etc.) for the core features to work. The self updating function will require git, and the Nmap XML option to work, will require xmllint (found in the libxml2-utils package in Debian-based systems).