ExploitDB
A quick reference guide to using ExploitDB and the searchsploit
CLI for it.
ExploitDB tends to me more useful for hackers since it contains actual exploits that can be used directly.
Let’s search for an exploit for Fuel CMS using the locally installed ExploitDB:
searchsploit fuel cms
----------------------------------------------------------------------------- --------------------------------- Exploit Title | Path ----------------------------------------------------------------------------- --------------------------------- fuel CMS 1.4.1 - Remote Code Execution (1) | linux/webapps/47138.py Fuel CMS 1.4.1 - Remote Code Execution (2) | php/webapps/49487.rb Fuel CMS 1.4.1 - Remote Code Execution (3) | php/webapps/50477.py Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated) | php/webapps/50523.txt Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) | php/webapps/48741.txt Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated) | php/webapps/48778.txt Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF) | php/webapps/50884.txt ----------------------------------------------------------------------------- --------------------------------- Shellcodes: No Results
To display the information of a specific exploit, use the -x
flag:
searchsploit -x 49487
# Title: Fuel CMS 1.4.1 - Remote Code Execution (2) # Exploit Author: Alexandre ZANNI # Date: 2020-11-14 # Vendor Homepage: https://www.getfuelcms.com/ # Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 # Version: <= 1.4.1 # Tested on: Ubuntu 16.04 # CVE : CVE-2018-16763 # References: https://www.exploit-db.com/exploits/47138