Alex的博客

本博客的文章均为原创,是本人从事行业多年来所遇见一些小问题的解决心得,希望可以帮助到大家!



exploit-db 使用教程

exploit-db是一个查找软件漏洞信息

具体介绍在这里https://www.exploit-db.com/searchsploit/

安装:

mac下

brew update && brew install exploitdb
Kali Linux:

apt update && apt -y install exploitdb
更新

searchsploit -u 或者 searchsploit --update
查找mssql的漏洞
searchsploit mssql
如果有就近一步查看漏洞利用方法

-------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------
 Exploit Title                                                                                                                                    |  Path
                                                                                                                                                  | (/usr/share/exploitdb/platforms/)
-------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------
ADODB 4.6/4.7 - 'Tmssql.php' Cross-Site Scripting                                                                                                 | php/webapps/28104.txt
ADODB < 4.70 - 'tmssql.php' Denial of Service                                                                                                     | php/dos/1651.php
AutoDealer 1.0/2.0 - MSSQL Injection                                                                                                              | php/webapps/12462.txt
MSSQL 7.0 - Remote Denial of Service                                                                                                              | windows/dos/562.c
PHP 4.4.6 - 'mssql_[p]connect()' Local Buffer Overflow                                                                                            | windows/local/3417.php
XAMPP for Windows 1.6.0a - 'mssql_connect()' Remote Buffer Overflow                                                                               | windows/remote/3738.php
-------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------
在上面 Exploit Title是 漏洞利用名称 Path 是利用方法和代码的exp的路径 /usr/share/exploitdb/platforms/ 是exp的家目录 php/webapps/28104.txt是具体漏洞的介绍好利用信息
直接 vi /usr/share/exploitdb/platforms/php/webapps/28104.txt 就能看到该漏洞怎么利用了

浏览75  评论0  Alex于 2017-10-18 10:14
发言