Exploit Database

The Rapid7 Exploit Database is an archive of Metasploit modules for publicly known exploits, 0days, remote exploits, shellcode, and more for researches and penetration testers to review. 3,000 plus modules are all available with relevant links to other technical documentation and source code. All of the modules included in the Exploit Database are also included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro.


Displaying module details 1 - 10 of 3350 in total

Apache OpenOffice Text Document Malicious Macro Execution Exploit

Disclosed: February 08, 2017

This module generates an Apache OpenOffice Text Document with a malicious macro in it. To exploit successfully, the targeted user must adjust the security level in Macro Security to either Medium or Low. If set to Medium, a prompt is presented to the user to enable or disable the macro. If set to Low, the macro can automa...

Piwik Superuser Plugin Upload Exploit

Disclosed: February 05, 2017

This module will generate a plugin, pack the payload into it and upload it to a server running Piwik. Superuser Credentials are required to run this module. This module does not work against Piwik 1 as there is no option to upload custom plugins. Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1.

WordPress REST API Content Injection Exploit

Disclosed: February 01, 2017

This module exploits a content injection vulnerability in WordPress versions 4.7 and 4.7.1 via type juggling in the REST API.

Cisco WebEx Chrome Extension RCE (CVE-2017-3823) Exploit

Disclosed: January 21, 2017

This module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system.

Advantech WebAccess 8.1 Post Authentication Credential Collector Exploit

Disclosed: January 21, 2017

This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this.

TrueOnline / ZyXEL P660HN-T v1 Router Unauthenticated Command Injection Exploit

Disclosed: December 26, 2016

TrueOnline is a major ISP in Thailand, and it distributes a customised version of the ZyXEL P660HN-T v1 router. This customised version has an unauthenticated command injection vulnerability in the remote log forwarding page. This module was tested in an emulated environment, as the author doesn't have access to the ...

TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection Exploit

Disclosed: December 26, 2016

TrueOnline is a major ISP in Thailand, and it distributes a customised version of the Billion 5200W-T router. This customised version has at least two command injection vulnerabilities, one authenticated and one unauthenticated, on different firmware versions. This module will attempt to exploit the unauthenticated inject...

PHPMailer Sendmail Argument Injection Exploit

Disclosed: December 26, 2016

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This module writes a payload to the web root of the ...

TrueOnline / ZyXEL P660HN-T v2 Router Authenticated Command Injection Exploit

Disclosed: December 26, 2016

TrueOnline is a major ISP in Thailand, and it distributes a customised version of the ZyXEL P660HN-T v2 router. This customised version has an authenticated command injection vulnerability in the remote log forwarding page. This can be exploited using the "supervisor" account that comes with a default password on the devi...

DiskBoss Enterprise GET Buffer Overflow Exploit

Disclosed: December 05, 2016

This module exploits a stack-based buffer overflow vulnerability in the web interface of DiskBoss Enterprise v7.5.12 and v7.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This module has been tested successfully on Windows XP SP3 and Windows 7 SP1.