The ultimate archive of exploits and vulnerable software and a great resource for vulnerability researchers and security professionals.
Our aim is to collect exploits from submit tals and various mailing lists and concentrate them in one, easy to navigate database.
This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. // r0073r
Submissions rules
We will NOT accept, process or post any vulnerabilities which are targeted against live websites.
To speed up your submission entry please follow these guidelines:
1) Send one exploit per mail, with the mail subject as the exploit title.
2) Send your exploit as a file attachment (.zip, .tgz, .gz, .rar, .c, .py, .txt, .pl, html, etc..).
3) Include a link to the vulnerable software if possible.
Please read the following submission guidelines carefully:
1) We will not accept non-persistent XSS vulnerabilities.
2) We will not accept XSS vulnerabilities for minor applications.
3) We will not accept vulnerability reports without triggering details.
4) We will not accept exploits for software which can't be found on the internet or are not popular.
5) We will not accept duplicate exploits that are simply written in a different language.
Please fill in as much as possible to speed up the verification.
When submitting an exploit, you should include at least these headers:
# Exploit Title: [title]
# Date: [date]
# Author: [author]
# Vendor or Software Link: [download link if available]
# Version: [version of the product]
# Category:: [remote, local, webapps, dos, etc..]
# Google dork: [inurl: + intext:]
# Tested on: [relevant os]
# Demo site: [3 vulnerable site, this will speed up check]
The published advisories in the following format: (Example 1337ID)