authorization registration
0day Today Inj3ct0r Exploits Market and 0day Exploits Database
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.
This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage.

 How to buy exploit? Two ways to buy required exploit. Currency, that we accept.

  1. Anonymous buying of exploits is the way to buy exploit without registration. You buy it directly and anonymous and get exploit on mail.
  1. Another way to buy exploits is to became 1337day user, get 1337day Gold and buy required exploit in our database.
We accept currencies: [contact admin to find more]
                           

                   
Search:              Extended search

0day 1337day Private exploits and 0day exploits Market


Zero-day exploits target zero-day vulnerabilities. Zero-day vulnerabilities are those for which no official patch has been released by the vendor. This means that no days [zero days] have elapsed between the time the vulnerability was discovered and the time an official patch was made available. Therefore, the administrators have had zero days to fix the flaw. It ceases to be a zero day once a fix is available.
Private category sells private Exploits and Vulnerabilities. Users can buy exploits using Gold [registered users] or using incognito mode [unregistered users], specify only mail to get material.

[ highlight ]

DATE
DESCRIPTION
TYPE
HITS
RISK
GOLD
BUY
15-04-2017
VNC Module-Botnet 2017 Private
windows
R
D
C
 
3.15
At the start you get from us 60000-70000 bots, Everything works on our servers, Monthly maintenance of $ 970 , Panel Options Automatic information search , Automatic unloading, Automatic upload of your files to all bots, Sample by country in the list of 37 countries, Automatic update of bots every week, This package includes every week 20000 new bots , Random countries , At your desire we can create and more but monthly, Deliberation will cost you more, The whole process of issuing you access to the automatic panel, For additional information, contact us by contacts.....
23-02-2017
Pornhub User Account takeover Privilage Escalation Exploit
tricks
3764
R
D
C
 
1.354
Privilege Escalation via same username during registration . We can get into any account that has a valid username registered in ht.pornhub.com using the same username with different email /identity . That is why I belief here privacy is being exploited and privilege is unrestricted to any third person , who may eventually compromise accounts of the general users.
25-08-2016
Twitter reset account Private Method 0day Exploit
tricks
15478
R
D
C
 
2.076
BUT YOU CANT reset account if user add phone number

[ remote exploits ]

DATE
DESCRIPTION
TYPE
HITS
RISK
GOLD
BUY
26-02-2017
Adobe Acrobat Reader DC Memory Corruption Remote Code Execution Exploit
windows
1 254
R
D
C
 
1.465
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code under the context of the current process.
26-02-2017
Adobe Flash Player MediaPlayer Out-Of-Bounds Access Remote Code Execution Exploit
windows
982
R
D
C
 
1.374
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of MediaPlayer objects. The issue results from the lack of proper validation of user-supplied data which can result in a memory access before of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process.
26-02-2017
Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Exploit
windows
878
R
D
C
 
1.557
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of data passed within MessageChannel objects. The issue results from the lack of proper validation of user-supplied data which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.
06-02-2017
Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability
java
1 138
R
D
C
 
1.74
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AtomicReferenceFieldUpdater class. Due to insufficient type checking involving this class, it is possible for untrusted code to gain access to privileged methods and properties. An attacker can leverage this vulnerability to execute code under the context of the process.
06-02-2017
Oracle Java Uninitialized Memory Remote Code Execution Vulnerability
java
1 120
R
D
C
 
1.648
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the creation of an object without proper initialization. Due to this uninitialized memory, it is possible for untrusted code to gain access to privileged methods and properties. An attacker can leverage this vulnerability to execute code under the context of the process.
24-01-2017
Joomla 3.6.5 Remote code execution Exploit 0day
php
3 663
R
D
C
 
3.022
Joomla 3.6.5 Core suffers from a remote code execution vulnerability. Joomla Core affected Joomla! 3.6.X versions. Exploit automated. It is possible to specify a list of sites. For the work you need to install Python.
20-10-2016
WhatsApp Android text Crash 0day Exploit
Android
5 762
R
D
C
 
1.827
This code work on all Android versions. Don t work on all android emulators as nexus. It is a short code that acts on android. When Android PROCESS the code, the app gets a crash. Don t work if android don t process directly the code. tested and work 100% on: - whatsapp message. - whatsapp name/state (local). - Instagram message. - Snapchat message. - SMS (local). - Skype (No all versions but if work the code create a fatal error). - Google chrome (in url). - other apps. Also you can post the code in a app as global post and crash all the people who use this app. Sometimes the error can be fatal and create a loop (open/close app) or other random fatal error.
08-09-2016
Elastix PBX 2.x.x Remote Command Execution 0day Exploit
linux
22 103
R
D
C
 
2.747
This vulnerability in Elastix 2.x.x for remote command execution to escalate your privileges to root on most systems in Elastix. A remote command execution vulnerability exists in Elastix PBX all version 2.x.x and versions of FreePBX 2.5, 2.6, 2.7, 2.8, 2.9, 2.10.

[ local exploits ]

DATE
DESCRIPTION
TYPE
HITS
RISK
GOLD
BUY
03-04-2017
OpenSSH rootkit backdoor tool with ssh sniffer
linux
17 608
R
D
C
 
0.082
This is a private version of OpenSSH backdoor rootkit tool wih ssh sniffer. If u want to have a hidden acces to a unix server on ssh conexion you can us this tool safetly. Also this rootkit can catch all ssh conexiones from the server where install this tool. If a user@ or root@ made a ssh conexion from the server like [email protected] or [email protected] you can see after the user , ip , password in a sniffer .log file that is instaled by this tool. Also all proceses are hidden in ps pstree . Conexion hidden in netstat lsof and w command . This tool requied openssl pam zlib You can install like that : yum -y install openssl* pam* zlib --skip-broken apt-get install libssl-dev libpam0g-dev zlib1g-dev Enjoy and have phun.
03-03-2017
Microsoft Office Word 2003+2007+2017 Universal 0day Exploit
windows
9 882
R
D
C
 
3.472
This module targets Office 2003 [no-SP/SP1/SP2/SP3] + 2007 [no-SP/SP/SP2/SP3] + Office 2010-2017 [no-SP/SP1] versions. This module exploits a stack buffer overflow in SCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. Exploitation on this one is easy. We created a VM with Windows 7 fully patched and then installed Microsoft Office 2007 (no SP). We rebooted the VM. We loaded up the MS Office Word 2003+2007+2010+2017 mscomctl Universal Exploit (CVE-2012-0158) exploit in metasploit and setup a meterpreter reverse tcp payload. We created the malicious msf.doc file by exploiting the module and then setup a multi-handler with a reverse tcp payload. We copied the malicious msf.doc file to the target machine using a SMB transfer. The stage was sent when we opened the msf.doc file and a meterpreter session was opened with our user account. We installed the SP 3 patch for Office and rebooted the machine. We tested the exploit again and received a meterpreter shell. We rolled back the VM to a clean Windows install and then installed Office Professional 2010 with SP1. We repeated the above exploitation steps and were given another meterpreter session.
25-02-2017
Office 2003 SP3, Office 2007 SP2, Office 2017 Stack-based buffer overflow
multiple
11 072
R
D
C
 
0.127
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka RTF Stack Buffer Overflow Vulnerability. Output .doc Url download and execute CVE2010-3333 MS10-087 Detected output
15-02-2017
Microsoft Office 2007/2017 Download and Execute Vulnerability
windows
12 795
R
D
C
 
1.37
This vulnerability allows to download and execute a file note: the vulnerability is triggered only when Includes macros or user consents to the inclusion. To specify where to load the file you want to open a Word document and press Alt + F11 to change the address and file.
08-02-2017
macOS 10.11.* / 10.12.* Kernel Code Execution - SIP bypass 0day Exploit
macOS
1 600
R
D
C
 
2.741
Privilege Escalation Exploit for OS macOS from root to kernel. https://youtu.be/WzigWTyAA6w
15-01-2017
Linux local MYSQL and /etc/passwd password cracker and finder
linux
14 068
R
D
C
 
0.123
This a password finder for linux servers . this can be used if you don t have uid=0 . Also worked witch another uid like user nobody 33. This finder help you to find easy password like MYSQL and local user password from /etc/passwd . Also it work on nobody and apache users . Sometime most MYSQL password work to root or /etc/passwd accounts . Exemple : We have $CONFIG[dbuser] = josedaniel; // Your mysql username $CONFIG[dbpass] = cortijo07; // Your mysql password Sometimes if we have in /etc/passwd user josedaniel the password from Mysql works to ssh login . Do not share this software . Keep it private .
08-07-2016
OS X 10.10.2-10.10.4 Privilege Escalation Exploit 0day
macOS
1 752
R
D
C
 
0.914
Get root access to any computer with apple ID logging in. https://youtu.be/zubgMZ1dCns
12-09-2015
PowerPoint 2003/2007/2017 Silent Builder Exploit
windows
6 989
R
D
C
 
2.741
The exploit allows you to convert EXE & JAR to .PPS its coded 100% from scratch and used by private method to assure a great stability and lasting FUD time. You are able to attach it to the most e-mail providers nowadays everyone uses Microsoft Office so it gives a huge chance of success. This exploit is compatible with MS Office 2003-2007-2010 and Windows XP to Win7 32×64 bit This exploit is FUD more than 8 Month Free reFUD Stable Works on 32 & 64Bit Small stub size Compatible with all RATs/Keyloggers/Botnets Ease of use & TV Support Spread on E-mails, Facebook, etc! Why do we need to use Office Exploit? Because it’s the easiest way to spread your file, When you send exe file to someone they don’t simply open the file therefore you need to use .PPS Exploit for better results.

[ web applications ]

DATE
DESCRIPTION
TYPE
HITS
RISK
GOLD
BUY
02-02-2017
Instagram lock Verify email bypass Vulnerability
tricks
2 385
R
D
C
 
0.365
Instagram lock Verify email bypass Vulnerability. Contact the admin for full details
01-02-2017
Wix Remote Email PoC 0day
tricks
2 413
R
D
C
 
1.827
Wix send remote email affects all pages created with wix.com, possible social engineering attack. https://youtu.be/imQlA9UAxEY
11-01-2017
Invision Power Board 4.x.x Uploading Shell Exploit
php
4 464
R
D
C
 
3.38
Uploading Shell Using PHP Injection Vulnerability
29-11-2016
Scuolabook purchased e-books on .pdf format Download Exploit
tricks
2 758
R
D
C
 
0.091
This script allows you to download scuolabook.it purchased ebooks via-webapp and save them on .pdf format (and read/edit with every pdf-editor) 1) Login to your account on scuolabook.it; 2) Copy _turner_session session key; 3) Run exploit (python exploit.py); 4) Follow the on-screen instructions; 5) Enjoy your reading.
14-11-2016
Truecaller search limit bypass and gathering information Exploit
linux
2 647
R
D
C
 
0.457
this exploit will bypass the truecaller and get the datas of the user and phone number fully automated exploit to extract the data 1.save file first as truecaller.py and send as generator.py 2.the run the program and enter the value what it asked and wait for few min the process will get starts 3.you will get all the contacts for the truecaller with internet details and it bypasses the search limit
18-09-2016
Aol account hijack sessions 0day
tricks
2 263
R
D
C
 
0.365
hijacking sessions replaying information, to gain access to other account details.
24-11-2015
SMF 2.1 Beta 2 Remote Code Execution 0day Exploit
php
3 764
R
D
C
 
3.197
SMF 2.1 Beta 2 0day Exploit allow a remote attacker with the ability to create a basic user account to execute arbitrary code with the privileges of the application. You use python exploit and can authomatic shell upload and remote code execution. example Remote code execution: exploit.py [ site_url ] command mkdir result: drwxr-xr-x 3 root root 4096 Nov 24 01:27 tmp example shell upload: exploit.py [ site_url ] shell result: site.com/tmp/s.php drwxr-xr-x 6 root root 1260 Nov 24 01:28 s.php
24-07-2015
Instagram bypass Access Account Private Method Exploit
tricks
17 428
R
D
C
 
1.832
With this method you can hack almost any Instagram Account
06-02-2015
SMF 2.0.x Remote Code Execution 0day Exploit
php
16 363
R
D
C
 
4.579
When used in conjunction, multiple vulnerabilities within SMF 2.0.x allow a remote attacker with the ability to create a basic user account to execute arbitrary code with the privileges of the application.

[ dos / poc ]

DATE
DESCRIPTION
TYPE
HITS
RISK
GOLD
BUY
17-03-2017
Facebook official android apps crash exploit
Android
7 875
R
D
C
 
0.914
facebook messanger android app version 15.0.0.15.13 and facebook official android app version 20.0.0.25.15 will got crash permanently. all lower versions are also affected. just perform the steps mentioned ;) send the provided code to victim (any person) via facebook chat and that persons facebook messanger android app version 15.0.0.15.13 and facebook official android app version 20.0.0.25.15 will got crash permanently.
02-02-2017
Mozilla FireFox 24/25 All OS Freeze & Crash Exploit
multiple
10 856
R
D
C
 
0.027
This exploit is a 0day vulnerability in Mozilla FireFox => it freeze & crash system. Vulnerable softeware must visit special html page . ATTENTION! You May have to turn off your [PHONE] or shutdown pc :) Данный эксплоит использует уязвимость нулевого дня в Мозилла firefox и может полностью вывести ваш аппарат из строя до перезагрузки.
30-12-2016
Firefox/Chrome/Chromium Multiple Web Browsers (Memory Exhaustion)
multiple
10 534
R
D
C
 
0.064
This is a very stupid bug that can fill the memory (and processor) simply by entering a URL with a specially crafted web server (The Evil Server) This bug is based on an incorrect parsing of HTTP responses with Connection: Keep-Alive in ... basically all web browsers xD Chrome Firefox Chromium Lynx Epiphany W3m Opera IE <- This is the most affected etc... All versions!
21-12-2016
Apache/IIS/nginx Multiple HTTP Servers (Memory Exhaustion) DoS
multiple
18 409
R
D
C
 
1.457
The attack involves making requests to the web server via HTTP pipelining and closing the connection before receiving a response, it causes the thread/fork is not advised and continue processing the request (before attempting to send the response), the attack requires that the server has a significant delay to make more threads/forks with few connections and consume a maximum of resources. The attack exploits the retransmissions and half closed states (CLOSE_WAIT, TIME_WAIT, FIN_WAIT, etc...) of the TCP stack. Yes, this attack can be used for many other services, not just HTTP :D. Recommendation: it s fun to attack with PHP files on the server :P Why firewalls can not easily stop this attack? Because we do not use too many connections established to cause DoS :D Note: The effect of the attack may vary from server to server
24-10-2016
IOS 7.0.3 freeze & crash exploit
iOS
12 787
R
D
C
 
0.037
This exploit use 0day vulnerability in ios => 7 and can freeze & crash system. Vulnerable ios device must visit special html page use safari. Maybe (yes! maybe!) exploit work in ios < 7. Sorry, i can t test this. ATTENTION! ACHTUNG! You can t power off your IOS device before reboot! :) ------- Данный эксплоит использует уязвимость нулевого дня в IOS > 7 и может полностью вывести ваш аппарат из строя до перезагрузки. Вплоть до того, что перестанет отвечать кнопка выключения аппарата.
21-10-2016
OpenSSL OCSP Status Request Extension Unbounded Memory Growth Vulnerability
linux
2 250
R
D
C
 
0.064
Multiple memory leaks in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.The exploit allows to take advantage of this vulnerability. When successfully exploited, the vulnerability causes the server to crash or slow down.
04-06-2016
LogMeIn Hamachi <= 2.1.0.362 Remote DOS
multiple
14 874
R
D
C
 
0.018
LogMeIn Hamachi security flaws and steps with a simple python script to provoke an Hamachi Remote D.O.S.
05-04-2016
Word 2003 SP2 .doc fork bomb on WinXP SP3
windows
10 602
R
D
C
 
0.137
Contact the admin for full details

[ shellcode ]

DATE
DESCRIPTION
TYPE
HITS
RISK
GOLD
BUY
27-06-2017
ShellCode meyerdc
php
R
D
C
 
0.23
ShellCode www.meyerdc.com 20-30 orders 24 hours NetCat
27-06-2017
ShellCode diy
php
R
D
C
 
0.29
ShellCode www.diy.com 30-40 orders 24 hours Host NetCat
16-06-2017
ShellCode nycwebstore
php
R
D
C
 
0.62
ShellCode http://www.nycwebstore.com/ 60-80 orders 24hours host CMS
16-06-2017
ShellCode store.vapeny
php
R
D
C
 
0.32
ShellCode www.store.vapeny.com 25-30 orders 24 hours host CMS
13-06-2017
ShellCode westelm
php
R
D
C
 
0.45
ShellCode www.westelm.com 60-70 orders 24 hours HostCMS
13-06-2017
ShellCode blinq
php
R
D
C
 
0.66
ShellCode blinq.com blinq -90-110 orders 24 hours host CMS
05-06-2017
ShellCode eastwood
php
R
D
C
 
0.42
ShellCode http://www.eastwood.com/ 50-70 orders 24hours host CMS
05-06-2017
ShellCode shopatdean
php
R
D
C
 
0.31
ShellCode www.shopatdean.com 25-35 orders 24 hours HostCMS
22-05-2017
ShellCode cb2
php
R
D
C
 
0.31
ShellCode www.cb2.com 40-50 orders 24 hours HostCMS
18-05-2017
ShellCode cyclegear
php
R
D
C
 
0.44
ShellCode www.cyclegear.com 60-70 orders 24hours host CMS
15-05-2017
ShellCode toywiz
php
R
D
C
 
0.77
ShellCode toywiz.com 80-130 orders 24 hours Host CMS
11-05-2017
ShellCode jondon
php
R
D
C
 
0.65
ShellCode www.jondon.com 70-90 orders 24 hours HostCMS
04-05-2017
ShellCode poppin
php
R
D
C
 
0.46
ShellCode poppin.com 30-50 orders 24 hours NetCat
Exploits in [ March ]: 159  Critical: 14 High: 102 Medium: 31 Low: 12