Tuesday, February 13, 2018

The Perfect Exploit Submission for Exploit-DB

The Exploit Database is a CVE compliant archive of public exploits, shellcodes and security papers, maintained by Offensive Security, an information security training company. Their aim is to provide the most comprehensive collection of exploits and proof of concepts for different vulnerabilities of different products and systems to help security researchers and penetration testers in accomplishing their daily life jobs, etc.

Exploit-DB allows every security researcher or bug hunter to submit their own Exploits, Shell-codes and Security papers. To submit the exploit you'll need a guideline to follow to make sure it will be published as soon as the Offensive Security team review it!

Exploit Submission: 

  • Submission Mail: submit@offsec.com
  • They don't accept, process, or post any vulnerabilities that are targeted against live websites. This also applies to web/graphic design companies.
  • With the exception of papers and shell-codes, all submissions must contain exploit or proof-of-concept code.
  • Submit only 1 exploit per email with the exploit title as the subject and the exploit as a file attachment (txt, c, py, pl, rb, etc.).
  • The following types of submissions will not be accepted: Reflected/non-persistent cross-site scripting (XSS), DLL hijacking, path disclosure, open redirect issues, vulnerabilities that require admin access and Clickjacking unless there has been a CVE assigned (only then will it be accepted).
  • When submitting an exploit, you should include the following headers at a minimum:
    # Exploit Title: [title]
    # Google Dork: [if applicable]
    # Date: [date]
    # Exploit Author: [author]
    # Vendor Homepage: [link]
    # Software Link: [download link if available]
    # Version: [app version] (REQUIRED)
    # Tested on: [relevant os]
    # CVE : [if applicable]

Exploit Submission Example:

Live Example

Copyright: Exploit-DB.

No comments:

Post a Comment