CVE-2014-3120 PoC — Elasticsearch 安全漏洞

Source

https://github.com/xpgdgit/CVE-2014-3120

Associated Vulnerability

Title:Elasticsearch 安全漏洞 (CVE-2014-3120)
Description:Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎，它主要用于云计算中，并支持通过HTTP使用JSON进行数据索引。 Elasticsearch 1.2之前版本中存在安全漏洞，该漏洞源于程序在默认配置下允许使用动态脚本。远程攻击者可利用该漏洞借助‘source’参数执行任意的MVEL表达式和Java代码。

Readme

# CVE-2014-3120

File Snapshot


 [4.0K]  /data/pocs/ba16c8934326259100d4109efa9ff4d1fd24d4a1
├── [2.8K]  CVE-2014-3120.py
└── [  18]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!