Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-5377 PoC — Elasticsearch 安全漏洞

Source
https://github.com/fi3ro/CVE-2015-5377
Associated Vulnerability
Title:Elasticsearch 安全漏洞 (CVE-2015-5377)
Description:Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎,它主要用于云计算中,并支持通过HTTP使用JSON进行数据索引。 Elasticsearch 1.6.1之前版本中存在远程代码执行漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行任意代码,也可能造成拒绝服务。
Description
Java deserialization exploit for elasticsearch 1.5.2 CVE-2015-5377
Readme
# CVE-2015-5377
Elasticsearch 1.5.2 is vulnerable to RCE through insecure java deserialization.

The exploit attack the transport protocol on port 9300. The deserialization is based on Groovy MethodClosure chain to achive RCE.
File Snapshot

 [4.0K]  /data/pocs/c7d412ca75f371e25ca905eebebb99f02033ed82
├── [ 12K]  CVE-2015-5377.py
└── [ 227]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.