Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-1427 PoC — Elasticsearch Groovy Scripting Engine Sandbox 安全绕过漏洞

Source
https://github.com/xpgdgit/CVE-2015-1427
Associated Vulnerability
Title:Elasticsearch Groovy Scripting Engine Sandbox 安全绕过漏洞 (CVE-2015-1427)
Description:Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎,它主要用于云计算中,并支持通过HTTP使用JSON进行数据索引。 Elasticsearch 1.37及之前版本和1.4.3之前1.4.x版本的Groovy脚本引擎中存在安全漏洞。远程攻击者可借助特制的脚本利用该漏洞绕过沙箱保护机制,执行任意shell命令。
Readme
# CVE-2015-1427
 
参数
    -u      单个url
    -l      指定url文件
    -c      指定命令
File Snapshot

 [4.0K]  /data/pocs/c80668143322182e58d22581716b4087643a86a8
├── [2.4K]  CVE-2015-1427.py
└── [  99]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.