Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22146 PoC — Elasticsearch 安全漏洞

Source
https://github.com/magichk/cve-2021-22146
Associated Vulnerability
Title:Elasticsearch 安全漏洞 (CVE-2021-22146)
Description:Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎。该产品主要应用于云计算,并支持通过HTTP使用JSON进行数据索引。 Elastic Cloud Enterprise存在安全漏洞,该漏洞源于在已部署的集群中,所有版本的Elastic Cloud Enterprise默认都启用了Elasticsearch匿名用户。在默认设置中,匿名用户没有权限,并且无法成功查询任何Elasticsearch api,攻击者可利用该漏洞可以利用匿名用
Readme
# cve-2021-22146

I found during a internal pentest a vulnerability on elastic ECE. Elasticdump is a PoC for CVE-2021-22146 to dump database from elastic ece from 7.10.0 to 7.13.3

https://www.exploit-db.com/exploits/50152

Collaborators: Mario Díaz Caldera.
File Snapshot

 [4.0K]  /data/pocs/fe81e2bb68574f39c57cee28427d2c9afcdddce7
├── [2.0K]  elasticdump.py
└── [ 260]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.