Nmap Development mailing list archives
[NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Thu, 12 Mar 2015 17:22:30 +0530
Hi, I tried writing a script inspired by [1] and [2]. ElasticSearch versions 1.3.0 to 1.3.8 and 1.4.0 to 1.4.3 have a remote code execution vulnerability as described in [1]. The script sends a simple post request containing the payload as mentioned in [3],[2]. If the hits table inside the hits table contains something then the script was successful and the target is vulnerable. I tried running the curl command in [1] and [3] and the script by XiphosResearch in [2] on various versions of ElasticSearch (1.3.6,1.3.7,1.3.0,1.4.2) but I couldn't get the desired results. The attached NSE script gets results exactly as the above mentioned commands/script. So I couldn't run any successful tests. I have also added a github link [4] to my script in case I make any changes to it. [1] jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/ [2] https://github.com/XiphosResearch/exploits/blob/master/ElasticSearch/elastic_shell.py [3] carnal0wnage.attackresearch.com/2015/03/elasticsearch-cve-2015-1427-rce-exploit.html [4] https://github.com/h4ck3rk3y/nmap/blob/master/test_scripts/http-vuln-cve2015-1427.nse Gyanendra
Attachment:
http-vuln-cve2015-1427.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 13)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 13)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 14)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 12)