.. / CVE-2014-3120

Exploit for ElasticSearch v1.1.1/1.2 RCE (CVE-2014-3120)

Description:

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor’s intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

Nuclei Template

View the template here CVE-2014-3120.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-3120.yaml

References:

http://bouk.co/blog/elasticsearch-rce/
https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120
https://www.elastic.co/community/security/
https://www.elastic.co/blog/logstash-1-4-3-released
https://nvd.nist.gov/vuln/detail/CVE-2014-3120

.. / CVE-2014-3120 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for ElasticSearch v1.1.1/1.2 RCE (CVE-2014-3120)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2014-3120