Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2014-3120

Description

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

POC

Reference

- https://www.elastic.co/blog/logstash-1-4-3-released

- https://www.elastic.co/community/security/

Github

- https://github.com/0ps/pocassistdb

- https://github.com/0x4156-AV/AwesomeHacking

- https://github.com/189569400/SecurityProduct

- https://github.com/189569400/fofa

- https://github.com/20142995/Goby

- https://github.com/20142995/pocsuite

- https://github.com/20MH1A04H9/Cyber-Security-Projects

- https://github.com/4ra1n/poc-runner

- https://github.com/ACIC-Africa/metasploitable3

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/AaronVigal/AwesomeHacking

- https://github.com/AidoWedo/Awesome-Honeypots

- https://github.com/Awrrays/FrameVul

- https://github.com/Bhanunamikaze/VaktScan

- https://github.com/CLincat/vulcat

- https://github.com/Correia-jpv/fucking-awesome-honeypots

- https://github.com/CrackerCat/myhktools

- https://github.com/Elsfa7-110/kenzer-templates

- https://github.com/Fedex100/awesome-honeypots

- https://github.com/GhostTroops/myhktools

- https://github.com/Hackinfinity/Honey-Pots-

- https://github.com/HimmelAward/Goby_POC

- https://github.com/JE2Se/AssetScan

- https://github.com/Jelbk/honeypot

- https://github.com/Karma47/Cybersecurity_base_project_2

- https://github.com/LubyRuffy/fofa

- https://github.com/Mehedi-Babu/honeypots_cyber

- https://github.com/NCSU-DANCE-Research-Group/CDL

- https://github.com/Nieuport/-awesome-honeypots-

- https://github.com/NyxAzrael/Goby_POC

- https://github.com/Olysyan/MSS

- https://github.com/Ondrik8/-Security

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/Pasyware/Honeypot_Projects

- https://github.com/Penterep/ptelastic

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ToonyLoony/OpenVAS_Project

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/Z0fhack/Goby_POC

- https://github.com/ZTK-009/RedTeamer

- https://github.com/aazard/Cyber_Security_Base_Project_II

- https://github.com/ahm3dhany/IDS-Evasion

- https://github.com/akusilvennoinen/cybersecuritybase-project-2

- https://github.com/amcai/myscan

- https://github.com/arunima-rastogi-1/honeypots

- https://github.com/bharathkanne/csb-2

- https://github.com/bigblackhat/oFx

- https://github.com/birdhan/SecurityProduct

- https://github.com/birdhan/Security_Product

- https://github.com/cc8700619/poc

- https://github.com/cqkenuo/HostScan

- https://github.com/cyberharsh/Groovy-scripting-engine-CVE-2015-1427

- https://github.com/cybersecsi/docker-vuln-runner

- https://github.com/dial25sd/arf-vulnerable-vm

- https://github.com/do0dl3/myhktools

- https://github.com/echohtp/ElasticSearch-CVE-2014-3120

- https://github.com/enomothem/PenTestNote

- https://github.com/eric-erki/awesome-honeypots

- https://github.com/exo-exe/vuln-lab-windows

- https://github.com/fengjixuchui/RedTeamer

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/gauss77/honeypot

- https://github.com/hhhaaarrruuu/PortVulnerability-Tool

- https://github.com/hktalent/myhktools

- https://github.com/investlab/Awesome-honeypots

- https://github.com/iqrok/myhktools

- https://github.com/jeffgeiger/es_inject

- https://github.com/jweny/pocassistdb

- https://github.com/kenuoseclab/HostScan

- https://github.com/m5anksc0des/san_honeypot_resources

- https://github.com/maasikai/cybersecuritybase-project-2

- https://github.com/mycert/ESPot

- https://github.com/nkta3m/Tools

- https://github.com/openx-org/BLEN

- https://github.com/paralax/awesome-honeypots

- https://github.com/password520/RedTeamer

- https://github.com/paulveillard/cybersecurity-honeypots

- https://github.com/pi-2r/Elasticsearch-ExpLoit

- https://github.com/qince1455373819/awesome-honeypots

- https://github.com/r3p3r/paralax-awesome-honeypots

- https://github.com/sankitanitdgp/san_honeypot_resources

- https://github.com/sharifbinmostafa/honeypots

- https://github.com/superfish9/pt

- https://github.com/syedhafiz1234/honeypot-list

- https://github.com/t0m4too/t0m4to

- https://github.com/t666/Honeypot

- https://github.com/touchmycrazyredhat/myhktools

- https://github.com/trhacknon/myhktools

- https://github.com/tzwlhack/AssetScan

- https://github.com/ugurilgin/MoocFiProject-2

- https://github.com/webshell1414/honey

- https://github.com/wisoez/Awesome-honeypots

- https://github.com/xpgdgit/CVE-2014-3120

- https://github.com/yulb2020/hello-world