Showing 1 - 2 of 2

Files from Cameron Morris

First Active	2015-02-11
Last Active	2015-03-12

ElasticSearch Search Groovy Sandbox Bypass: Posted Mar 12, 2015; Authored by juan vazquez, Cameron Morris, Darren Martyn | Site metasploit.com; This Metasploit module exploits a remote command execution (RCE) vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypassed using java.lang.Math.class.forName to reference arbitrary classes. It can be used to execute arbitrary Java code. This Metasploit module has been tested successfully on ElasticSearch 1.4.2 on Ubuntu Server 12.04.; tags | exploit, java, remote, arbitrary, code execution; systems | linux, ubuntu; advisories | CVE-2015-1427; SHA-256 | 176b7335ffc0f7911e7044aabe3ffc56753a9bee674eb8ec914eebc3bc9e46fa; Download | Favorite | View

Elasticsearch 1.3.7 / 1.4.2 Sandbox Escape / Command Execution: Posted Feb 11, 2015; Authored by Cameron Morris; Elasticsearch versions 1.3.0 through 1.3.7 and 1.4.0 through 1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.; tags | advisory, java, shell, vulnerability; advisories | CVE-2015-1427; SHA-256 | 66145cb4fc4b97a9b78472aa53007c7b5848d4c52871e4d2f47327bd5f50ccae; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days