Skip to content

jeffgeiger/es_inject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
es_inject.html
es_inject.html
 
 
screen.png
screen.png
 
 

Repository files navigation

##CVE-2014-3120 Elastic Search Remote Code Execution

This project demonstrates the CVE-2014-3120 vulnerability/misconfiguration. It allows you to read from and append to files on the system hosting ES, provided the user running ES has access to them.

###Notes

This does not require a web server. Save it locally and run it from a browser.

Discovery and vuln publishing credit goes to: @BvdBijl - http://bouk.co/blog/elasticsearch-rce/

image

About

Demonstration of CVE-2014-3120

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published