Nmap Development mailing list archives
Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search
From: Gyanendra Mishra <anomaly.the () gmail com>
Date: Sat, 14 Mar 2015 15:58:19 +0530
Hi, Thanks for your help! On Sat, Mar 14, 2015 at 1:04 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
So what is left? I don't like how we don't give any output if we can't create the new index. We should either: 1. create the index as needed without a script-arg (I don't like this option), or 2. Check the version number (GET / => response.version.number) and set LIKELY_VULN if it matches "1.3.[0-7]" or "1.4.[0-2]". Then proceed to exploit regardless of version reported and set EXPLOITED if that succeeds. Only return nil if it's not Elasticsearch at all.
I too found option 2 better. I implemented the same in the attached script. Now the script checks for the version, if a vulnerable version is found then it sets vuln_table.state to LIKELY_VULN along with updating the port version. The report table is returned instead of nil in most places now. Gyanendra
Attachment:
http-vuln-cve2015-1427.nse
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 13)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 13)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 14)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Gyanendra Mishra (Mar 12)
- Re: [NSE] http-vuln-cve2015-1427 Remote Code Execution in Elastic Search Daniel Miller (Mar 12)