forked from p15670423/monkey
Docs: Remove ElasticSearch exploiter documentation
This commit is contained in:
parent
31e6c09673
commit
b1fbf64730
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
title: "ElasticGroovy"
|
|
||||||
date: 2020-07-14T08:41:40+03:00
|
|
||||||
draft: false
|
|
||||||
tags: ["exploit", "windows", "linux"]
|
|
||||||
---
|
|
||||||
### Description
|
|
||||||
|
|
||||||
CVE-2015-1427
|
|
||||||
|
|
||||||
> The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x (before 1.4.3) allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
|
|
||||||
|
|
||||||
The logic is based on the [Metasploit module](https://github.com/rapid7/metasploit-framework/blob/12198a088132f047e0a86724bc5ebba92a73ac66/modules/exploits/multi/elasticsearch/search_groovy_script.rb).
|
|
Loading…
Reference in New Issue