CVE-2014-3120

This Metasploit module exploits CVE-2014-3120, a remote command execution vulnerability in ElasticSearch prior to 1.2.0. It leverages the REST API's dynamic script execution feature to run arbitrary Java code without authentication.

This HTML-based PoC exploits CVE-2014-3120 in Elasticsearch by leveraging dynamic script execution to read or append to arbitrary files on the target system. It uses Java-based scripts injected via the Elasticsearch API to achieve remote code execution.

This repository contains a Python script that exploits CVE-2014-3120, a remote code execution vulnerability in ElasticSearch. The script checks a list of hosts for vulnerability by sending a crafted request that executes a command (uname -a) and checks the response for indicators of successful execution.

This PoC exploits CVE-2014-3120, a remote code execution vulnerability in Elasticsearch. It crafts a malicious JSON payload with a Groovy script to execute arbitrary commands via the `_search` endpoint.

This repository contains a README describing CVE-2014-3120, an Elasticsearch remote code execution vulnerability. It references an external blog post for technical details and credits the discoverer but does not include exploit code.

This Metasploit module exploits CVE-2014-3120, a remote code execution vulnerability in ElasticSearch prior to 1.2.0, by leveraging dynamic script execution in the REST API to execute arbitrary Java code. It includes functionality to detect the target OS, write a malicious JAR file, and execute it.