Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-3337 PoC — Elasticsearch 路径遍历漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/ElasticSearch%20%E7%9B%AE%E5%BD%95%E7%A9%BF%E8%B6%8A%E6%BC%8F%E6%B4%9E%20CVE-2015-3337.md
Associated Vulnerability
Title:Elasticsearch 路径遍历漏洞 (CVE-2015-3337)
Description:Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
File Snapshot

 # ElasticSearch 目录穿越漏洞 CVE-2015-3337

## 漏洞描述

在安装了具有“site”功能的插件以后,插件目录使用`../`即可向上跳转,导致目录穿越漏洞,可读取任意文

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →