### [CVE-2014-3120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3120)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search.  NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

### POC

#### Reference
- https://www.elastic.co/blog/logstash-1-4-3-released
- https://www.elastic.co/community/security/

#### Github
- https://github.com/0ps/pocassistdb
- https://github.com/189569400/fofa
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/pocsuite
- https://github.com/ACIC-Africa/metasploitable3
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AaronVigal/AwesomeHacking
- https://github.com/AidoWedo/Awesome-Honeypots
- https://github.com/Awrrays/FrameVul
- https://github.com/CLincat/vulcat
- https://github.com/Correia-jpv/fucking-awesome-honeypots
- https://github.com/CrackerCat/myhktools
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Fedex100/awesome-honeypots
- https://github.com/GhostTroops/myhktools
- https://github.com/Hackinfinity/Honey-Pots-
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JE2Se/AssetScan
- https://github.com/Karma47/Cybersecurity_base_project_2
- https://github.com/LubyRuffy/fofa
- https://github.com/Mehedi-Babu/honeypots_cyber
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/Nieuport/-awesome-honeypots-
- https://github.com/Olysyan/MSS
- https://github.com/Ondrik8/-Security
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Pasyware/Honeypot_Projects
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ToonyLoony/OpenVAS_Project
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZTK-009/RedTeamer
- https://github.com/ahm3dhany/IDS-Evasion
- https://github.com/akusilvennoinen/cybersecuritybase-project-2
- https://github.com/amcai/myscan
- https://github.com/bharathkanne/csb-2
- https://github.com/bigblackhat/oFx
- https://github.com/birdhan/SecurityProduct
- https://github.com/birdhan/Security_Product
- https://github.com/cqkenuo/HostScan
- https://github.com/cyberharsh/Groovy-scripting-engine-CVE-2015-1427
- https://github.com/cybersecsi/docker-vuln-runner
- https://github.com/dial25sd/arf-vulnerable-vm
- https://github.com/do0dl3/myhktools
- https://github.com/echohtp/ElasticSearch-CVE-2014-3120
- https://github.com/enomothem/PenTestNote
- https://github.com/eric-erki/awesome-honeypots
- https://github.com/fengjixuchui/RedTeamer
- https://github.com/hktalent/myhktools
- https://github.com/investlab/Awesome-honeypots
- https://github.com/iqrok/myhktools
- https://github.com/jeffgeiger/es_inject
- https://github.com/jweny/pocassistdb
- https://github.com/kenuoseclab/HostScan
- https://github.com/maasikai/cybersecuritybase-project-2
- https://github.com/mycert/ESPot
- https://github.com/nkta3m/Tools
- https://github.com/openx-org/BLEN
- https://github.com/paralax/awesome-honeypots
- https://github.com/password520/RedTeamer
- https://github.com/paulveillard/cybersecurity-honeypots
- https://github.com/pi-2r/Elasticsearch-ExpLoit
- https://github.com/qince1455373819/awesome-honeypots
- https://github.com/r3p3r/paralax-awesome-honeypots
- https://github.com/sankitanitdgp/san_honeypot_resources
- https://github.com/superfish9/pt
- https://github.com/syedhafiz1234/honeypot-list
- https://github.com/t0m4too/t0m4to
- https://github.com/t666/Honeypot
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/ugurilgin/MoocFiProject-2
- https://github.com/webshell1414/honey
- https://github.com/wisoez/Awesome-honeypots
- https://github.com/xpgdgit/CVE-2014-3120
- https://github.com/yulb2020/hello-world