Thanks for sharing your experiences here is some sample code on how to exploit the system for version <1.2.0, port 9200 exposed to internet and flag setting script.disable_dynamic=false as is by default
http://bouk.co/blog/elasticsearch-rce/#how_to_secure_against_this_vulnerability regards -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3a54a472-27ac-4c91-9494-b2cfd07dad30%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
