Apache Solr remote code execution
This research is aimed to present a new vulnerability: "Solr parameter Injection" and describe how it may be exploited in different scenarios. It also accumulates all public exploits for Apache Solr. Target Solr version: 1.3 – 8.2 Requirements: DataImportHandler should be enabled, which is not by default Solr has an optional DataImportHandler that is useful to import data from databases or URLs, It is possible to include arbitrary JavaScript code inside the script tag of data config parameter that will be executed on the Solr server for each imported document. Github : https://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192 Contact us : secure@rapidsafeguard.com rapidsafeguard@gmail.com http://www.rapidsafeguard.com Blog: https://www.easyhack.in Follow us Twitter : https://twitter.com/RapidSafeguard Instagram : https://www.instagram.com/rapidsafegu... Facebook: https://www.facebook.com/theeasyhack
This research is aimed to present a new vulnerability: "Solr parameter Injection" and describe how it may be exploited in different scenarios. It also accumulates all public exploits for Apache Solr. Target Solr version: 1.3 – 8.2 Requirements: DataImportHandler should be enabled, which is not by default Solr has an optional DataImportHandler that is useful to import data from databases or URLs, It is possible to include arbitrary JavaScript code inside the script tag of data config parameter that will be executed on the Solr server for each imported document. Github : https://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192 Contact us : secure@rapidsafeguard.com rapidsafeguard@gmail.com http://www.rapidsafeguard.com Blog: https://www.easyhack.in Follow us Twitter : https://twitter.com/RapidSafeguard Instagram : https://www.instagram.com/rapidsafegu... Facebook: https://www.facebook.com/theeasyhack