Apache Solr 8.3.1 admin panel RCE (Windows)

Description:

This exploit allows code execution without any prior authentication on a default Solr admin panel.

Authors:

Nicolas Brunner - SCRT

Writeup

https://blog.scrt.ch/2023/05/01/solr-rce-from-exposed-administration-interface/

PoC:

Examples:

If no core exists, create the core from the default folder:

./exploit.py -u http://example.com/solr --default-core -c core_123

Using the existing core named core_123, create a new vulnerable core and execute calc.exe:

./exploit.py -u http://example.com/solr -f calc.xml -c core_123

Installation:

Installation of the required python libraries

pip3 install -r requirements.txt

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
calc.xml		calc.xml
exploit.py		exploit.py
fullPoc.gif		fullPoc.gif
managed-schema		managed-schema
requirements.txt		requirements.txt
solrconfig.xml		solrconfig.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Apache Solr 8.3.1 admin panel RCE (Windows)

Description:

Authors:

Writeup

PoC:

Examples:

If no core exists, create the core from the default folder:

Using the existing core named core_123, create a new vulnerable core and execute calc.exe:

Installation:

Installation of the required python libraries

About

Releases

Packages

Languages

scrt/Apache-Solr-8.3.1-RCE

Folders and files

Latest commit

History

Repository files navigation

Apache Solr 8.3.1 admin panel RCE (Windows)

Description:

Authors:

Writeup

PoC:

Examples:

If no core exists, create the core from the default folder:

Using the existing core named core_123, create a new vulnerable core and execute calc.exe:

Installation:

Installation of the required python libraries

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages