Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-17558 PoC — Apache Solr 注入漏洞

Source
https://github.com/thelostworldFree/CVE-2019-17558_Solr_Vul_Tool
Associated Vulnerability
Title:Apache Solr 注入漏洞 (CVE-2019-17558)
Description:Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
Description
CVE-2019-17558 Solr模板注入漏洞图形化一键检测工具。CVE-2019-17558 Solr Velocity Template Vul POC Tool.
Readme
# Solr Velocity模板注入漏洞检测工具
## 工具介绍
19年10月底爆出了Solr Velocity模板注入远程命令执行漏洞,人工检测该漏洞需burp抓包改包来回好几次,效率较低,写了这个小工具,支持一键检测漏洞、执行命令、反弹shell,欢迎提issue。该工具仅限安全从业者在法律法规允许的范围内使用,违规使用后果自负。


## 运行环境
跨平台,JRE>=1.8。

(为精简文件大小,单独为每个平台打包SWT库,下载对应平台jar即可)

## 运行方式
win:java -jar SolrVulScan1.0-win64.jar

linux:java -jar SolrVulScan1.0-linux64.jar

mac:java -jar -XstartOnFirstThread SolrVulScan1.0-mac64.jar

## 运行截图
#### 检测漏洞
![](https://github.com/SDNDTeam/SolrVulScan/raw/master/screenshot/p1.PNG "检测漏洞")
#### 执行命令
![](https://github.com/SDNDTeam/SolrVulScan/raw/master/screenshot/p2.PNG "执行命令")
#### 反弹shell
![](https://github.com/SDNDTeam/SolrVulScan/raw/master/screenshot/p3.PNG "反弹shell")
#### 反弹成功
![](https://github.com/SDNDTeam/SolrVulScan/raw/master/screenshot/p3-2.jpg "反弹成功")

## 漏洞修复
请及时前往官方网站下载最新版本,网址:http://lucene.apache.org/solr/downloads.html
File Snapshot

 [4.0K]  /data/pocs/671b44f83aacf2f01b4f7bf8bdcd7c8ee1ab781c
├── [1.2K]  README.md
├── [4.0K]  screenshot
│   ├── [ 64K]  p1.PNG
│   ├── [ 56K]  p2.PNG
│   ├── [ 36K]  p3-2.jpg
│   └── [ 59K]  p3.PNG
├── [2.7M]  SolrVulScan1.0-linux64.jar
├── [2.5M]  SolrVulScan1.0-mac64.jar
└── [2.8M]  SolrVulScan1.0-win64.jar

1 directory, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →