.. / CVE-2019-0193

Exploit for Apache Solr DataImportHandler <8.2.0 - Remote Code Execution (CVE-2019-0193)

Description:

Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request’s “dataConfig” parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.

Nuclei Template

View the template here CVE-2019-0193.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-0193.yaml

References:

https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E
https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
https://nvd.nist.gov/vuln/detail/CVE-2019-0193
https://paper.seebug.org/1009/
https://issues.apache.org/jira/browse/SOLR-13669

.. / CVE-2019-0193 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache Solr DataImportHandler <8.2.0 - Remote Code Execution (CVE-2019-0193)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-0193