关联漏洞
标题:Apache Solr 输入验证错误漏洞 (CVE-2020-13941)Description:Apache Solr是美国阿帕奇(Apache)软件基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr 8.6.0版本中存在安全漏洞。攻击者可利用该漏洞对Solr用户可访问的任意地址进行读写操作。
Description
CVE-2020-13941: Abusing UNC Paths in Windows Environments in Apache Solr
介绍
# CVE-2020-13941: Abusing UNC Paths in Windows Environments in Apache Solr
Multiple Solr endpoints have been found to accept absolute paths. In Windows systems these absolute path can be forced to make the OS connect to an attacker-controlled SMB server.
This behaviour may result in attacks such as:
- Capturing the NTLM hash and cracking it locally
- SMB Relay attack that can be used to authenticate to other SMB servers
**Note:** Although not in the scope of the CVE, post-authenticated this behavior can result in Remote Code Execution via Malicious Solr Config files:
- In Windows environments by serving the config remotely via SMB
- In Windows and Linux systems by writing the Solr Config in a location that is writable by anyone (e.g. C:\\Users\\Pubic\, /tmp/, etc.) and pointing the location of that core there via an absolute path
### Public Disclosures:
The vendor's disclosure and fix for this vulnerability can be found [here](https://solr.apache.org/news.html#cve-2020-13941-apache-solr-information-disclosure-vulnerability).
The MITRE disclosure for this vulnerability can be found [here](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13941).
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2020-13941/blob/main/Solr%20-%20CVE-2020-13941.pdf).
文件快照
[4.0K] /data/pocs/6ece746ce0de016876ba90fb12a69e0f094c20c9
├── [1.3K] README.md
└── [2.6M] Solr - CVE-2020-13941.pdf
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。