Share 
## https://sploitus.com/exploit?id=9AF01895-A34B-5CA5-930D-B80DD72F0E1C
# Apache-Solr-RCE_CVE-2023-50386_POC  
Apache Solr Backup/Restore APIs RCE Poc (CVE-2023-50386)  

> Reference (In tribute to dalao):  
>  
> [CVE-2023-50386 Vulnerability author’s blog](https://l3yx.github.io/2024/02/10/Apache-Solr-Backup-Restore-APIs-RCE-CVE-2023-50386-%E5%88%86%E6%9E%90%E5%8F%8A%E6%8C%96%E6%8E%98%E6%80%9D%E8%B7%AF)  
>  
> [Java Security Manager bypass techniques](https://www.mi1k7ea.com/2020/05/03/%E6%B5%85%E6%9E%90Java%E6%B2%99%E7%AE%B1%E9%80%83%E9%80%B8/)  
>  
> [Bypass of reflection protection in JDK 17](https://pankas.top/2023/12/05/jdk17-%E5%8F%8D%E5%B0%84%E9%99%90%E5%88%B6%E7 BB%95%E8%BF%87)  
>  
> [Bypass of JNI functions](https://javasec.org/javase/JNI/)  
>  
> Vulnerability exploitation principles and considerations: https://mp.weixin.qq.com/s/mO4e8aiuL56yBdOD4jy2qQ  
>  
> The poc was written using [Pocsuite3](https://github.com/knownsec/pocsuite3); it can be run directly using the framework. If you don’t use the framework, you can also extract its core implementation.  
>  
> conf1.zip and conf2.zip can be used directly.  
>  
> If you need to test and compile them yourself, all Java exploits are included in the src folder, along with all the tests I used for evaluation.  
>  
> Poc execution results:  
> Verification:  
> ![image-1](./pics/verify.png)  
> Code execution:  
> ![image-2](./pics/attack.png)

[source-iocs-preserved url=https://pankas.top/2023/12/05/jdk17-%E5%8F%8D%E5%B0%84%E9%99%90%E5%88%B6%E7%BB%95%E8%BF%87]