Could be fun red/blue team exercise. Just watch out for those
cryptominors that get in through Solr injection (among many other
unsecured methods) and are a real pain to remove.
Regards,
Alex.
P.s. Don't ask me how I know :-(
P.p.s. Read-only docker container may still be a good layer of defenc
Welp. Never mind I refer back to point #1 this is a bad idea
> On Oct 8, 2020, at 3:01 PM, Alexandre Rafalovitch wrote:
>
> The update handlers are now implicitly defined (3 or 4 of them). So,
> it actually needs to be explicitly shadowed and overridden with other
> Noop handler. And block Con
The update handlers are now implicitly defined (3 or 4 of them). So,
it actually needs to be explicitly shadowed and overridden with other
Noop handler. And block Config API to avoid attackers creating new
handlers.
Regards,
Alex.
On Thu, 8 Oct 2020 at 14:54, David Hastings wrote:
>
> Well th
Well that’s why I suggested deleting the update handler :)
> On Oct 8, 2020, at 2:52 PM, Walter Underwood wrote:
>
> Let me know where it is and I’ll delete all the documents in your collection.
> It is easy, just one HTTP request.
>
> https://gist.github.com/nz/673027/313f70681daa985ea13ba33a
Let me know where it is and I’ll delete all the documents in your collection.
It is easy, just one HTTP request.
https://gist.github.com/nz/673027/313f70681daa985ea13ba33a385753aef951a0f3
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
> On Oct 8, 2020, a
I think there were past discussions about people doing but they really
really knew what they were doing from a security perspective, not just
Solr one.
You are increasing your risk factor a lot, so you need to think
through this. What are you protecting and what are you exposing. Are
you trying to
It is like opening a database to the Internet - you simply don’t do it and I
don’t recommend it.
If you despite the anti pattern want to do it use the latest Solr versions and
put a reverse proxy in front. Always use authentication and authorization. Do
only allow a minimal API endpoints and
#1. This is a HORRIBLE IDEA
#2 If I was going to do this I would destroy the update request handler as well
as the entire admin ui from the solr instance, set up a replication from a
secure solr instance on an interval. This way no one could send an update
/delete command, you could still update
