> For the complete documentation index, see [llms.txt](https://oklencodes.gitbook.io/untitled/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oklencodes.gitbook.io/untitled/offensive-security/solar-exploiting-log4j/discovery.md).

# Discovery

I explored the web interface accessible at **`http://10.10.75.171:8983`** and clicked around to get a feel for the application. For more detail on Apache Solr, please refer to their official website. <https://solr.apache.org/>

![http://10.10.75.171:8983](/files/cdzS74DlQY5mCBcwS3Ns)

This instance of Apache Solr is provisioned with no data whatsoever. It is a flat, vanilla, and absolutely minimum installation -- yet at its core it is still vulnerable to this CVE-2021-44228.

When navigating to [**`http://10.10.75.171:8983`**](http://10.10.75.171:8983/). I could see clear indicators that log4j is in use within the application for logging activity. **The `-Dsolr.log.dir` argument was set to,** /var/solr/logs

![solr logs](/files/EyDpIpTzhbt0j8jR9x4t)

The path/ URL endpoint that is indicated in these repeat entries are - **/admin/cores**

I also gathered from these log entries that there are some datapoints I could control as a user. Params={} field gave that away.
