支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:570

57.0%
立即捐款
一、 漏洞 CVE-2021-44228 基础信息
漏洞信息
                                        # Apache Log4j2 JNDI特性不保护针对攻击者控制的LDAP和其他JNDI相关终端

## 漏洞概述
Apache Log4j2 在某些版本中,其 JNDI 功能未保护攻击者控制的 LDAP 和其他 JNDI 相关端点,导致任意代码执行漏洞。该漏洞在日志消息或日志消息参数受到攻击者控制时可以被利用。

## 影响版本
- Apache Log4j2 2.0-beta9 至 2.15.0(不包括安全版本 2.12.2、2.12.3 和 2.3.1)

## 漏洞细节
- 当消息查找替换开启时,攻击者可通过控制日志消息或参数利用 JNDI 功能加载和执行任意代码。
- 从 2.15.0 版本开始,默认情况下,JNDI 功能已禁用。
- 从 2.16.0 版本开始(包括2.12.2、2.12.3 和 2.3.1),该功能已被完全移除。
- 这个漏洞只影响 `log4j-core`,不涉及 `log4net`、`log4cxx` 或其他 Apache 日志服务项目。

## 影响
- 允许攻击者在日志系统中执行任意代码。
- 可能导致系统被完全控制,导致严重的安全问题。
神龙判断

是否为 Web 类漏洞:

判断理由:

是。这个漏洞存在于Apache Log4j2服务端中,尤其是2.0-beta9到2.15.0版本(不包括安全版本2.12.2、2.12.3和2.3.1)。当配置、日志消息或参数中使用了JNDI功能,并且消息查找替换启用时,如果攻击者能够控制日志消息或日志消息参数,那么就可以通过LDAP等JNDI相关端点执行任意代码。从2.15.0版本开始,这一行为默认被禁用。而从2.16.0版本(包括2.12.2、2.12.3和2.3.1)开始,此功能已被完全移除。该漏洞仅影响log4j-core,不影响log4net、log4cxx等其他Apache Logging Services项目。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
可信数据的反序列化
来源:美国国家漏洞数据库 NVD
漏洞标题
Apache Log4j 代码问题漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
代码问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-44228 的公开POC
#POC 描述源链接神龙链接
1Apache Log4j 远程代码执行https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-RcePOC详情
2Patch up CVE-2021-44228 for minecraft forge 1.7.10 - 1.12.2https://github.com/Glease/HealerPOC详情
3This tool patches the CVE-2021-44228 Log4J vulnerability present in all minecraft versions NOTE THIS TOOL MUST BE RE-RUN after downloading or updating versions of minecraft as its not a perminent patchhttps://github.com/jacobtread/L4J-Vuln-PatchPOC详情
4Remote Code Injection In Log4jhttps://github.com/jas502n/Log4j2-CVE-2021-44228POC详情
5Log4j-RCE (CVE-2021-44228) Proof of Concept with additional informationhttps://github.com/HyCraftHD/Log4J-RCE-Proof-Of-ConceptPOC详情
6一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-44228) defense.https://github.com/boundaryx/cloudrasp-log4j2POC详情
7Apache Log4j 2 a remote code execution vulnerability via the ldap JNDI parser.https://github.com/dbgee/CVE-2021-44228POC详情
8A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)https://github.com/CreeperHost/Log4jPatcherPOC详情
9CVE-2021-44228 fixhttps://github.com/DragonSurvivalEU/RCEPOC详情
10Deploys an agent to fix CVE-2021-44228 (Log4j RCE vulnerability) in a running JVM processhttps://github.com/simonis/Log4jPatchPOC详情
11A small server for verifing if a given java program is succeptibel to CVE-2021-44228https://github.com/zlepper/CVE-2021-44228-Test-ServerPOC详情
12Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).https://github.com/christophetd/log4shell-vulnerable-appPOC详情
13A script that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers.https://github.com/NorthwaveSecurity/log4jcheckPOC详情
14Vulnerable to CVE-2021-44228. trustURLCodebase is not required.https://github.com/nkoneko/VictimAppPOC详情
15Patch Pulsar Docker images with Log4J 2.17.1 update to mitigate Apache Log4J Security Vulnerabilities including Log4Shellhttps://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228POC详情
16Apache Log4j2 RCE( CVE-2021-44228)验证环境https://github.com/1in9e/Apache-Log4j2-RCEPOC详情
17vulnerability POChttps://github.com/KosmX/CVE-2021-44228-examplePOC详情
18Vulnerability CVE-2021-44228 checkerhttps://github.com/greymd/CVE-2021-44228POC详情
19Hashes for vulnerable LOG4J versionshttps://github.com/mubix/CVE-2021-44228-Log4Shell-HashesPOC详情
20CVE-2021-44228 server-side fix for minecraft servers.https://github.com/OopsieWoopsie/mc-log4j-patcherPOC详情
21Nonehttps://github.com/wheez-y/CVE-2021-44228-kustoPOC详情
22Mitigation for Log4Shell Security Vulnerability CVE-2021-44228 https://github.com/izzyacademy/log4shell-mitigationPOC详情
23log4shell sample application (CVE-2021-44228)https://github.com/0xst4n/CVE-2021-44228-pocPOC详情
24Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreadinghttps://github.com/takito1812/log4j-detectPOC详情
25Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."https://github.com/winnpixie/log4noshellPOC详情
26CVE-2021-44228 DFIR Noteshttps://github.com/Azeemering/CVE-2021-44228-DFIR-NotesPOC详情
27🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass trickshttps://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-wordsPOC详情
28A Proof-Of-Concept for the CVE-2021-44228 vulnerability. https://github.com/kozmer/log4j-shell-pocPOC详情
29Buildpack providing a workaround for CVE-2021-44228 (Log4j RCE exploit)https://github.com/alexandreroman/cve-2021-44228-workaround-buildpackPOC详情
30Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJamhttps://github.com/Adikso/minecraft-log4j-honeypotPOC详情
31Nonehttps://github.com/racoon-rac/CVE-2021-44228POC详情
32Nonehttps://github.com/TheArqsz/CVE-2021-44228-PoCPOC详情
33Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside fileshttps://github.com/1lann/log4shelldetectPOC详情
34Log4j2 CVE-2021-44228 复现和回显利用https://github.com/binganao/Log4j2-RCEPOC详情
35A short demo of CVE-2021-44228https://github.com/phoswald/sample-ldap-exploitPOC详情
36A minimalistic LDAP server that is meant for test vulnerability to JNDI+LDAP injection attacks in Java, especially CVE-2021-44228.https://github.com/rakutentech/jndi-ldap-test-serverPOC详情
37CVE-2021-44228 POC - Spring / Hibernatehttps://github.com/uint0/cve-2021-44228--spring-hibernatePOC详情
38Fixes CVE-2021-44228 in log4j by patching JndiLookup classhttps://github.com/saharNooby/log4j-vulnerability-patcher-agentPOC详情
39CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networkshttps://github.com/f0ng/log4j2burpscannerPOC详情
40Nonehttps://github.com/M1ngGod/CVE-2021-44228-Log4j-lookup-RcePOC详情
41Nonehttps://github.com/byteboycn/CVE-2021-44228-Apache-Log4j-RcePOC详情
42Log4Shell CVE-2021-44228 mitigation testerhttps://github.com/lhotari/log4shell-mitigation-testerPOC详情
43A Nuclei Template for Apache Log4j RCE (CVE-2021-44228) Detection with WAF Bypass Payloadshttps://github.com/toramanemre/log4j-rce-detect-waf-bypassPOC详情
44Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228https://github.com/logpresso/CVE-2021-44228-ScannerPOC详情
45Nonehttps://github.com/vorburger/Log4j_CVE-2021-44228POC详情
46Test the CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228https://github.com/gauthamg/log4j2021_vul_testPOC详情
47Nonehttps://github.com/b-abderrahmane/CVE-2021-44228-playgroundPOC详情
48List of company advisories log4jhttps://github.com/leetxyz/CVE-2021-44228-AdvisoriesPOC详情
49Content to help the community responding to the Log4j Vulnerability Log4Shell CVE-2021-44228https://github.com/cado-security/log4shellPOC详情
50Log4j-RCE (CVE-2021-44228) Proof of Concepthttps://github.com/WYSIIWYG/Log4J_0day_RCEPOC详情
51A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228https://github.com/MKhazamipour/log4j-vulnerable-app-cve-2021-44228-terraformPOC详情
52Public IoCs about log4j CVE-2021-44228https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCsPOC详情
53CVE-2021-44228https://github.com/zzzz0317/log4j2-vulnerable-spring-appPOC详情
54Simple demo of CVE-2021-44228https://github.com/datadavev/test-44228POC详情
55Небольшой мод направленный на устранение уязвимости CVE-2021-44228https://github.com/LemonCraftRu/JndiRemoverPOC详情
56Apache Log4j CVE-2021-44228 漏洞复现https://github.com/zhangxvx/Log4j-Rec-CVE-2021-44228POC详情
57Detections for CVE-2021-44228 inside of nested binarieshttps://github.com/darkarnium/Log4j-CVE-DetectPOC详情
58Nonehttps://github.com/chilliwebs/CVE-2021-44228_ExamplePOC详情
59This enforces signatures for CVE-2021-44228 across all policies on a BIG-IP ASM devicehttps://github.com/irgoncalves/f5-waf-enforce-sig-CVE-2021-44228POC详情
60docker compose solution to run a vaccine environment for the log4j2 vulnerability CVE-2021-44228https://github.com/jeffbryner/log4j-docker-vaccinePOC详情
61A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIChttps://github.com/mergebase/log4j-detectorPOC详情
62A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell).https://github.com/unlimitedsola/log4j2-rce-pocPOC详情
63CVE-2021-44228,log4j2 burp插件 Java版本,dnslog选取了非dnslog.cn域名https://github.com/Jeromeyoung/log4j2burpscannerPOC详情
64An agent to hotpatch the log4j RCE from CVE-2021-44228.https://github.com/corretto/hotpatch-for-apache-log4j2POC详情
65An All-In-One Pure Python PoC for CVE-2021-44228https://github.com/alexandre-lavoie/python-log4rcePOC详情
66Nonehttps://github.com/RedDrip7/Log4Shell_CVE-2021-44228_related_attacks_IOCsPOC详情
67Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAPhttps://github.com/mzlogin/CVE-2021-44228-DemoPOC详情
68Script to apply official workaround for VMware vCenter log4j vulnerability CVE-2021-44228https://github.com/blake-fm/vcenter-log4jPOC详情
69log4j2漏洞复现https://github.com/creamIcec/CVE-2021-44228-Apache-Log4j-Rce__reviewPOC详情
70Nonehttps://github.com/uint0/cve-2021-44228-helpersPOC详情
71CVE-2021-44228(Apache Log4j Remote Code Execution)https://github.com/RK800-DEV/apache-log4j-pocPOC详情
72CVE-2021-44228https://github.com/sud0x00/log4j-CVE-2021-44228POC详情
73Nonehttps://github.com/DiCanio/CVE-2021-44228-docker-examplePOC详情
74Nonehttps://github.com/mute1997/CVE-2021-44228-researchPOC详情
75Log4J CVE-2021-44228 Minecraft PoChttps://github.com/myyxl/cve-2021-44228-minecraft-pocPOC详情
76An awesome curated list of repos for CVE-2021-44228. ``Apache Log4j 2``https://github.com/RrUZi/Awesome-CVE-2021-44228POC详情
77Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :) https://github.com/future-client/CVE-2021-44228POC详情
78Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)https://github.com/CodeShield-Security/Log4JShell-Bytecode-DetectorPOC详情
79Poc of log4j2 (CVE-2021-44228)https://github.com/Crane-Mocker/log4j-pocPOC详情
80Scan systems and docker images for potential log4j vulnerabilities. Able to patch (remove JndiLookup.class) from layered archives. Will detect in-depth (layered archives jar/zip/tar/war and scans for vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105). Binaries for Windows, Linux and OsX, but can be build on each platform supported by supported Golang.https://github.com/dtact/divd-2021-00038--log4j-scannerPOC详情
81Sample log4j shell exploithttps://github.com/kali-dass/CVE-2021-44228-log4ShellPOC详情
82Nonehttps://github.com/pravin-pp/log4j2-CVE-2021-44228POC详情
83IP addresses exploiting recent log4j2 vulnerability CVE-2021-44228 https://github.com/Malwar3Ninja/Exploitation-of-Log4j2-CVE-2021-44228POC详情
84Dockerized Go app for testing the CVE-2021-44228 vulnerabilityhttps://github.com/urholaukkarinen/docker-log4shellPOC详情
85Python script that sends CVE-2021-44228 log4j payload requests to url listhttps://github.com/ssl/scan4log4jPOC详情
86Mitigate log4shell (CVE-2021-44228) vulnerability attacks using Nginx LUA scripthttps://github.com/infiniroot/nginx-mitigate-log4shellPOC详情
87Nonehttps://github.com/lohanichaten/log4j-cve-2021-44228POC详情
88Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability https://github.com/authomize/log4j-log4shell-affectedPOC详情
89Known IoCs for log4j framework vulnerability https://github.com/guardicode/CVE-2021-44228_IoCsPOC详情
90CVE-2021-44228 test demohttps://github.com/fireflyingup/log4j-pocPOC详情
91Nonehttps://github.com/qingtengyun/cve-2021-44228-qingteng-patchPOC详情
92A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.https://github.com/nccgroup/log4j-jndi-be-gonePOC详情
93Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patchPOC详情
94A micro lab for CVE-2021-44228 (log4j)https://github.com/tasooshi/horrors-log4shellPOC详情
95An evil RMI server that can launch an arbitrary command. May be useful for CVE-2021-44228https://github.com/Hydragyrum/evil-rmi-serverPOC详情
96Spring Boot Log4j - CVE-2021-44228 Docker Lab https://github.com/twseptian/spring-boot-log4j-cve-2021-44228-docker-labPOC详情
97Check list of URLs against Log4j vulnerability CVE-2021-44228https://github.com/OlafHaalstra/log4jcheckPOC详情
98A tool to analyze the log files from minecraft to scan potential security risks from the CVE-2021-44228 Log4J library exploit. https://github.com/psychose-club/SaturnPOC详情
99Nonehttps://github.com/Panyaprach/Proof-CVE-2021-44228POC详情
100Log4j RCE - (CVE-2021-44228)https://github.com/momos1337/Log4j-RCEPOC详情
101Mitigate against log4j vulnerabilityhttps://github.com/palominoinc/cve-2021-44228-log4j-mitigationPOC详情
102A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shellhttps://github.com/cyberxml/log4j-pocPOC详情
103Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)https://github.com/corneacristian/Log4J-CVE-2021-44228-RCEPOC详情
104Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)https://github.com/Diverto/nse-log4shellPOC详情
105pythonic pure python RCE exploit for CVE-2021-44228 log4shellhttps://github.com/dotPY-hax/log4pyPOC详情
106CVE-2021-44228 (Log4Shell) Proof of Concepthttps://github.com/sunnyvale-it/CVE-2021-44228-PoCPOC详情
107Nonehttps://github.com/maxant/log4j2-CVE-2021-44228POC详情
108fail2ban filter that catches attacks againts log4j CVE-2021-44228https://github.com/atnetws/fail2ban-log4jPOC详情
109Some files for red team/blue team investigations into CVE-2021-44228https://github.com/kimobu/cve-2021-44228POC详情
110Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.https://github.com/KainsRache/anti-jndiPOC详情
111log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和burp内置DNS、可配合JNDIExploit生成payloadhttps://github.com/bigsizeme/Log4j-checkPOC详情
112This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).https://github.com/pedrohavay/exploit-CVE-2021-44228POC详情
113Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routeshttps://github.com/0xRyan/log4j-nullroutePOC详情
114OpenIOC rules to facilitate hunting for indicators of compromisehttps://github.com/fireeye/CVE-2021-44228POC详情
115A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 https://github.com/fullhunt/log4j-scanPOC详情
116a fast check, if your server could be vulnerable to CVE-2021-44228https://github.com/rubo77/log4j_checker_betaPOC详情
117Scanner for Log4j RCE CVE-2021-44228https://github.com/thecyberneh/Log4j-RCE-ExploiterPOC详情
118CVE-2021-44228https://github.com/halibobor/log4j2POC详情
119Using code search to help fix/mitigate log4j CVE-2021-44228https://github.com/sourcegraph/log4j-cve-code-search-resourcesPOC详情
120Log4J CVE-2021-44228 : Mitigation Cheat Sheethttps://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832POC详情
121Nonehttps://github.com/helsecert/CVE-2021-44228POC详情
122CVE-2021-44228 log4j mitigation using aws wafv2 with ansiblehttps://github.com/markuman/aws-log4j-mitigationsPOC详情
123A lab for playing around with the Log4J CVE-2021-44228https://github.com/tuyenee/Log4shellPOC详情
124Log4j Remote Code Injection (Apache Log4j 2.x < 2.15.0-rc2)https://github.com/JiuBanSec/Log4j-CVE-2021-44228POC详情
125Log4Shell Docker Envhttps://github.com/ycdxsb/Log4Shell-CVE-2021-44228-ENVPOC详情
126This repository contains a script that you can run on your (windows) machine to mitigate CVE-2021-44228https://github.com/avwolferen/Sitecore.Solr-log4j-mitigationPOC详情
127Simple tool for scanning entire directories for attempts of CVE-2021-44228https://github.com/kek-Sec/log4j-scanner-CVE-2021-44228POC详情
128Research into the implications of CVE-2021-44228 in Spring based applications.https://github.com/Camphul/log4shell-spring-framework-researchPOC详情
129CVE-2021-4428 复现https://github.com/lov3r/cve-2021-44228-log4j-exploitsPOC详情
130simple python scanner to check if your network is vulnerable to CVE-2021-44228https://github.com/sinakeshmiri/log4jScanPOC详情
131Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth.https://github.com/0xDexter0us/Log4J-ScannerPOC详情
132Nonehttps://github.com/LutziGoz/Log4J_Exploitation-Vulnerabiliy__CVE-2021-44228POC详情
133This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.https://github.com/0xsyr0/Log4ShellPOC详情
134log4j2 CVE-2021-44228 POChttps://github.com/1hakusai1/log4j-rce-CVE-2021-44228POC详情
135CVE-2021-44228 - Apache log4j RCE quick testhttps://github.com/jeffli1024/log4j-rce-testPOC详情
136Nonehttps://github.com/zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-ServicePOC详情
137Log4j CVE-2021-44228 examples: Remote Code Execution (through LDAP, RMI, ...), Forced DNS queries, ...https://github.com/manuel-alvarez-alvarez/log4j-cve-2021-44228POC详情
138Mass recognition tool for CVE-2021-44228https://github.com/VNYui/CVE-2021-44228POC详情
139Nonehttps://github.com/flxhaas/Scan-CVE-2021-44228POC详情
140Mass Check Vulnerable Log4j CVE-2021-44228https://github.com/justakazh/Log4j-CVE-2021-44228POC详情
141This tool creates a custom signature set on F5 WAF and apply to policies in blocking modehttps://github.com/irgoncalves/f5-waf-quick-patch-cve-2021-44228POC详情
142Some tools to help mitigating Apache Log4j 2 CVE-2021-44228https://github.com/madCdan/JndiLookupPOC详情
143A singular file to protect as many Minecraft servers and clients as possible from the Log4j exploit (CVE-2021-44228).https://github.com/Koupah/MC-Log4j-PatcherPOC详情
144Apply class remove process from ear/war/jar/zip archive, see https://logging.apache.org/log4j/2.x/https://github.com/AlexandreHeroux/Fix-CVE-2021-44228POC详情
145demo project to highlight how to execute the log4j (CVE-2021-44228) vulnerabilityhttps://github.com/kossatzd/log4j-CVE-2021-44228-testPOC详情
146Nonehttps://github.com/tobiasoed/log4j-CVE-2021-44228POC详情
147log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)https://github.com/hackinghippo/log4shell_ioc_ipsPOC详情
148log4j version 1 with a patch for CVE-2021-44228 vulnerabilityhttps://github.com/p3dr16k/log4j-1.2.15-modPOC详情
149Find Log4Shell CVE-2021-44228 on your systemhttps://github.com/claranet/ansible-role-log4shellPOC详情
150Nonehttps://github.com/taurusxin/CVE-2021-44228POC详情
151Log4j Exploit Detection Logic for Zeekhttps://github.com/corelight/cve-2021-44228POC详情
152CVE-2021-44228https://github.com/rodfer0x80/log4j2-prosecutorPOC详情
153Log4Shell A test for CVE-2021-44228https://github.com/yanghaoi/CVE-2021-44228_Log4ShellPOC详情
154Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.https://github.com/lfama/log4j_checkerPOC详情
155Public IOCs about log4j CVE-2021-44228https://github.com/threatmonit/Log4j-IOCsPOC详情
156Compiling links of value i find regarding CVE-2021-44228https://github.com/ben-smash/l4j-infoPOC详情
157Demonstration of CVE-2021-44228 with a possible strategic fix.https://github.com/strawhatasif/log4j-testPOC详情
158Nmap Log4Shell NSE script for discovery Apache Log4j RCE (CVE-2021-44228)https://github.com/giterlizzi/nmap-log4shellPOC详情
159Nonehttps://github.com/tica506/Siem-queries-for-CVE-2021-44228POC详情
160The goal of this project is to demonstrate the log4j cve-2021-44228 exploit vulnerability in a spring-boot setup, and to show how to fix it.https://github.com/chilit-nl/log4shell-examplePOC详情
161Bash and PowerShell scripts to scan a local filesystem for Log4j .jar files which could be vulnerable to CVE-2021-44228 aka Log4Shell.https://github.com/Occamsec/log4j-checkerPOC详情
162Just a personal proof of concept of CVE-2021-44228 on log4j2https://github.com/snatalius/log4j2-CVE-2021-44228-poc-localPOC详情
163Professional Service scripts to aid in the identification of affected Java applications in TeamServerhttps://github.com/Contrast-Security-OSS/CVE-2021-44228POC详情
164PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logshttps://github.com/back2root/log4shell-rexPOC详情
165Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046https://github.com/alexbakker/log4shell-toolsPOC详情
166Find log4j for CVE-2021-44228 on some places * Log4Shellhttps://github.com/perryflynn/find-log4jPOC详情
167Scan your logs for CVE-2021-44228 related activity and report the attackershttps://github.com/5l1v3r1/jndiRepPOC详情
168Sample docker-compose setup to show how this exploit workshttps://github.com/alpacamybags118/log4j-cve-2021-44228-samplePOC详情
169Demo project to evaluate Log4j2 Vulnerability | CVE-2021-44228https://github.com/sandarenu/log4j2-issue-checkPOC详情
170Nonehttps://github.com/roticagas/CVE-2021-44228-DemoPOC详情
171Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreadinghttps://github.com/Woahd/log4j-urlscannerPOC详情
172Log4j2 CVE-2021-44228 revshell, ofc it suck!!https://github.com/faisalfs10x/Log4j2-CVE-2021-44228-revshellPOC详情
173Some siimple checks to see if JAR file is vulnerable to CVE-2021-44228https://github.com/gcmurphy/chk_log4jPOC详情
174A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.https://github.com/0xInfection/LogMePwnPOC详情
175A Nuclei template for Apache Solr affected by Apache Log4J CVE-2021-44228https://github.com/toramanemre/apache-solr-log4j-CVE-2021-44228POC详情
176Check CVE-2021-44228 vulnerabilityhttps://github.com/codiobert/log4j-scannerPOC详情
177Little recap of the log4j2 remote code execution (CVE-2021-44228)https://github.com/cbuschka/log4j2-rce-recapPOC详情
178Endpoint to test CVE-2021-44228 – Log4j 2https://github.com/andrii-kovalenko-celonis/log4j-vulnerability-demoPOC详情
179On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short.https://github.com/jan-muhammad-zaidi/Log4j-CVE-2021-44228POC详情
180Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)https://github.com/fox-it/log4j-finderPOC详情
181Details : CVE-2021-44228https://github.com/34zY/JNDI-Exploit-1.2-log4shellPOC详情
182Nonehttps://github.com/didoatanasov/cve-2021-44228POC详情
183The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell.https://github.com/ReynerGonzalez/Security-Log4J-TesterPOC详情
184CVE-2021-44228https://github.com/ShaneKingBlog/org.shaneking.demo.cve.y2021.s44228POC详情
185Repo containing all info, scripts, etc. related to CVE-2021-44228https://github.com/wortell/log4jPOC详情
186Nonehttps://github.com/municipalparkingservices/CVE-2021-44228-ScannerPOC详情
187Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228https://github.com/BinaryDefense/log4j-honeypot-flaskPOC详情
188Tools for investigating Log4j CVE-2021-44228https://github.com/MalwareTech/Log4jToolsPOC详情
189A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks.https://github.com/mufeedvh/log4jailPOC详情
190Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)https://github.com/guerzon/log4shellpocPOC详情
191Nonehttps://github.com/ab0x90/CVE-2021-44228_PoCPOC详情
192Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)https://github.com/stripe/log4j-remediation-toolsPOC详情
193Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcherhttps://github.com/xsultan/log4jshieldPOC详情
194CVE-2021-44228 Response Scriptshttps://github.com/0xThiebaut/CVE-2021-44228POC详情
195Scanners for Jar files that may be vulnerable to CVE-2021-44228https://github.com/CERTCC/CVE-2021-44228_scannerPOC详情
196Nonehttps://github.com/CrackerCat/CVE-2021-44228-Log4j-PayloadsPOC详情
197Fast filesystem scanner for CVE-2021-44228https://github.com/dbzoo/log4j_scannerPOC详情
198Aims to find JndiLookup.class in nearly any directory or zip, jar, ear, war file, even deeply nested.https://github.com/jeremyrsellars/CVE-2021-44228_scannerPOC详情
199Quick Deploy to show case cve-2021-44228https://github.com/JustinDPerkins/C1-WS-LOG4SHELLPOC详情
200Log4J Updater Bash Script to automate the framework update process on numerous machines and prevent the CVE-2021-44228https://github.com/VinniMarcon/Log4j-UpdaterPOC详情
201This project is just to show Apache Log4j2 Vulnerability - aka CVE-2021-44228https://github.com/bhprin/log4j-vulPOC详情
202Nonehttps://github.com/avirahul007/CVE-2021-44228POC详情
203A playground for poking at the Log4Shell (CVE-2021-44228) vulnerability mitigationshttps://github.com/rgl/log4j-log4shell-playgroundPOC详情
204A one-stop repo/ information hub for all log4j vulnerability-related information.https://github.com/anuvindhs/how-to-check-patch-secure-log4j-CVE-2021-44228POC详情
205Identifying all log4j components across all windows servers, entire domain, can be multi domain. CVE-2021-44228https://github.com/KeysAU/Get-log4j-Windows.ps1POC详情
206Apache Log4j Zero Day Vulnerability aka Log4Shell aka CVE-2021-44228https://github.com/kubearmor/log4j-CVE-2021-44228POC详情
207Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228https://github.com/jyotisahu98/logpresso-CVE-2021-44228-ScannerPOC详情
208This repository is designed to be a collection of resources to learn about, detect and mitigate the impact of the Log4j vulnerability - more formally known as CVE-2021-44228 and CVE-2021-45046 (mirror from GitLab.com)https://github.com/gitlab-de/log4j-resourcesPOC详情
209An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.https://github.com/redhuntlabs/Log4JHuntPOC详情
210Test case to check if the Log4Shell/CVE-2021-44228 hotfix will raise any unexpected exceptionshttps://github.com/mss/log4shell-hotfix-side-effectPOC详情
211Nonehttps://github.com/111coding/log4j_temp_CVE-2021-44228POC详情
212A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)https://github.com/MeterianHQ/log4j-vuln-coverage-checkPOC详情
213fix cve 44228 for windowshttps://github.com/sebiboga/jmeter-fix-cve-2021-44228-windowsPOC详情
214we are providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account. The script enables security teams to identify external-facing AWS assets by running the exploit on them, and thus be able to map them and quickly patch themhttps://github.com/mitiga/log4shell-cloud-scannerPOC详情
215A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228 https://github.com/isuruwa/Log4jPOC详情
216Data we are receiving from our honeypots about CVE-2021-44228https://github.com/honeynet/log4shell-dataPOC详情
217Scans for Log4j versions effected by CVE-2021-44228https://github.com/inettgmbh/checkmk-log4j-scannerPOC详情
218CVE-2021-44228 demo webapphttps://github.com/b1tm0n3r/CVE-2021-44228POC详情
219Nonehttps://github.com/VerveIndustrialProtection/CVE-2021-44228-Log4jPOC详情
220An automated header extensive scanner for detecting log4j RCE CVE-2021-44228https://github.com/alenazi90/log4jPOC详情
221Very simple Ansible playbook that scan filesystem for JAR files vulnerable to Log4Shellhttps://github.com/pmontesd/log4j-cve-2021-44228POC详情
222Small example repo for looking into log4j CVE-2021-44228https://github.com/LiveOverflow/log4shellPOC详情
223Nonehttps://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agentPOC详情
224Dockerized honeypot for CVE-2021-44228.https://github.com/michaelsanford/Log4Shell-HoneypotPOC详情
225A honeypot for the Log4Shell vulnerability (CVE-2021-44228).https://github.com/thomaspatzke/Log4PotPOC详情
226A Remote Code Execution PoC for Log4Shell (CVE-2021-44228)https://github.com/ubitech/cve-2021-44228-rce-pocPOC详情
227This script is used to perform a fast check if your server is possibly affected by CVE-2021-44228 (the log4j vulnerability).https://github.com/rv4l3r3/log4v-vuln-checkPOC详情
228log4j vulnerability wrapper scanner for CVE-2021-44228https://github.com/dpomnean/log4j_scanner_wrapperPOC详情
229This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rcehttps://github.com/roxas-tan/CVE-2021-44228POC详情
230log4shell (CVE-2021-44228) scanning toolhttps://github.com/shamo0/CVE-2021-44228POC详情
231Log4j漏洞(CVE-2021-44228)的Burpsuite检测插件https://github.com/snow0715/log4j-Scan-BurpsuitePOC详情
232CVE-2021-44228 vulnerability in Apache Log4j library | Log4j vulnerability scanner on Windows machines.https://github.com/Joefreedy/Log4j-Windows-ScannerPOC详情
233Detect and fix log4j log4shell vulnerability (CVE-2021-44228)https://github.com/Nanitor/log4fixPOC详情
234Simple bash script to scan multiples url for log4j vulnerability (CVE-2021-44228)https://github.com/Gyrfalc0n/scanlist-log4jPOC详情
235Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)https://github.com/korteke/log4shell-demoPOC详情
236Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228 https://github.com/recanavar/vuln_spring_log4j2POC详情
237Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTimePOC详情
238Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 e CVE-2021-44832)https://github.com/andalik/log4j-filescanPOC详情
239CVE-2021-44228-Apache-Log4jhttps://github.com/lonecloud/CVE-2021-44228-Apache-Log4jPOC详情
240Log4Shell CVE-2021-44228 Vulnerability Scanner and POChttps://github.com/gyaansastra/CVE-2021-44228POC详情
241log4j mitigation workhttps://github.com/axisops/CVE-2021-44228POC详情
242Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URLs with multithreadinghttps://github.com/kal1gh0st/MyLog4ShellPOC详情
243Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.https://github.com/hozyx/log4shellPOC详情
244Log4J checker for Apache CVE-2021-44228https://github.com/andypitcher/Log4J_checkerPOC详情
245Nonehttps://github.com/Vulnmachines/log4j-cve-2021-44228POC详情
246Nonehttps://github.com/kannthu/CVE-2021-44228-Apache-Log4j-RcePOC详情
247Log4Shell Proof of Concept (CVE-2021-44228)https://github.com/Kr0ff/CVE-2021-44228POC详情
248Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shellhttps://github.com/suuhm/log4shell4shellPOC详情
249Test exploit of CVE-2021-44228https://github.com/wajda/log4shell-test-exploitPOC详情
250A lab demonstration of the log4shell vulnerability: CVE-2021-44228https://github.com/obscuritylabs/log4shell-poc-labPOC详情
251Script - Workaround instructions to address CVE-2021-44228 in vCenter Server https://github.com/Fazmin/vCenter-Server-Workaround-Script-CVE-2021-44228POC详情
252PoC RCE Log4j CVE-2021-4428 para pruebashttps://github.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCEPOC详情
253Nonehttps://github.com/rohankumardubey/CVE-2021-44228_scannerPOC详情
254Log4Shell mitigation (CVE-2021-44228) - search and remove JNDI class from *log4j*.jar files on the system with Powershell (Windows)https://github.com/sysadmin0815/Fix-Log4j-PowershellScriptPOC详情
255Log4j2 Vulnerability (CVE-2021-44228)https://github.com/RenYuH/log4j-lookups-vulnerabilityPOC详情
256Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)https://github.com/scheibling/py-log4shellscannerPOC详情
257Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazionehttps://github.com/zaneef/CVE-2021-44228POC详情
258Scan your IP network and determine hosts with possible CVE-2021-44228 vulnerability in log4j library.https://github.com/metodidavidovic/log4j-quick-scanPOC详情
259A collection of IOCs for CVE-2021-44228 also known as Log4Shellhttps://github.com/WatchGuard-Threat-Lab/log4shell-iocsPOC详情
260Provide patched version of Log4J against CVE-2021-44228 and CVE-2021-45046 as well as a script to manually patch it yourselfhttps://github.com/Aschen/log4j-patchedPOC详情
261A simple simulation of the infamous CVE-2021-44228 issue.https://github.com/Nikolas-Charalambidis/cve-2021-44228POC详情
262CVE-2021-44228https://github.com/m0rath/detect-log4j-exploitablePOC详情
263Nonehttps://github.com/nu11secur1ty/CVE-2021-44228-VULN-APPPOC详情
264Docker images and k8s YAMLs for Log4j Vulnerability POC (Log4j (CVE-2021-44228 RCE Vulnerability)https://github.com/ankur-katiyar/log4j-dockerPOC详情
265This project will help to test the Log4j CVE-2021-44228 vulnerability.https://github.com/immunityinc/Log4j-JNDIServerPOC详情
266can find, analyse and patch Log4J files because of CVE-2021-44228, CVE-2021-45046https://github.com/DANSI/PowerShell-Log4J-ScannerPOC详情
267A scanning suite to find servers affected by the log4shell flaw (CVE-2021-44228) with example to test ithttps://github.com/suniastar/scan-log4shellPOC详情
268An attempt to understand the log4j vulnerability by looking through the codehttps://github.com/shivakumarjayaraman/log4jvulnerability-CVE-2021-44228POC详情
269Self-contained lab environment that runs the exploit safely, all from docker composehttps://github.com/j3kz/CVE-2021-44228-PoCPOC详情
270A fun activity using a packet capture file from the log4j exploit (CVE-2021-44228)https://github.com/Apipia/log4j-pcap-activityPOC详情
271Log4Shell (CVE-2021-44228) docker labhttps://github.com/axelcurmi/log4shell-docker-labPOC详情
272This is a showcase how the Log4J vulnerability (CVE-2021-44228) could be explored. This code is safe to run, but understand what it does and how it works!https://github.com/otaviokr/log4j-2021-vulnerability-studyPOC详情
273Nonehttps://github.com/kkyehit/log4j_CVE-2021-44228POC详情
274An Inspec profile to check for Log4j CVE-2021-44228 and CVE-2021-45046https://github.com/trickyearlobe/inspec-log4jPOC详情
275Vulnerability analysis, patch management and exploitation tool forCVE-2021-44228 / CVE-2021-45046 / CVE-2021-4104https://github.com/TheInterception/Log4J-Simulation-ToolPOC详情
276Identifying all log4j components across on local windows servers. CVE-2021-44228https://github.com/KeysAU/Get-log4j-Windows-localPOC详情
277Demo to show how Log4Shell / CVE-2021-44228 vulnerability workshttps://github.com/mschmnet/Log4Shell-demoPOC详情
278A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228https://github.com/Rk-000/Log4j_scan_AdvancePOC详情
279Exploiting CVE-2021-44228 in vCenter for remote code execution and more. https://github.com/puzzlepeaches/Log4jCenterPOC详情
280A Proof of Concept of the Log4j vulnerabilities (CVE-2021-44228) over Java-RMIhttps://github.com/Labout/log4shell-rmi-pocPOC详情
281a project written in go and java i abandoned for CVE-2021-44228 try to fix it if you can XDhttps://github.com/TotallyNotAHaxxer/f-for-javaPOC详情
282log4j2 Log4Shell CVE-2021-44228 proof of concepthttps://github.com/spasam/log4j2-exploitPOC详情
283Nonehttps://github.com/bumheehan/cve-2021-44228-log4j-testPOC详情
284A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorkshttps://github.com/JagarYousef/log4j-dork-scannerPOC详情
285Shell script to remove JndiLookup class from Log4J 2 jar file, inside WAR file, in order to mitigate CVE-2021-44228, a.k.a., #Log4Shellhttps://github.com/dmitsuo/log4shell-war-fixerPOC详情
286log4j2 RCE漏洞(CVE-2021-44228)内网扫描器,可用于在不出网的条件下进行漏洞扫描,帮助企业内部快速发现Log4jShell漏洞。https://github.com/Y0-kan/Log4jShell-ScanPOC详情
287Script en bash que permite identificar la vulnerabilidad Log4j CVE-2021-44228 de forma remota.https://github.com/julian911015/Log4j-Scanner-ExploitPOC详情
288Nonehttps://github.com/intel-xeon/CVE-2021-44228---detection-with-PowerShellPOC详情
289Windows Batch Scrip to Fix the log4j-issue-CVE-2021-44228https://github.com/chandru-gunasekaran/log4j-fix-CVE-2021-44228POC详情
290Java application vulnerable to CVE-2021-44228https://github.com/erickrr-bd/TekiumLog4jAppPOC详情
291Vulnerable web application to test CVE-2021-44228 / log4shell and forensic artifacts from an example attackhttps://github.com/snapattack/damn-vulnerable-log4j-appPOC详情
292Scan and patch tool for CVE-2021-44228 and related log4j concerns. https://github.com/sassoftware/loguccinoPOC详情
293相关的复现和文档https://github.com/xx-zhang/apache-log4j2-CVE-2021-44228POC详情
294Python script to detect Log4Shell Vulnerability CVE-2021-44228https://github.com/r00thunter/Log4Shell-ScannerPOC详情
295POC for CVE-2021-44228 within Springboothttps://github.com/mn-io/log4j-spring-vuln-pocPOC详情
296Log4j2 CVE-2021-44228 hack demo for a springboot apphttps://github.com/rejupillai/log4j2-hack-springbootPOC详情
297Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)https://github.com/lucab85/log4j-cve-2021-44228POC详情
298Log4Shell Demo with AWShttps://github.com/BabooPan/Log4Shell-CVE-2021-44228-DemoPOC详情
299A Smart Log4Shell/Log4j/CVE-2021-44228 Scannerhttps://github.com/ossie-git/log4shell_sentinelPOC详情
300Generic Scanner for Apache log4j RCE CVE-2021-44228https://github.com/r00thunter/Log4ShellPOC详情
301CVE-2021-44228-FIX-JARShttps://github.com/asyzdykov/cve-2021-44228-fix-jarsPOC详情
302Log4j 2 (CVE-2021-44228) vulnerability scanner for Windows OShttps://github.com/BJLIYANLIANG/log4j-scannerPOC详情
303Proof of Concept of apache log4j LDAP lookup vulnerability. CVE-2021-44228https://github.com/badb33f/Apache-Log4j-POCPOC详情
304open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerabilityhttps://github.com/TaroballzChen/CVE-2021-44228-log4jVulnScanner-metasploitPOC详情
305Ansible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).https://github.com/lucab85/ansible-role-log4shellPOC详情
306general purpose workaround for the log4j CVE-2021-44228 vulnerabilityhttps://github.com/grimch/log4j-CVE-2021-44228-workaroundPOC详情
307A Proof-Of-Concept Exploit for CVE-2021-44228 vulnerability.https://github.com/cybersecurityworks553/log4j-shell-cswPOC详情
308CVE-2021-44228 检查工具https://github.com/Toolsec/log4j-scanPOC详情
309Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more.https://github.com/puzzlepeaches/Log4jUnifiPOC详情
310Log4j2 CVE-2021-44228 Vulnerability POC in Apache Tomcathttps://github.com/many-fac3d-g0d/apache-tomcat-log4jPOC详情
311PoC for CVE-2021-44228.https://github.com/marcourbano/CVE-2021-44228POC详情
312Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell.https://github.com/bsigouin/log4shell-vulnerable-appPOC详情
313this repository contains a POC of CVE-2021-44228 (log4j2shell) as part of a security researchhttps://github.com/ToxicEnvelope/XSYS-Log4J2Shell-ExPOC详情
314Regra ModSec para proteção log4j2 - CVE-2021-44228https://github.com/felipe8398/ModSec-log4j2POC详情
315CVE-2021-44228https://github.com/ceyhuncamli/Log4j_Attacker_IPListPOC详情
316Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4jhttps://github.com/mazhar-hassan/log4j-vulnerabilityPOC详情
317IOCs for CVE-2021-44228https://github.com/cungts/VTI-IOCs-CVE-2021-44228POC详情
318Log4Shell (Cve-2021-44228) Proof Of Concepthttps://github.com/s-retlaw/l4s_pocPOC详情
319Nonehttps://github.com/Ravid-CheckMarx/CVE-2021-44228-Apache-Log4j-Rce-mainPOC详情
320log4j-paylaod generator : A generic payload generator for Apache log4j RCE CVE-2021-44228https://github.com/yesspider-hacker/log4j-payload-generatorPOC详情
321Quick and dirty scanner, hitting common ports looking for Log4Shell (CVE-2021-44228) vulnerabilityhttps://github.com/LinkMJB/log4shell_scannerPOC详情
322A tool for detect&exploit vmware product log4j(cve-2021-44228) vulnerability.Support VMware HCX/vCenter/NSX/Horizon/vRealize Operations Managerhttps://github.com/NS-Sp4ce/Vm4JPOC详情
323A spigot plugin to fix CVE-2021-44228 Log4j remote code execution vulnerability, to protect Minecraft clients.https://github.com/PoneyClairDeLune/LogJackFixPOC详情
324Presents how to exploit CVE-2021-44228 vulnerability.https://github.com/MarceloLeite2604/log4j-vulnerabilityPOC详情
325This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, known as log4shell.https://github.com/romanutti/log4shell-vulnerable-appPOC详情
326Log4j Vulnerability Scannerhttps://github.com/marklindsey11/-CVE-2021-44228_scanner-Applications-that-are-vulnerable-to-the-log4j-CVE-2021-44228-https-nvd.POC详情
327Log4j-Scannerhttps://github.com/marklindsey11/gh-repo-clone-marklindsey11--CVE-2021-44228_scanner-Applications-that-are-vulnerable-to-the-log4j-CVPOC详情
328Log4j2 LDAP 취약점 테스트 (CVE-2021-44228)https://github.com/mklinkj/log4j2-testPOC详情
329Searchable page for CISA Log4j (CVE-2021-44228) Affected Vendor & Software Listhttps://github.com/4jfinder/4jfinder.github.ioPOC详情
330Nonehttps://github.com/alexpena5635/CVE-2021-44228_scanner-main-Modified-POC详情
331A vulnerable web app for log4j2 RCE(CVE-2021-44228) exploit test.https://github.com/kanitan/log4j2-web-vulnerablePOC详情
332Backdoor detection for VMware viewhttps://github.com/mr-r3b00t/CVE-2021-44228POC详情
333A simple program to demonstrate how Log4j vulnerability can be exploited ( CVE-2021-44228 ) https://github.com/ChandanShastri/Log4j_Vulnerability_DemoPOC详情
334Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.https://github.com/puzzlepeaches/Log4jHorizonPOC详情
335Log4jshell - CVE-2021-44228https://github.com/Vulnmachines/log4jshell_CVE-2021-44228POC详情
336CVE-2021-44228https://github.com/mr-vill4in/log4j-fuzzerPOC详情
337A vulnerable Java based REST API for demonstrating CVE-2021-44228 (log4shell).https://github.com/nix-xin/vuln4japiPOC详情
338This Log4j RCE exploit originated from https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rcehttps://github.com/maximofernandezriera/CVE-2021-44228POC详情
339Démo du fonctionnement de log4shell (CVE-2021-44228)https://github.com/jxerome/log4shellPOC详情
340Nonehttps://github.com/solitarysp/Log4j-CVE-2021-44228POC详情
341Script to create a log4j (CVE-2021-44228) exploit with support for different methods of getting a reverse shellhttps://github.com/atlassion/log4j-exploit-builderPOC详情
342Fix: CVE-2021-44228 4LOGJhttps://github.com/atlassion/RS4LOGJ-CVE-2021-44228POC详情
343This work includes testing and improvement tools for CVE-2021-44228(log4j).https://github.com/sdogancesur/log4j_github_repositoryPOC详情
344This Pwsh script run AppScan Standard scans against a list of web sites (URLs.txt) checking for Log4J (CVE-2021-44228) vulnerabilityhttps://github.com/jrocia/Search-log4Jvuln-AppScanSTDPOC详情
345A Java application intentionally vulnerable to CVE-2021-44228https://github.com/aajuvonen/log4stdinPOC详情
346Static detection of vulnerable log4j librairies on Windows servers, members of an AD domain.https://github.com/arnaudluti/PS-CVE-2021-44228POC详情
347POC for Infamous Log4j CVE-2021-44228https://github.com/ColdFusionX/CVE-2021-44228-Log4Shell-POCPOC详情
348Testing WAF protection against CVE-2021-44228 Log4Shellhttps://github.com/robrankin/cve-2021-44228-waf-testsPOC详情
349vulnerable setup to display an attack chain of log4j CVE-2021-44228 with privilege escalation to root using the polkit exploit CVE-2021-4034https://github.com/0xalwayslucky/log4j-polkit-pocPOC详情
350PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)https://github.com/y-security/yLog4jPOC详情
351This repository is for Log4j 2021 (CVE-2021-44228) Vulnerability demonstration and mitigation.https://github.com/FeryaelJustice/Log4ShellPOC详情
352Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts. Supporting cooki3 script as the main exploit tools & integrationhttps://github.com/hotpotcookie/CVE-2021-44228-white-boxPOC详情
353Rust implementation of the Log 4 Shell (log 4 j - CVE-2021-44228)https://github.com/s-retlaw/l4srsPOC详情
354A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228https://github.com/Ananya-0306/Log-4j-scannerPOC详情
355Springboot web application accepts a name get parameter and logs its value to log4j2. Vulnerable to CVE-2021-44228.https://github.com/paulvkitor/log4shellwithlog4j2_13_3POC详情
356HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228https://github.com/MiguelM001/vulescanjndilookupPOC详情
357Log4j2组件命令执行RCE / Code By:Jun_shenghttps://github.com/Jun-5heng/CVE-2021-44228POC详情
358Nonehttps://github.com/honypot/CVE-2021-44228POC详情
359Nonehttps://github.com/honypot/CVE-2021-44228-vuln-appPOC详情
360Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerabilityhttps://github.com/vulnerable-apps/log4shell-honeypotPOC详情
361A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046https://github.com/manishkanyal/log4j-scannerPOC详情
362CVE-2021-44228 Log4j Summaryhttps://github.com/TPower2112/Writing-Sample-1POC详情
363Nonehttps://github.com/Willian-2-0-0-1/Log4j-Exploit-CVE-2021-44228POC详情
364Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generatorPOC详情
365Log4Shell Proof-Of-Concept derived from https://github.com/kozmer/log4j-shell-pochttps://github.com/Phineas09/CVE-2021-44228POC详情
366CVE-2021-44228 vulnerability in Apache Log4j libraryhttps://github.com/hassaanahmad813/log4jPOC详情
367Nonehttps://github.com/yuuki1967/CVE-2021-44228-Apache-Log4j-RcePOC详情
368This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastructure-as-a-code means.https://github.com/moshuum/tf-log4j-aws-pocPOC详情
369Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)https://github.com/jaehnri/CVE-2021-44228POC详情
370Log4Shell CVE-2021-44228 Demohttps://github.com/ra890927/Log4Shell-CVE-2021-44228-DemoPOC详情
371A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228https://github.com/bughuntar/log4j-scanPOC详情
372:page_with_curl: A report about CVE-2021-44228https://github.com/vidrez/Ethical-Hacking-Report-Log4jPOC详情
373Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell vulnerability and how it works, how it affects the victim, and how can this be mitigatedhttps://github.com/vino-theva/CVE-2021-44228POC详情
374Nonehttps://github.com/tharindudh/tharindudh-Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228POC详情
375Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228https://github.com/eurogig/jankybankPOC详情
376This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their environment. It can target multiple machines and run remotely as a job on all or only affected devices.https://github.com/digital-dev/Log4j-CVE-2021-44228-RemediationPOC详情
377A Proof-Of-Concept for the CVE-2021-44228 vulnerability. https://github.com/ocastel/log4j-shell-pocPOC详情
378CVE-2021-44228 POC / Examplehttps://github.com/bcdunbar/CVE-2021-44228-pocPOC详情
379DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka "Log4Shell" https://github.com/srcporter/CVE-2021-44228POC详情
380Nonehttps://github.com/Nexolanta/log4j2_CVE-2021-44228POC详情
381Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string.https://github.com/demining/Log4j-VulnerabilityPOC详情
382CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J. https://github.com/pierpaolosestito-dev/Log4Shell-CVE-2021-44228-PoCPOC详情
383An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecrafthttps://github.com/Sma-Das/Log4j-PoCPOC详情
384CVE-2021-44228 https://github.com/heeloo123/CVE-2021-44228POC详情
385this web is vulnerable against CVE-2021-44228https://github.com/github-kyruuu/log4shell-vulnwebPOC详情
386A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105https://github.com/demonrvm/Log4ShellRemediationPOC详情
387💣💥💀 Proof of Concept: пример запуска fork-бомбы на удаленном сервере благодаря уязвимости CVE-2021-44228https://github.com/funcid/log4j-exploit-fork-bombPOC详情
388Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.https://github.com/MrHarshvardhan/PY-Log4j-RCE-ScannerPOC详情
389Nonehttps://github.com/Muhammad-Ali007/Log4j_CVE-2021-44228POC详情
390Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerabilityhttps://github.com/Tai-e/CVE-2021-44228POC详情
391Log4j Vulnerability RCE - CVE-2021-44228https://github.com/LucasPDiniz/CVE-2021-44228POC详情
392Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairshttps://github.com/felixslama/log4shell-minecraft-demoPOC详情
393this web is vulnerable against CVE-2021-44228https://github.com/sebuahapel/log4shell-vulnwebPOC详情
394Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604https://github.com/dcm2406/CVELabPOC详情
395Nonehttps://github.com/dcm2406/CVE-2021-44228POC详情
396this web is vulnerable against CVE-2021-44228https://github.com/s3buahapel/log4shell-vulnwebPOC详情
397Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604https://github.com/dcm2406/CVE-LabPOC详情
398jee web project with log4shell (CVE-2021-44228) vulnerabilityhttps://github.com/scabench/l4j-tp1POC详情
399jee web project with sanitised log4shell (CVE-2021-44228) vulnerabilityhttps://github.com/scabench/l4j-fp1POC详情
400A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228https://github.com/mkhazamipour/log4j-vulnerable-app-cve-2021-44228-terraformPOC详情
401this web is vulnerable against CVE-2021-44228https://github.com/53buahapel/log4shell-vulnwebPOC详情
402Log4Shell CVE Analysishttps://github.com/ItsCbass/CVE-2021-44228POC详情
403This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228).https://github.com/KtokKawu/l4s-vulnappPOC详情
404exploit CVE-2021-44228 https://github.com/sec13b/CVE-2021-44228-POCPOC详情
405CVE-2021-44228https://github.com/ShlomiRex/log4shell_labPOC详情
406Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack against a webserver using the Log4J vulnerability (CVE-2021-44228). I examined teh amount of endpoints communicating with the server and knowing jnidi as a common in the vulnerbilty found it in clear texthttps://github.com/KirkDJohnson/WiresharkPOC详情
407Nonehttps://github.com/YangHyperData/LOGJ4_PocShell_CVE-2021-44228POC详情
408Created after the disclosure of CVE-2021-44228. Bash script that detects Log4j occurrences in your projects and systems, allowing you to get insight on versions used. Unpacks JARs and analyses their Manifest files.https://github.com/mebibite/log4jhoundPOC详情
409Nonehttps://github.com/Panyaprach/Prove-CVE-2021-44228POC详情
410Nonehttps://github.com/c0d3cr4f73r/CVE-2021-44228POC详情
411On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We're calling it "Log4Shell" for short.https://github.com/dark-ninja10/Log4j-CVE-2021-44228POC详情
412IOCs for CVE-2021-44228https://github.com/xungzzz/VTI-IOCs-CVE-2021-44228POC详情
413Nonehttps://github.com/Hoanle396/CVE-2021-44228-demoPOC详情
414Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment.https://github.com/tadash10/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-EnvironmentPOC详情
415CVE-2021-44228 vulnerability studyhttps://github.com/asd58584388/CVE-2021-44228POC详情
416Nonehttps://github.com/OtisSymbos/CVE-2021-44228-Log4Shell-POC详情
417Log4J exploit CVE-2021-44228https://github.com/safeer-accuknox/log4j-shell-pocPOC详情
418A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorkshttps://github.com/cergo123/log4j-dork-scannerPOC详情
419Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.https://github.com/ph0lk3r/anti-jndiPOC详情
420log4shell sample application (CVE-2021-44228)https://github.com/Kadantte/CVE-2021-44228-pocPOC详情
421Nonehttps://github.com/rohan-flutterint/CVE-2021-44228_scannerPOC详情
422Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP.https://github.com/Carlos-Mesquita/TPASLog4ShellPoCPOC详情
423In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228), embedded within the widely-used Apache Log4j library. With a CVSS score of 10https://github.com/AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-POC详情
424这是安徽大学 “漏洞分析实验”(大三秋冬)期中作业归档。完整文档位于https://testgames.me/2024/11/10/cve-2021-44228/https://github.com/Super-Binary/cve-2021-44228POC详情
425Nonehttps://github.com/cve-2021-44228/cve-2021-44228POC详情
426Nonehttps://github.com/Sumitpathania03/LOG4J-CVE-2021-44228POC详情
427Nonehttps://github.com/JanICT/poc-ldap-cve-2021-44228POC详情
428Nonehttps://github.com/Kz0x-337/CVE-2021-44228POC详情
429调试环境https://github.com/ZacharyZcR/CVE-2021-44228POC详情
430CVE-2021-44228https://github.com/c3-h2/Log4j_Attacker_IPListPOC详情
431Nonehttps://github.com/qw3rtyou/CVE-2021-44228_dockernizePOC详情
432This repository provides an in-depth analysis of the Log4Shell vulnerability (CVE-2021-44228) and implements a machine learning-based approach to detect exploitation attempts in log data.https://github.com/yadavmukesh/Log4Shell-vulnerability-CVE-2021-44228-POC详情
433Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shellhttps://github.com/blackmidnig/log4shell-toolsPOC详情
434Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shellhttps://github.com/lustrouscave/log4shell-toolsPOC详情
435Nonehttps://github.com/wheezysec/CVE-2021-44228-kustoPOC详情
436Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shellhttps://github.com/surprisedmo/log4shell-toolsPOC详情
437CVE-2021-44228https://github.com/chihyeonwon/Log4shellPOC详情
438Nonehttps://github.com/Rainyseason-c/log4j2_CVE-2021-44228POC详情
439CVE-2021-44228https://github.com/mr-won/Log4shellPOC详情
440Spring Boot is susceptible to remote code execution via Apache Log4j.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/springboot/springboot-log4j-rce.yamlPOC详情
441Multiple Code42 components are impacted by the logj4 vulnerability. Affected Code42 components include: - Code42 cloud: Updated Log4j from 2.15.0 to 2.17.1 on January 26, 2022 - Code42 app for Incydr Basic and Advanced and CrashPlan Cloud product plans: Updated Log4j from 2.16.0 to 2.17.1 on January 18, 2022 - Code42 User Directory Sync (UDS): Updated Log4j from 2.15.0 to 2.17.1 on February 2, 2022 - On-premises Code42 server: Mitigated from Log4j vulnerabilities by following these steps - On-premises Code42 app: Updated to Log4j 2.16 on December 17, 2021 https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/code42/code42-log4j-rce.yamlPOC详情
442JamF is susceptible to remote code execution via the Apache log4j library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yamlPOC详情
443Ivanti MobileIron is susceptible to remote code execution via the Apache Log4j2 library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yamlPOC详情
444Sonicwall NSM is susceptible to Log4j JNDI remote code execution. SonicWall Network Security Manager (NSM) allows you to centrally orchestrate all firewall operations error-free, see and manage threats and risks across your firewall ecosystem from one place, and stay connected and compliant. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/sonicwall-nsm-log4j-rce.yamlPOC详情
445Apache Druid is vulnerable to RCE due to Log4j.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/apache-druid-log4j.yamlPOC详情
446UniFi Network Application is susceptible to a critical vulnerability in Apache Log4j (CVE-2021-44228) that may allow for remote code execution in an impacted implementation. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/unifi-network-log4j-rce.yamlPOC详情
447OpenShift is susceptible to Log4j JNDI remote code execution. OpenShift is a unified platform to build, modernize, and deploy applications at scale. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/openshift-log4j-rce.yamlPOC详情
448Jitsi Meet is susceptible to Log4j JNDI remote code execution. Jitsi is a collection of free and open-source multiplatform voice, video conferencing and instant messaging applications for the Web platforms. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/jitsi-meet-log4j-rce.yamlPOC详情
449Symantec SPEM is susceptible to Log4j JNDI remote code execution. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/symantec-sepm-log4j-rce.yamlPOC详情
450Citrix XenApp is susceptible to Log4j JNDI remote code execution. Citrix Virtual Apps is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server or cloud system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/citrix-xenapp-log4j-rce.yamlPOC详情
451Logstash is susceptible to Log4j JNDI remote code execution. Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite "stash." https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/logstash-log4j-rce.yamlPOC详情
452Papercut is susceptible to Log4j JNDI remote code execution. Papercut is a print management system. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/papercut-log4j-rce.yamlPOC详情
453Rundeck is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/rundeck-log4j.yamlPOC详情
454GoAnywhere Managed File Transfer is vulnerable to a remote command execution (RCE) issue via the included Apache Log4j.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yamlPOC详情
455Metabase is susceptible to remote code execution due to an incomplete patch in Apache Log4j 2.15.0 in certain non-default configurations. A remote attacker can pass malicious data and perform a denial of service attack, exfiltrate data, or execute arbitrary code.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/metabase-log4j.yamlPOC详情
456Splunk Enterprise is susceptible to Log4j JNDI remote code execution. Splunk Enterprise enables you to search, analyze and visualize your data to quickly act on insights from across your technology landscape. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/splunk-enterprise-log4j-rce.yamlPOC详情
457OpenNMS JNDI is susceptible to remote code execution via Apache Log4j 2.14.1 and before. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/opennms-log4j-jndi-rce.yamlPOC详情
458Seeyon OA is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/seeyon-oa-log4j.yamlPOC详情
459Elasticsearch 5 is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/elasticsearch5-log4j-rce.yamlPOC详情
460Graylog is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/graylog-log4j.yamlPOC详情
461Manage Engine Endpoint Central (formerly Desktop Central) is susceptible to Log4j JNDI remote code execution. Endpoint Central is a Unified Endpoint Management (UEM) & Endpoint protection suite that helps manage and secure various network devices https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/manage-engine-dc-log4j-rce.yamlPOC详情
462F-Secure Policy Manager is susceptible to Log4j JNDI remote code execution. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yamlPOC详情
463Pega is susceptible to Log4j JNDI remote code execution. Pega provides a powerful low-code platform that empowers the world's leading enterprises to Build for Change. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/pega-log4j-rce.yamlPOC详情
464XenMobile Server is an on-premises enterprise mobility management solution and versions 10.14 RP2, 10.13 RP5 and 10.12 RP10 are vulnerable to CVE-2021-44228 (Apache Log4j). JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/xenmobile-server-log4j.yamlPOC详情
465FortiPortal is susceptible to Log4j JNDI remote code execution. FortiPortal provides comprehensive security management and analytics within a multi-tenant, multi-tier management framework. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/fortiportal-log4j-rce.yamlPOC详情
466VMware Site Recovery Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yamlPOC详情
467Okta is susceptible to Log4j JNDI remote code execution. Okta provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, website web services and devices. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/okta-log4j-rce.yamlPOC详情
468Cisco vManage is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. More information is available in the cisco-sa-apache-log4j-qRuKNEbd advisory.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-vmanage-log4j.yamlPOC详情
469Cisco CloudCenter Suite is susceptible to remote code execution via the Apache Log4j library. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yamlPOC详情
470Cisco BroadWorks is susceptible to Log4j JNDI remote code execution. Cisco BroadWorks is an enterprise-grade calling and collaboration platform delivering unmatched performance, security and scale. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-broadworks-log4j-rce.yamlPOC详情
471Cisco WebEx is susceptible to Log4j JNDI remote code execution. Cisco WebEx provides web conferencing, videoconferencing and contact center as a service applications. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-webex-log4j-rce.yamlPOC详情
472Cisco Unified Communications is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-unified-communications-log4j.yamlPOC详情
473Apache OFBiz is affected by a remote code execution vulnerability in the bundled Apache Log4j logging library. Apache Log4j is vulnerable due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can exploit this, via a web request, to execute arbitrary code with the permission level of the running Java process. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yamlPOC详情
474Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. This vulnerability affects Solr 7+. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/apache-solr-log4j-rce.yamlPOC详情
475JamF is susceptible to Lof4j JNDI remote code execution. JamF is the industry standard when it comes to the management of iOS devices (iPhones and iPads), macOS computers (MacBooks, iMacs, etc.), and tvOS devices (Apple TV). https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yamlPOC详情
476VMware vRealize Operations is susceptible to a critical vulnerability in Apache Log4j which may allow remote code execution in an impacted vRealize Operations Tenant application. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yamlPOC详情
477VMware Operations Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yamlPOC详情
478VMware VCenter is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yamlPOC详情
479VMware NSX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-nsx-log4j.yamlPOC详情
480VMware HCX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-hcx-log4j.yamlPOC详情
481VMware Horizon is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yamlPOC详情
482Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44228.yamlPOC详情
483Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Log4j2%20lookup%20JNDI%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2021-44228.mdPOC详情
484https://github.com/vulhub/vulhub/blob/master/log4j/CVE-2021-44228/README.mdPOC详情
485CVE-2021-44228https://github.com/user20252228/Log4shellPOC详情
486Kiểm thử xâm nhập https://github.com/khaidtraivch/CVE-2021-44228-Log4Shell-POC详情
487Log4Shell (CVE-2021-44228) PoC Applicationhttps://github.com/NikitaPark/Log4Shell-PoC-ApplicationPOC详情
488CVE-2021-44228https://github.com/tpdlshdmlrkfmcla/Log4shellPOC详情
489The Web Is Vulnerable to CVE-2021-44228https://github.com/Fauzan-Aldi/Log4j-_VulnerabilityPOC详情
490Log4Shell (CVE-2021-44228) exploit demo for SEAS 8405. Includes a vulnerable Spring Boot app, fake LDAP server, Docker setup, MITRE mapping, incident response, and a full screen recording.https://github.com/SerpilRivas/log4shell-homework9POC详情
491CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 漏洞复现环境https://github.com/x1ongsec/CVE-2021-44228-Log4j-JNDIPOC详情
492Praktische Demonstration der Log4Shell-Sicherheitslücke (CVE-2021-44228)https://github.com/fabioeletto/hka-seminar-log4shellPOC详情
493Nonehttps://github.com/cuijiung/log4j-CVE-2021-44228POC详情
494Nonehttps://github.com/Alan-coder-eng/log4j-cve-2021-44228-POC详情
495A simple Log4j PoC written in Gohttps://github.com/Sorrence/CVE-2021-44228POC详情
496Log4Shell CVE-2021-44228 PoC https://github.com/moften/Log4ShellPOC详情
497Nonehttps://github.com/Rohan-flutterint/CVE-2021-44228_scannerPOC详情
498This repository documents how deployment of Microsoft Defender for Endpoint on a Windows 11 device, including onboarding via local script, enabling device discovery, configuring Log4j2 detection (CVE-2021-44228), and validating incident response workflows.https://github.com/KamalideenAK/Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-devicePOC详情
499Log4Shell (CVE-2021-44228) PoChttps://github.com/arabindadora/log4shellPOC详情
500Nonehttps://github.com/d4ngkh04w/CVE-2021-44228-Apache-Log4jPOC详情
501XenMobile Server is an on-premises enterprise mobility management solution and versions 10.14 RP2, 10.13 RP5 and 10.12 RP10 are vulnerable to CVE-2021-44228 (Apache Log4j). JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/xenmobile-server-log4j-rce.yamlPOC详情
502Apache Druid is vulnerable to RCE due to Log4j.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/apache-druid-log4j-rce.yamlPOC详情
503Nonehttps://github.com/d4ngkh04w/CVE-2021-44228-Apache-Log4j2POC详情
504Ivanti MobileIron is susceptible to remote code execution via the Apache Log4j2 library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/mobileiron/mobileiron-log4j-rce.yamlPOC详情
505VMware NSX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-nsx-log4j-rce.yamlPOC详情
506VMware VCenter is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-vcenter-log4j-rce.yamlPOC详情
507VMware Horizon is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-horizon-log4j-rce.yamlPOC详情
508VMware HCX is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-hcx-log4j-rce.yamlPOC详情
509VMware Operations Manager is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/vmware/vmware-operation-manager-log4j-rce.yamlPOC详情
510Cisco Unified Communications is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-unified-communications-log4j-rce.yamlPOC详情
511Cisco vManage is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. More information is available in the cisco-sa-apache-log4j-qRuKNEbd advisory.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/cisco/cisco-vmanage-log4j-rce.yamlPOC详情
512JamF is susceptible to remote code execution via the Apache log4j library. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/jamf/jamf-log4j-rce.yamlPOC详情
513OpenNMS JNDI is susceptible to remote code execution via Apache Log4j 2.14.1 and before. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/opennms-log4j-rce.yamlPOC详情
514Rundeck is susceptible to remote code execution via the Apache Log4j framework. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/rundeck-log4j-rce.yamlPOC详情
515Seeyon OA is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/seeyon-oa-log4j-rce.yamlPOC详情
516Graylog is susceptible to remote code execution via the Apache Log4j 2 library prior to 2.15.0 by recording its own log information, specifically with specially crafted values sent as user input. Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI-related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/graylog-log4j-rce.yamlPOC详情
517Metabase is susceptible to remote code execution due to an incomplete patch in Apache Log4j 2.15.0 in certain non-default configurations. A remote attacker can pass malicious data and perform a denial of service attack, exfiltrate data, or execute arbitrary code.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/metabase-log4j-rce.yamlPOC详情
518Apache Druid is vulnerable to RCE due to Log4j.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/apache/apache-druid-log4j-rce.yamlPOC详情
519Demo of CVE-2021-44228 Log4Shell.https://github.com/Mintimate/log4j2-bugmakerPOC详情
520CVE-2021-44228https://github.com/B1ack4sh/Blackash-CVE-2021-44228POC详情
521This repository contains my work for a cybersecurity assignment where I exploited the real-world Log4Shell (CVE-2021-44228) vulnerability inside a safe, controlled virtual machine. The project followed a Capture-the-Flag format with multiple exploitation tasks to retrieve hidden flags.https://github.com/mgueye3/Log4ShellPOC详情
522Technical deep dive into Apache Log4j2 JNDI injection vulnerability. Features static code analysis, patch comparison, attack vectors (LDAP/RMI/DNS), and enterprise mitigation guidance.https://github.com/PCMKUIT/CVE-2021-44228---Log4Shell-AnalysisPOC详情
三、漏洞 CVE-2021-44228 的情报信息
四、漏洞 CVE-2021-44228 的评论

暂无评论

发表评论