POC详情: 0fa82417f8c77a683c827e9ba938cd065465e0c0

来源
https://github.com/xsultan/log4jshield
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Log4j Shield - fast ⚡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
介绍
<h1 align="center">
	<img src="https://i.ibb.co/0hLdyRV/logo.png" alt="Log4j Shield" width="50%"></a>
  <br>
</h1>

<p align="center">
	<a href="https://github.com/xsultan/log4jshield"><img src="https://img.shields.io/badge/release-v1-brightgreen?style=flat" alt=""></a> <a href="https://github.com/xsultan/log4jshield/stargazers"><img src="https://img.shields.io/github/stars/xsultan/log4jshield.svg?style=flat" alt=""></a> <a href="https://github.com/xsultan/log4jshield/network/members"><img src="https://img.shields.io/github/forks/xsultan/log4jshield?style=flat" alt=""></a> <a href="https://github.com/xsultan/log4jshield/issues"><img src="https://img.shields.io/github/issues/xsultan/log4jshield.svg?style=flat" alt=""></a> <a href="https://github.com/xsultan/log4jshield/"><img src="https://img.shields.io/github/repo-size/xsultan/log4jshield.svg?style=flat" alt=""></a> <a href="https://github.com/xsultan/log4jshield/blob/master/LICENSE"><img src="https://img.shields.io/github/license/adilsoybali/Log4j-RCE-Scanner.svg?style=flat" alt=""></a> <a href="https://github.com/xsultan/log4jshield/commits/main"><img src="https://img.shields.io/github/last-commit/xsultan/log4jshield" alt="GitHub last commit"></a></p>

<p align="center">
	<a href="https://github.com/xsultan/log4jshield#Demo">Demo</a> •
<a href="https://github.com/xsultan/log4jshield#Features">Features</a> • <a href="https://github.com/xsultan/log4jshield#Requirements">Requirements</a> • <a href="https://github.com/xsultan/log4jshield#Installation">Installation</a> • <a href="https://github.com/xsultan/log4jshield#Usage">Usage</a> • <a href="https://github.com/xsultan/log4jshield#Contributing">Contributing</a> •
<a href="https://github.com/xsultan/log4jshield#Contact">Contact</a></p>


# Log4j Shield - fast ⚡, scalable and easy to use finder and patcher

### No Log4j vulnerability left behind

You can use this tool to scan for all JAR files affected by Apache Log4J vulnerability CVE-2021-44228 and patch them on the fly.

> [Affected versions < 2.15.0](https://logging.apache.org/log4j/2.x/security.html)

## Features

- Scan for the vulnerability within your system regardless of the naming convention of the library.
- Deep scan for the vulnerability within nested libraries, compressed and concatenated libraries.
- Creates a report of all Java ARchives (JAR), WAR, EAR, and AAR within your system or directory, the reports will contain the safe (for asset management) and vulnerable JARs.
- Blazing fast ⚡, scalable and easy to use, (a system with more than 20k JARs takes about 3 mins)

## Demo

[![demo](https://asciinema.org/a/458122.svg)](https://asciinema.org/a/458122)

## Requirements

1. Nothing, just grab the script that's suitable for your system.

## Installation

1.  `git clone https://github.com/xsultan/log4jshield.git`
2.  `cd log4jshield`
3.  `chmod +x log4jshield.sh`
4.  If you'd like to make it callable move the script to your `bin` folder:
    `export PATH=$PATH:$(cd -)/log4jshield.sh`

## Usage

1. Navigate to your desired directory or go to your root path by typing `cd /`
2. Then run the tool

   ./log4jshield.sh

This will start scanning for all the JARs, then it will generate a report which will be created in the same path you ran the tool at.

## Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

1.  Fork the Project
2.  Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
3.  Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
4.  Push to the Branch (`git push origin feature/AmazingFeature`)
5.  Open a Pull Request

## Contact

[![Email](https://img.shields.io/static/v1?style=for-the-badge&message=Email&color=EA4335&logo=Gmail&logoColor=FFFFFF&label=)](mailto:sultansaw@gmail.com) [![Linkedin](https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge&logo=linkedin&logoColor=white)](https://linkedin.com/in/xsultan) [![Twitter](https://img.shields.io/badge/Twitter-1DA1F2?style=for-the-badge&logo=twitter&logoColor=white)](https://twitter.com/xsultan)
文件快照

 [4.0K]  /data/pocs/0fa82417f8c77a683c827e9ba938cd065465e0c0
├── [3.3K]  log4jshield.sh
└── [4.3K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。