关联漏洞
描述
The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell.
介绍
# Security Log4J Tester
A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell.
## Dependencies
The locate is a command line utility for finding files by name in Linux, just like find command. However, it works more efficiently compared to its counterpart; it uses one or more databases populated by the updatedb program and prints file names matching at least one of the patterns (a user provides) to standard output.
Install the dependency:
```bash
sudo apt-get install locate
```
## Usage
Run this command in your Linux server:
```bash
wget https://raw.githubusercontent.com/ReynerGonzalez/Security-Log4J-Tester/main/security-log4j-tester.sh -q -O - | bash
```
## Documentation
[NIST CVE-2021-44228 Detail](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
## Authors
- [@reynergonzalez](https://www.github.com/reynergonzalezm)
## License
[MIT](https://choosealicense.com/licenses/mit/)
文件快照
[4.0K] /data/pocs/18b8b19d8055cddaf290997df5f0a2a4ba1fa30d
├── [1.0K] LICENSE
├── [1.1K] README.md
└── [ 659] security-log4j-tester.sh
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。