POC详情: 238a41ae275b88af4bd8833ee38424b677ee3310

来源
https://github.com/jrocia/Search-log4Jvuln-AppScanSTD
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
This Pwsh script run AppScan Standard scans against a list of web sites (URLs.txt) checking for Log4J (CVE-2021-44228) vulnerability
介绍
# Search log4J vuln using AppScan Standard and a list of websites
This Powershell script run AppScan Standard scans against a list of web sites (URLs.txt) checking just for Log4J (CVE-2021-44228) vulnerability.

Structure of project:<br>
![image](https://user-images.githubusercontent.com/69405400/149555665-a4659326-b3a2-491b-b7d7-30c52769071f.png)

After run the script, it will read each line in URLs.txt and start scanning for Log4J (CVE-2021-44228) vulnerability.<br>
![image](https://user-images.githubusercontent.com/69405400/149555808-75893e5e-9ef1-48cf-8321-c6386ecbfa04.png)

After finish each scan, it will write in Log4J_Result_Analysis.txt the result.<br>
![image](https://user-images.githubusercontent.com/69405400/149566662-ae7429cf-c82e-4352-b2bc-513a0a9b2109.png)

Each scan file is in Scan folder and you can open it in AppScan Standard to see details about the vulnerability.<br>
![image](https://user-images.githubusercontent.com/69405400/149566834-0acd4eb4-0c7f-4b99-9655-035fb7553d62.png)
文件快照

 [4.0K]  /data/pocs/238a41ae275b88af4bd8833ee38424b677ee3310
├── [4.0K]  Log4J_Scan
│   ├── [4.0K]  policy
│   │   └── [1.2K]  Log4J.policy
│   ├── [4.0K]  report
│   │   └── [   1]  delete.txt
│   ├── [4.0K]  scan
│   │   └── [   1]  delete.txt
│   ├── [2.2K]  Start_Scan.ps1
│   └── [  52]  URLs.txt
└── [1011]  README.md

4 directories, 6 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。