POC详情: 37fe6c593380b16c83b56f775c0209e927e6c3f1

来源
https://github.com/Tai-e/CVE-2021-44228
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability
介绍
<div align="center">
  <img src="https://raw.githubusercontent.com/pascal-lab/Tai-e/master/tai-e-logo.png" height="200">

# Tai-e for CVE-2021-44228

</div>

This a sample project that utilizes [Tai-e](https://github.com/pascal-lab/tai-e) to identify Log4Shell (a.k.a. CVE-2021-44228) vulnerability and its trigger paths

Related video (in Chinese): https://www.bilibili.com/video/BV1dV411F781

## Getting started

Clone this repository via Git:

```
git clone https://github.com/Tai-e/CVE-2021-44228.git
```

Run the following command in your terminal:

```
./gradlew run
```

Check the `taint-flow-graph.dot` and `tai-e.log` in the output directory `./output` for the results.

Optional: you could use the following command to transform the dot file to svg file in the `./output` directory

```
dot -Tsvg -o taint-flow-graph.svg taint-flow-graph.dot
```


---

This repo based on the [Tai-e Template][template].

[template]: https://github.com/Tai-e/Tai-e-Template
文件快照

 [4.0K]  /data/pocs/37fe6c593380b16c83b56f775c0209e927e6c3f1
├── [ 572]  build.gradle.kts
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 62K]  gradle-wrapper.jar
│       └── [ 250]  gradle-wrapper.properties
├── [8.4K]  gradlew
├── [2.8K]  gradlew.bat
├── [4.0K]  java-benchmarks
│   ├── [4.0K]  JREs
│   │   └── [4.0K]  jre1.8
│   │       ├── [3.0M]  charsets.jar
│   │       ├── [ 94K]  jce.jar
│   │       ├── [1.8M]  jsse.jar
│   │       ├── [ 376]  management-agent.jar
│   │       ├── [   0]  openjdk-1.8.0_312.txt
│   │       ├── [3.4M]  resources.jar
│   │       └── [ 62M]  rt.jar
│   ├── [4.0K]  log4j
│   │   └── [4.0K]  2.14.0
│   │       ├── [294K]  log4j-api-2.14.0.jar
│   │       ├── [1.7M]  log4j-core-2.14.0.jar
│   │       ├── [ 728]  options.yml
│   │       ├── [1.2K]  refl.log
│   │       ├── [ 804]  Server.class
│   │       ├── [ 382]  Server.java
│   │       ├── [1.4K]  taint-config.yml
│   │       └── [429K]  taint-flow-graph-highlighted.svg
│   └── [ 185]  README.md
├── [ 967]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  org
                └── [4.0K]  example
                    └── [ 218]  MyMain.java

12 directories, 23 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。