漏洞平台

POC详情： 4866674f2ed1864ec4b9ec78b13dbcd5929e482d

来源

https://github.com/uint0/cve-2021-44228-helpers

关联漏洞

标题： Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述：Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

介绍

# CVE-2021-44228 Helpers

Helpers, examples, and exploits for cve-2021-44228. Associated blog post: https://blog.uint0.dev/cve-2021-44228/

## Helpers

### Echo chamber

`cd echochamber`

Logs input via log4j.

**Build**: `./gradlew build`

**Run**: `./gradlew run --console=plain`

### Ldap Exfil Server

`cd ldap-listener`

Ldap server that logs requests to allow for exfiltration

**Build**: `pip install -r requirements.txt`

**Run**: `python3 listener.py <port>`


## Vulnerable applications

### Spring Hibernate

`cd spring-hibernate-ex`

A sample app using Spring and Hibernate that's vulnerable to RMI deserialization.

**Build**: `./gradlew build`

**Run**: `./gradlew bootRun`


### Class Inclusion

`cd class-inclusion-ex`

A sample app with `com.sun.jndi.ldap.object.trustURLCodebase=true` thats vulnerable to class inclusion

**Build**: `./gradlew build`

**Run**: `./gradlew run --console=plain`

## Exploits

### Exploit Class Inclusion

`cd exploit-class-inclusion`

Simple instructions on how to exploit class inclusion.

### Exploit RMI Deserialization

`cd exploit-rmi-deserialization`

Simple on how to exploit RMI Deserialization for the `spring-hibernate-ex` example.

## Troubleshooting

Everything was tested with java 11 (`sdk use java 11.0.11.j9-adpt`).

文件快照


 [4.0K]  /data/pocs/4866674f2ed1864ec4b9ec78b13dbcd5929e482d
├── [4.0K]  class-inclusion-ex
│   ├── [4.0K]  app
│   │   ├── [ 951]  build.gradle
│   │   └── [4.0K]  src
│   │       └── [4.0K]  main
│   │           └── [4.0K]  java
│   │               └── [4.0K]  class_inclusion_ex
│   │                   └── [ 965]  App.java
│   ├── [4.0K]  gradle
│   │   └── [4.0K]  wrapper
│   │       ├── [ 58K]  gradle-wrapper.jar
│   │       └── [ 202]  gradle-wrapper.properties
│   ├── [7.9K]  gradlew
│   ├── [2.7K]  gradlew.bat
│   └── [ 382]  settings.gradle
├── [4.0K]  echochamber
│   ├── [4.0K]  app
│   │   ├── [ 946]  build.gradle
│   │   └── [4.0K]  src
│   │       └── [4.0K]  main
│   │           └── [4.0K]  java
│   │               └── [4.0K]  echochamber
│   │                   └── [ 635]  Echo.java
│   ├── [4.0K]  gradle
│   │   └── [4.0K]  wrapper
│   │       ├── [ 58K]  gradle-wrapper.jar
│   │       └── [ 202]  gradle-wrapper.properties
│   ├── [7.9K]  gradlew
│   ├── [2.7K]  gradlew.bat
│   └── [ 375]  settings.gradle
├── [4.0K]  exploit-class-inclusion
│   └── [1001]  README.md
├── [4.0K]  exploit-rmi-deserialization
│   └── [ 936]  README.md
├── [4.0K]  ldap-listener
│   ├── [ 874]  listener.py
│   └── [ 349]  requirements.txt
├── [1.3K]  README.md
└── [4.0K]  spring-hibernate-ex
    ├── [ 806]  build.gradle
    ├── [ 269]  Dockerfile
    ├── [4.0K]  gradle
    │   └── [4.0K]  wrapper
    │       ├── [ 58K]  gradle-wrapper.jar
    │       └── [ 202]  gradle-wrapper.properties
    ├── [7.9K]  gradlew
    ├── [2.7K]  gradlew.bat
    ├── [1.2K]  HELP.md
    ├── [  34]  settings.gradle
    └── [4.0K]  src
        └── [4.0K]  main
            ├── [4.0K]  java
            │   └── [4.0K]  dev
            │       └── [4.0K]  uint0
            │           └── [4.0K]  pocs
            │               └── [4.0K]  cve202144228
            │                   ├── [ 332]  Cve202144228Application.java
            │                   └── [ 561]  IndexController.java
            └── [4.0K]  resources
                └── [   1]  application.properties

30 directories, 30 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。