POC详情: 49a064700d322620013acdd8b6be084160de7643

来源
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."
介绍
# Log4NoShell
A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) ("Log4Shell").

If possible, update your program to use the latest Log4J version, as the vulnerability is fixed as of version *2.17.1*.
Otherwise, download [log4noshell-0.5.jar](log4noshell-0.5.jar) and continue reading.

## Usage
To use Java Agents, you must specify them with the `-javaagent` argument. \
`java -javaagent:path/to/log4noshell-0.5.jar -jar Program.jar`

### **Minecraft**
Please read [Mojang's response](https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition)
to determine if you might need this patcher.

- Client:
    1. Go to the *Installations* tab in the launcher
    2. Click on the **three dots** on the **right** side of the version you'd like to use
    3. Click *Edit*
    4. Scroll down and click on *More Options*
    5. Add `-javaagent:path/to/log4noshell-0.5.jar` to the *JVM Arguments* text-field
        - `-javaagent:path/to/log4noshell-0.5.jar -Xms2G -Xms2G...`
    6. Click *Save*
- Server:
    1. Add `-javaagent:path/to/log4noshell-0.5.jar` somewhere before the `-jar` in your launch/start/run command
       - `java -javaagent:path/to/log4noshell-0.5.jar -jar minecraft_server.jar`
文件快照
 [4.0K]  /data/pocs/49a064700d322620013acdd8b6be084160de7643
├── [1.0K]  LICENSE
├── [178K]  log4noshell-0.5.jar
├── [2.7K]  pom.xml
├── [1.3K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  io
        │       └── [4.0K]  github
        │           └── [4.0K]  winnpixie
        │               └── [4.0K]  log4noshell
        │                   ├── [2.2K]  JndiLookupTransformer.java
        │                   └── [ 531]  Log4NoShellAgent.java
        └── [4.0K]  resources
            └── [4.0K]  META-INF
                └── [  86]  MANIFEST.MF

9 directories, 7 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。