POC详情: 5ecb628bea76d3d14a0fab3193eb0a32a2f5ecb7

来源
https://github.com/0xsyr0/Log4Shell
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.
介绍
## CVE-2021-44228: Log4j / Log4Shell Security Research Summary

<p align="center">
  <img width="300" height="300" src="images/log4shell_logo.png">
</p>

This repository contains all gathered resources we used during our Incident Reponse on CVE-2021-44228 and CVE-2021-45046 aka Log4Shell.

- [Threat Intel](threat-intel.md)
- [Mitigations / Fixes](mitigations-fixes.md)
- [Malware Reports](malware-reports.md)
- [Advisory](advisory.md)
- [IOCs / Callback Domains / IP Addresses](iocs-callback-domains-ip-addresses.md)
- [Honeypots](honeypots.md)
- [Payloads / Obfuscation / WAF Bypass](payloads-obfuscation-waf-bypass.md)
- [Vulnerability Scanning](vulnerability-scanning.md)
- [Exploitation](exploitation.md)
- [Trainings](trainings.md)

Thanks to Malware Unicorn for the logo!

Source: https://malwareunicorn.org/log4shell_logo.png
文件快照

 [4.0K]  /data/pocs/5ecb628bea76d3d14a0fab3193eb0a32a2f5ecb7
├── [ 376]  Advisory.md
├── [ 513]  Exploitation.md
├── [ 244]  Honeypots.md
├── [4.0K]  images
│   ├── [317K]  FG-W-NkXIAQlC6b.jpg
│   ├── [196K]  log4j_attack.png
│   └── [ 10K]  log4shell_logo.png
├── [1.2K]  IOCs-Callback-Domains-IP-Addresses.md
├── [ 168]  Malware-Reports.md
├── [1.8K]  Mitigations-Fixes.md
├── [2.6K]  Payloads-Obfuscation-WAF-Bypass.md
├── [ 835]  README.md
├── [2.8K]  Threat-Intel.md
├── [ 231]  Trainings.md
└── [1.0K]  Vulnerability-Scanning.md

1 directory, 14 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。