关联漏洞
描述
Demonstration of CVE-2021-44228 with a possible strategic fix.
介绍
## Simple Example showing CVE-2021-44228 in action
### Explanation
* To reproduce this issue, I am removing the transitive dependency for logging from SpringBoot.
* Instead, I am bringing in `spring-boot-starter-log4j2`
* `spring-boot-starter-log4j2` brings in `log4j-core` which has the remote code exploit (RCE) vulnerability.
### Running API
* Either run the command `./gradlew clean build bootRun` in a terminal **OR**
* Right click and click `run` in `Log4TestApplication.java`.
### What happens when you pass in the JNDI value?
* Because we are resolving to a non-existent site, we get a `ConnectException`.
* But, imagine the possibilities if this was an actual malicious server!
### Possible fix?
* **IF YOU ARE USING MAVEN** - https://github.com/strawhatasif/log4j-test/tree/maven-variant
* Located in the https://github.com/strawhatasif/log4j-test/tree/strategic-fix.
### References:
* https://www.lunasec.io/docs/blog/log4j-zero-day/
* https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
* https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j
文件快照
[4.0K] /data/pocs/7292ad76f5f27f22bd22f77b65138cde2f521633
├── [ 669] build.gradle
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ ├── [ 58K] gradle-wrapper.jar
│ └── [ 202] gradle-wrapper.properties
├── [7.9K] gradlew
├── [2.6K] gradlew.bat
├── [231K] img.png
├── [1.2K] README.md
├── [ 32] settings.gradle
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] fun
│ └── [4.0K] log4jtest
│ ├── [4.0K] controller
│ │ └── [ 700] SomeController.java
│ └── [ 316] Log4jTestApplication.java
└── [4.0K] resources
└── [ 1] application.properties
10 directories, 11 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。