POC详情: 80f58476569d3c8cbd6356ee8d4d0ab12cb99caf

来源
https://github.com/vulnerable-apps/log4shell-honeypot
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability
介绍
# Log4Shell Honeypot

This demo application is vulnerable to the [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228),
also known as Log4Shell. For example, it can be used to validate a detection or remediation script.

## How to launch

Build the application:

    mvn clean package
    
Or, alternatively, download the [pre-built JAR](https://github.com/GroupePSA/log4shell-honeypot/releases/download/1.0.0-SNAPSHOT/log4shell-honeypot-capsule.jar).

Run the application (in the `target` subdirectory if you built it locally):

    java -Dlog4shell.all -jar log4shell-honeypot-capsule.jar

> The application is not vulnerable by default. You need to set the `log4shell.all` system property to enable 
> vulnerabilities (or you can use vulnerability-specific options, see below).

### Vulnerability options

* Set `log4shell.userAgent` system property to log the `User-Agent` HTTP header.
* Set `log4shell.authorization` system property to log the `Authorization` HTTP header.
* Set `log4shell.basicAuth` system property to log the user/password pair decoded from basic authentication.
* Set `log4shell.urlPath` system property to log the URL path.
* Set `log4shell.urlQuery` system property to log the URL query string.
* Set `log4shell.all` system property to log all the above.

An empty property value is enough.

### Security options

To enable basic authentication on the application, active the `basicAuth` configuration profile:

    java -Dseedstack.profiles=basicAuth -Dlog4shell.all -jar target/log4shell-honeypot-capsule.jar

* User is `demo`
* Password is also `demo`

> When basic authentication is enabled, the application cannot be vulnerable to the user/password injection.

## How to use

Do a GET or POST request on any path with a malicious payload located in accordance with the options above:

Example with `User-agent` header:

    curl http://localhost:8080 -A "<malicious-user-agent>"

The app will issue a 302 to `/test` which contains the vulnerability.
文件快照

 [4.0K]  /data/pocs/80f58476569d3c8cbd6356ee8d4d0ab12cb99caf
├── [1.0K]  LICENSE
├── [3.9K]  pom.xml
├── [2.0K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  org
        │       └── [4.0K]  seedstack
        │           └── [4.0K]  samples
        │               └── [4.0K]  log4shell
        │                   ├── [ 526]  RedirectServlet.java
        │                   └── [2.8K]  VulnerableServlet.java
        └── [4.0K]  resources
            ├── [ 510]  application.yaml
            └── [ 398]  log4j2.xml

8 directories, 7 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。