CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source

https://github.com/kali-dass/CVE-2021-44228-log4Shell

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Description

Sample log4j shell exploit

Readme

# CVE-2021-44228-log4Shell exploit

## Exploit Test

- runs ping to google.com ( execute any command )
- prints OS name, version and arch ( collect details about the OS and User )
- opens calculator on remote machine ( can execute any executable )
- download this README.md from github

## Run the ExploitTest

```
java ExploitTest 
```

## Sample log4shell link
https://log4shell.huntress.com/

File Snapshot


 [4.0K]  /data/pocs/94dcb9e563773c46d7da06fade8ad12866dec461
├── [ 396]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            ├── [2.8K]  ExploitTest.class
            ├── [2.9K]  ExploitTest.java
            └── [ 303]  RMIServer.java

3 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!