CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Description

Some siimple checks to see if JAR file is vulnerable to CVE-2021-44228

Readme

### chk_log4j - Tool to find jar files which are vulnerable to log4j CVE-2021-44228.


#### Install

1. `git clone https://github.com/gcmurphy/chk_log4j`
2. `cd chk_log4j && cargo install --path .`


#### Usage

The tool only checks a single file so it is best combined with something like [fd](https://github.com/sharkdp/fd).

```
$ fd -a -e jar -x chk_log4j
```

File Snapshot


 [4.0K]  /data/pocs/9ae8f9389d26d8828a8d143393c540edf4d05fab
├── [ 11K]  Cargo.lock
├── [ 518]  Cargo.toml
├── [ 365]  README.md
├── [4.0K]  src
│   └── [3.0K]  main.rs
└── [2.7K]  vulnerable.sha256

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!