Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source
https://github.com/bigsizeme/Log4j-check
Associated Vulnerability
Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
Description
log4J burp被扫插件、CVE-2021-44228、支持dnclog.cn和burp内置DNS、可配合JNDIExploit生成payload
Readme
# Log4j-check
支持RC1绕过
log4J burp被扫插件、CVE-2021-44228、支持RC1绕过、支持json数据类型、支持dnslog.cn和burp内置DNS、可配合JNDIExploit生成payload

在@pmiaowu fastjosn插件上做的修改,原作者用dnslog.cn进行出网检查,但在大型攻防演练(HW)过程中由于前期打点,测试的站点较多dnslog.cn会对IP进行封禁操作
导致插件无法正常检测

基础代码为@pmiaow完成 这里就不提供源码了


#release中提供下载

结果界面
![Alt text](https://github.com/bigsizeme/Log4j-check/blob/main/1.png)
reapter右键
![Alt text](https://github.com/bigsizeme/Log4j-check/blob/main/2.png)
File Snapshot

 [4.0K]  /data/pocs/9e4873181f6fbd5c59d91b0d6eb77daceecab732
├── [9.2K]  1.png
├── [117K]  2.png
├── [2.8M]  Log4J-Check-1.0.1-SNAPSHOT-jar-with-dependencies.jar
├── [2.8M]  Log4JScan-1.0.0-SNAPSHOT-jar-with-dependencies.jar
└── [ 672]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.