POC详情: b1a5e369c72405e9ac242da8296ffc0e709ef038

来源
https://github.com/jacobtread/L4J-Vuln-Patch
关联漏洞
标题: Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
描述
This tool patches the CVE-2021-44228 Log4J vulnerability present in all minecraft versions NOTE THIS TOOL MUST BE RE-RUN after downloading or updating versions of minecraft as its not a perminent patch
介绍
# NOTICE
This tool is no longer necessary mojang has released its own patch which should cover everyone who is affected
https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition

# WARNING
THIS EXPLOIT EFFECTS BOTH CLIENTS AND SERVERS

There is currently a exploit going around that affects all versions of Minecraft this exploit
abuses log4j deserialization in order to achieve remote code execution this exploit is not new but has
only just recently come to light because of paper mc and spigot etc patching and announcing this exploit

Only use this tool if the client you use hasnt already been patched as this may make clients like Lunar client
not work 

## Downloads
Currently the only available releases for this patcher are Jar releases but binaries will be available soon

## SERVER OWNERS
Please update your servers to the latest version to help protect against this most major
providers have already patched this vulnerability HOWERVER this is still unpatched on
all minecraft clients 

## CLIENTS
This tool is too help patch clients and protect them against the vuln because they are all vulnerable
all an attack has to do is put a payload in the game chat an all connected clients will be affected

## NOTE
THIS IS NOT A PERMANENT SOLUTION THIS ONLY IS A ONE TIME PATCH ON EACH CLIENT JAR UPDATING YOUR
MC VERSIONS OR INSTALLING NEW ONES WILL NOT BE AFFECTED BY THIS PATCH
AND YOU WILL NEED TO RUN IT AGAIN

## WHAT THIS PATCH DOES
This patch modifies each of the log file configurations in your mc jars replacing 

%msg with %msg{nolookups}

## RELEASES
Releases will be available in the releases tab
文件快照

 [4.0K]  /data/pocs/b1a5e369c72405e9ac242da8296ffc0e709ef038
├── [ 526]  build.gradle.kts
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 58K]  gradle-wrapper.jar
│       └── [ 200]  gradle-wrapper.properties
├── [  27]  gradle.properties
├── [5.6K]  gradlew
├── [2.6K]  gradlew.bat
├── [1.2K]  LICENSE.md
├── [1.6K]  README.md
├── [  34]  settings.gradle.kts
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  kotlin
            └── [3.9K]  main.kt

5 directories, 10 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。