Skip to content

lcosmos/apache-log4j-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src/main/java
src/main/java
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
nginx-1.21.4.zip
nginx-1.21.4.zip
 
 
pom.xml
pom.xml
 
 

Repository files navigation

建议安装JDK 1.8u121以下的版本,如JDK 1.8u121以上版本,请参考:https://www.oracle.com/java/technologies/javase/8u121-relnotes.html

1.编辑 src/mian/java/Exploit.java,写入需要执行的命令;

2.在 src/mian/java目录下执行 javac Exploit.java

3.将2得到的 Exploit.class 放入任意服务器中(能够提供下载地址就行),本POC中用到了nginx

4.修改 src/mian/java/LDAPRefServer.java 中的 EXPLOIT_CLASS_URL 为3中得到的地址

5.安装所需maven依赖

6.运行 LDAPRefServer

7.执行Log4J,即可执行指定代码

修复方案: 1.修改jvm参数 -Dlog4j2.formatMsgNoLookups=true 2.修改配置 在应用classpath下添加log4j2.component.properties配置文件,log4j2.formatMsgNoLookups=true

About

Apache Log4j POC

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy