CVE-2021-44228 PoC — Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Title:Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints (CVE-2021-44228)
Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Log4j2组件命令执行RCE / Code By:Jun_sheng

# CVE-2021-44228
# Log4j2组件命令执行RCE

## Code By:Jun_sheng @橘子网络安全实验室

橘子网络安全实验室 https://0range.team/

#### 0x00 风险概述

**本工具仅限授权安全测试使用,禁止未授权非法攻击站点**

在线阅读[《中华人民共和国网络安全法》](http://wglj.pds.gov.cn//upload/files/2020/4/1415254915.docx)

#### 0x01 工具使用

运行中提示

![](img/1.png)

#### 0x02 注意

本工具调用JNDI注入工具进行漏洞攻击

攻击目标地址请输入完整路径！

插入参数请输入你认为有可能存在漏洞的参数！

如果有需要请自己根据需求更改脚本内容！

转载请标明出处！

#### 0x03 Bug问题

Bug请提交Issues，有时间会看的。

 [4.0K]  /data/pocs/1c2e098e4d18ca54ff888623e97951dc9bc64437
├── [5.1K]  CVE-2021-44228_RCE.py
├── [4.0K]  img
│   └── [ 83K]  1.png
├── [ 31M]  JNDIExploit-1.3-SNAPSHOT.jar
└── [ 755]  README.md

1 directory, 4 files