CVE-2021-44228 PoC — Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Title:Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints (CVE-2021-44228)
Description:Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVE-2021-4428 复现

## CVE-2021-4428 复现
本DEMO是针对**Log4j2** 超高危RCE漏洞`CVE-2021-4428`的复现DEMO，目的是认识该漏洞的危害性并根据您系统的情况做出针对性的防御。
## 警告
本DEMO只是针对技术层面的研究，不涉及恶意远程计算机侵入方面的相关脚本。请勿利用漏洞进行非法侵入他人计算机的违法活动。否则您将可能承担以下侵权责任：

1. 根据《中华人民共和国治安管理处罚法》第二十九条 对违反国家规定，侵入计算机信息系统，造成危害的，处五日以下拘留;情节较重的，处五日以上十日以下拘留。
2. 根据《中华人民共和国刑法》第二百八十五条第一款的规定,犯本罪的,处三年以下有期徒刑或者拘役。单位犯本罪的,对单位判处罚金,并对其直接负责的主管人员和其他直接责任人员,依照上述规定处罚。
> 请勿用于非法用途，否则将承担相应的法律责任。

## 漏洞复现
参见公众号：**码农小胖哥** 相关技术文章。
![](./cve-2021-44228.png)
> 再次重申，请勿用于非法活动。

 [4.0K]  /data/pocs/54d4fc232f767ffe30bac93c204cba0f551b6e86
├── [404K]  cve-2021-44228.png
├── [4.0K]  http-server
│   └── [1.2K]  Log4jRCE.class
├── [1005]  pom.xml
├── [1.1K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [ 405]  Hack.java

4 directories, 5 files