CVE-2019-17571 PoC — Apache Log4j 代码问题漏洞

Source

https://github.com/Al1ex/CVE-2019-17571

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2019-17571)
Description:Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Description

Environment for CVE_2019_17571

Readme

# CVE_2019_17571
Environment for CVE_2019_17571

File Snapshot


 [4.0K]  /data/pocs/9b957212fddc6acc84a2ff0824573ef4d0508f41
├── [278K]  CVE_2019_17571.jpg
├── [4.0K]  Log4jTest
│   ├── [  81]  Log4jTest.iml
│   ├── [3.0K]  pom.xml
│   ├── [4.0K]  src
│   │   ├── [ 290]  log4j.properties
│   │   ├── [4.0K]  main
│   │   │   └── [4.0K]  java
│   │   │       └── [4.0K]  Log4jTest
│   │   │           ├── [ 185]  App.java
│   │   │           └── [ 443]  CVE_2019_17571.java
│   │   └── [4.0K]  test
│   │       └── [4.0K]  java
│   │           └── [4.0K]  Log4jTest
│   │               └── [ 301]  AppTest.java
│   └── [4.0K]  target
│       ├── [4.0K]  classes
│       │   └── [4.0K]  Log4jTest
│       │       ├── [ 533]  App.class
│       │       └── [ 989]  CVE_2019_17571.class
│       └── [4.0K]  test-classes
│           └── [4.0K]  Log4jTest
│               └── [ 465]  AppTest.class
└── [  48]  README.md

13 directories, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!