Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44832 PoC — Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

Source
https://github.com/name/log4j-scanner
Associated Vulnerability
Title:Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration (CVE-2021-44832)
Description:Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
Description
Discover Log4Shell vulnerability [CVE-2021-44832]
Readme
# Log4j Scanner

Discover Log4Shell vulnerability [CVE-2021-44832] in your files and directories.

## Description

This Rust-based Log4j Scanner is designed to help you identify and locate vulnerable files that may contain the Log4Shell vulnerability [CVE-2021-44832]. It scans files and directories to find instances of Logger.class files with "log4j" in their names or JAR files that do not contain "2.17.1" in their names.

## Features

- Scan files and directories for Log4j vulnerabilities.
- Detect Logger.class files with "log4j" in their names.
- Identify JAR files without "2.17.1" in their names.
- Display the path to vulnerable files when found.

## Usage

1. Clone this repository to your local machine.

```bash
git clone https://github.com/yourusername/log4j-scanner.git
cd log4j-scanner
```

2. Build the project using Cargo.

    ```bash
    cargo build --release
    ```

3. Run the Log4j Scanner with the desired path to scan.

    ```bash
    ./target/release/log4j-scanner /path/to/scan
    ```

    Replace /path/to/scan with the directory you want to scan for Log4j vulnerabilities.

## Output

The scanner will display messages indicating the progress and any discovered vulnerable files.

## Contributing

Contributions are welcome! If you find a bug or have suggestions for improvement, please create an issue or submit a pull request.
File Snapshot

 [4.0K]  /data/pocs/e515e38c72c9feec651f6739260badab6391e3a2
├── [ 338]  Cargo.toml
├── [ 34K]  LICENSE
├── [1.3K]  README.md
└── [4.0K]  src
    └── [2.6K]  main.rs

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →