当前位置:网站首页>How to view Apache log4j 2 remote code execution vulnerability?
How to view Apache log4j 2 remote code execution vulnerability?
2022-07-05 21:50:00 【Blue bridge cloud class】
Apache Log4j2 Is a first-class Java Log framework , A large number of business frameworks use this component .
2021 year 11 month 24 Japan , Alibaba cloud security team to Apache The official report Apache Log4j2 Remote code execution vulnerability , This loophole Trigger condition low , Great harm .
12 month 10 Early morning ,Apache Open source project Log4j Remote Code Execution Vulnerability of Details are made public , because Apache Log4j2 Some functions have recursive parsing function , Attackers can directly construct malicious requests , Trigger Remote Code Execution Vulnerability .
CVE Number :CVE-2021-44228
Affected version :log4j2 2.0-beta9~2.14.1
As soon as this news comes out , It makes it difficult for many safety engineers to sleep , Immediately get up and enter “ Combat Defense status ”. This reminds me of the recent epidemic in Zhejiang , The medical staff rushed in overnight “ Combat status ”.
(PS: There has been a high incidence of the epidemic recently , Friends must wash their hands frequently 、 With mask 、 Don't run around !)
In addition to the safety personnel of various enterprises , Major safety manufacturers also immediately started Verification of vulnerability authenticity , And urgently notify users to upgrade rules to resist the latest vulnerabilities , Avoid serious spread of vulnerability hazards .
How serious is it ? Let me just say one , Feel for yourself :
Enterprise patching may take several hours , Even to It took several days , But hacking , But only need A few minutes Time ! Is patching faster , Or hackers attack faster , I don't need to say more ?
Apache Log4j2 Not a specific Web service , But a third-party logging framework for processing logs ( library ), whatever Java Web It is possible to use this logging framework , Use Log4j2 It's really super much , Too many to count .
I really need to count one or two , It's better to count without using Log4j2 Come faster . As one can imagine , After being attacked , How wide is the coverage .
How about Reproduce this loophole , And fix it ?
We can do a lot based on Java Developed Web service To reproduce this loophole , As long as the service uses log4j2 library ( Versions within the scope of vulnerability ) that will do , such as Apache Solr .
The method of triggering the vulnerability is very simple , Only need to Solr Administrator interface action Parameter sending Payload , Because the interface will call log4j Log , Therefore, the vulnerability execution will be triggered . The interface is as follows :
http://127.0.0.1:8983/solr/admin/cores?action=
Next use DNSlog To construct a verification Payload.
DNS Log For most students of penetration test , Should be familiar with , It is often used to test the loopholes of blind typing and blind injection .
If you don't know , It can be simply understood as : We get a temporary domain name , If the remote server tries to access the domain name , Will be in DNS Leave access records on , At this time, we can get some out of pocket information by querying the record .
Yes, of course , DNS log Just as one of the ways to verify the existence of vulnerabilities , Is not the only solution .
Blue bridge cloud class Slightly rubbed a heat picture , Launched 《 Apache Log4j 2 Detailed explanation of Remote Code Execution Vulnerability 》, use Hands-on experiment To help you reproduce Apache Log4j2 Remote code execution vulnerability .
This course will introduce this vulnerability in detail principle 、 Utilization mode 、 Excavation method and repair method , It also includes hands-on Online experimental environment , Understand the loopholes more deeply .
The key is coming. ! Immediately , Learn for free !
Apache Log4j 2 Remote code execution vulnerability
Now? , Let's talk about the loopholes Mining methods and tools .
Vulnerability mining can be carried out from White box and black box From two angles :
- If you are reviewing whether your application is affected by log4j2 Holes affect , White box testing is the way you should first choose , It can help you do the most comprehensive inspection from the source code level .
- Black box testing has great uncertainty , Because from a black box perspective , Any parameter may trigger log4j2 Loophole . Therefore, the accuracy of black box test , A large part depends on whether the parameters tested are comprehensive .
I recommend two tools , For your reference :
1、 The following tool is recommended for white box testing to scan the source code :
CVE-2021-44228-Scanner
You can download the corresponding version according to the platform :
2、 The following tool is recommended for black box testing :
BurpSuite Pro plug-in unit
open BurpSuite Pro, Switch to Extender -> BApp Store, Search in the search box on the right log4, You can see two plug-ins ( end 2021 year 12 month 22 Japan ):
- log4shell Everywhere: Passive scanning plug-in
- log4Shell Scanner: Active scanning plug-in
Install the above two plug-ins respectively , And then in Active Scan and Passive Scan It will automatically check log4j Loophole , If a loophole is found , The result will be Dashboard Show in .
Okay , Today's Apache Log4j 2 Remote code execution vulnerabilities are shared here . If you want to duplicate this vulnerability , And practice by yourself , You can poke the link below for free ~
Apache Log4j 2 Remote code execution vulnerability
边栏推荐
- Shell script, awk condition judgment and logic comparison &||
- Li Kou ----- the maximum profit of operating Ferris wheel
- Chap2 steps into the palace of R language
- Parker driver maintenance COMPAX controller maintenance cpx0200h
- Scenario interview: ten questions and ten answers about distributed locks
- 场景化面试:关于分布式锁的十问十答
- Dbeaver executes multiple insert into error processing at the same time
- Summary of data analysis steps
- Cold violence -- another perspective of objective function setting
- Alibaba cloud award winning experience: build a highly available system with polardb-x
猜你喜欢
KingbaseES V8R3集群维护案例之---在线添加备库管理节点
Chapter 05_ Storage engine
Interviewer: will concurrent programming practice meet? (detailed explanation of thread control operation)
Teach yourself to train pytorch model to Caffe (III)
华为游戏多媒体调用切换房间方法出现异常Internal system error. Reason:90000017
Matlab | app designer · I used Matlab to make a real-time editor of latex formula
Opérations de lecture et d'écriture pour easyexcel
matlab绘制hsv色轮图
Deeply convinced plan X - network protocol basic DNS
华为云ModelArts文本分类–外卖评论
随机推荐
Summarize the reasons for 2XX, 3xx, 4xx, 5xx status codes
Detailed explanation of memset() function usage
MMAP
uni-app 蓝牙通信
Parker驱动器维修COMPAX控制器维修CPX0200H
场景化面试:关于分布式锁的十问十答
MySQL InnoDB Architecture Principle
Exercise 1 simple training of R language drawing
Uni app Bluetooth communication
Teach yourself to train pytorch model to Caffe (III)
POJ 3237 tree (tree chain splitting)
Huawei game multimedia service calls the method of shielding the voice of the specified player, and the error code 3010 is returned
Pointer parameter passing vs reference parameter passing vs value parameter passing
An exception occurred in Huawei game multimedia calling the room switching method internal system error Reason:90000017
Matlab | app designer · I used Matlab to make a real-time editor of latex formula
Chapter 05_ Storage engine
力扣------经营摩天轮的最大利润
R language learning notes
1.2 download and installation of the help software rstudio
Evolution of zhenai microservice underlying framework from open source component encapsulation to self-development